Abstract
We present malleability attacks against encrypted binary executable files when they are encrypted by CBC mode of operation. While the CBC malleability is classic and has been used to attack on various real-world applications, the risk of encrypting binary executable via CBC mode on common OSs has not been widely recognized. We showed that, with a certain non-negligible probability, it is possible to manipulate the CBC-encrypted binary files so that the decryption result allows an arbitrary code execution (ACE), which is one of the most powerful exploits, even without the knowledge of plaintext binary. More specifically, for both 32- and 64-bit Linux and Windows OS, we performed a thorough analysis on the binary executable format to evaluate the practical impact of ACE on CBC encryption, and showed that the attack is possible if the adversary is able to correctly guess 13 to 25 bits of the address to inject code. In principle, our attack affects a wide range of storage/file encryption systems that adopt CBC encryption. In addition, a manual file encryption using OpenSSL API (AES-256-CBC) is affected, which is presumed to be frequently used in practice for file encryption. We provide Proof-of-Concept implementations for Linux and Windows. We have notified our findings to the appropriate institution as an act of responsible disclosure.
R. Fujita—Graduated from University of Hyogo and now belongs to NTT Corporation, Tokyo, Japan.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
References
Encrypt and Decrypt Files With Password Using OpenSSL. https://www.shellhacks.com/encrypt-decrypt-file-password-openssl/
Encrypt files using AES with OPENSSL. https://medium.com/@kekayan/encrypt-files-using-aes-with-openssl-dabb86d5b748
The Metasploit project. http://www.metasploit.com
Packet storm. https://packetstormsecurity.com/
PaX address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt
Shellcodes database. http://shell-storm.org/shellcode/
Ubuntu Wiki - Security/Features. https://wiki.ubuntu.com/Security/Features#pie
Albrecht, M.R., Degabriele, J.P., Hansen, T.B., Paterson, K.G.: A surfeit of SSH cipher suites. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, Vienna, Austria, pp. 1480–1491. ACM Press, 24–28 October 2016 (2016). https://doi.org/10.1145/2976749.2978364
Albrecht, M.R., Paterson, K.G.: Lucky microseconds: a timing attack on Amazon’s s2n implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 622–643. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_24
Albrecht, M.R., Paterson, K.G., Watson, G.J.: Plaintext recovery attacks against SSH. In: 2009 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 17–20 May 2009, pp. 16–26. IEEE Computer Society Press. https://doi.org/10.1109/SP.2009.5
AlFardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 19–22 May 2013, pp. 526–540. IEEE Computer Society Press (2013). https://doi.org/10.1109/SP.2013.42
Andersen, S., Abella, V.: Part 3: Memory Protection Technologies (2004). https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb457155(v=technet.10)
Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 strikes back. In: Bao, F., Miller, S., Zhou, J., Ahn, G.J. (eds.) ASIACCS 2015, 14–17 April 2015, pp. 85–96. ACM Press, Singapore (2015)
Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: USENIX Security 2003, Washington, DC, USA, 4–8 August 2003. USENIX Association (2003)
Bletsch, T.K., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Cheung, B.S.N., Hui, L.C.K., Sandhu, R.S., Wong, D.S. (eds.) ASIACCS 2011, Hong Kong, China, 22–24 March 2011, pp. 30–40. ACM Press (2011)
Böck, H.: Pwncloud - bad crypto in the owncloud encryption module (2016). https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-the-Owncloud-encryption-module.html
Carlini, N., Wagner, D.A.: ROP is still dangerous: breaking modern defenses. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, San Diego, CA, USA, 20–22 August 2014, pp. 385–399. USENIX Association (2014)
Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: attacks and defenses for the vulnerability of the decade (2000). https://doi.org/10.1109/DISCEX.2000.821514, https://cis.upenn.edu/~sga001/classes/cis331f19/resources/buffer-overflows.pdf
Cowan, C.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Rubin, A.D. (ed.) USENIX Security 1998, San Antonio, TX, USA, 26–29 January 1998. USENIX Association (1998)
Degabriele, J.P., Paterson, K.G.: Attacking the IPsec standards in encryption-only configurations. In: 2007 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 20–23 May 2007, pp. 335–349. IEEE Computer Society Press. https://doi.org/10.1109/SP.2007.8
Degabriele, J.P., Paterson, K.G.: On the (in)security of IPsec in MAC-then-encrypt configurations. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 493–504. ACM Press (2010). https://doi.org/10.1145/1866307.1866363
Duong, T., Rizzo, J.: Cryptography in the web: the case of cryptographic design flaws in asp.net. In: 2011 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 22–25 May 2011, pp. 481–489. IEEE Computer Society Press (2011). https://doi.org/10.1109/SP.2011.42
Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices. Standard, National Institute of Standards and Technology (2010)
eugene: Architecture spanning shellcode. http://www.ouah.org/archspan.html
Linux Foundation: Linux Foundation Referenced specifications. https://refspecs.linuxfoundation.org/
Fruhwirth, C.: New Methods in Hard Disk Encryption (2005). http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf
Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. Standard, IEEE Security in Storage Working Group (2008)
ixty: xarch\(\_\)shellcode. https://github.com/ixty/xarch_shellcode
Jager, T., Somorovsky, J.: How to break XML encryption. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS 2011, Chicago, Illinois, USA, 17–21 October 2011, pp. 413–422. ACM Press (2011). https://doi.org/10.1145/2046707.2046756
Kaliski, B.: PKCS 7: Cryptographic Message Syntax Version 1.5. Rfc 2315 (1998)
Klein, T.: A Bug Hunter’s Diary. No Starch Press (2011)
Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_19
Lell, J.: Practical malleability attack against CBC-Encrypted LUKS partitions (2013)
Microsoft: PE Format. https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
Mitchell, C.J.: Error Oracle attacks on CBC mode: is there a future for CBC mode encryption? In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 244–258. Springer, Heidelberg (2005). https://doi.org/10.1007/11556992_18
Müller, J., Ising, F., Mladenov, V., Mainka, C., Schinzel, S., Schwenk, J.: Practical decryption exFiltration: breaking PDF encryption. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, 11–15 November 2019, pp. 15–29. ACM Press (2019). https://doi.org/10.1145/3319535.3354214
Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257–274. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_15
One, A.: Smashing the stack for fun and profit. Phrack Mag. Seven(49) (1996). http://phrack.org/issues/49/14.html
Paterson, K.G., Yau, A.: Padding oracle attacks on the ISO CBC mode encryption standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305–323. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24660-2_24
Paterson, K.G., Yau, A.K.L.: Cryptography in theory and practice: the case of encryption in IPsec. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 12–29. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_2
Poddebniak, D., et al.: Efail: breaking S/MIME and OpenPGP email encryption using exfiltration channels. In: Enck, W., Felt, A.P. (eds.) USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 549–566. USENIX Association (2018)
Rizzo, J., Duong, T.: Practical padding oracle attacks. In: WOOT. USENIX Association (2010)
Rogaway, P.: Evaluation of Some Blockcipher Modes of Operation. CRYPTREC Report (2011). https://www.cryptrec.go.jp/estimation/techrep_id2012_2.pdf
Somorovsky, J.: Systematic fuzzing and testing of TLS libraries. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, Vienna, Austria, 24–28 October 2016, pp. 1492–1504. ACM Press (2016). https://doi.org/10.1145/2976749.2978411
Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–546. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_35
Acknowledgments
The authors would like to thank the anonymous referees of ACNS 2020 for their insightful comments and suggestions. The authors also thank JPCERT Coordination Center for their helpful advice. Takanori Isobe is supported by Grant-in-Aid for Scientific Research (B) (KAKENHI 19H02141) for Japan Society for the Promotion of Science and SECOM science and technology foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Fujita, R., Isobe, T., Minematsu, K. (2020). ACE in Chains: How Risky Is CBC Encryption of Binary Executable Files?. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds) Applied Cryptography and Network Security. ACNS 2020. Lecture Notes in Computer Science(), vol 12146. Springer, Cham. https://doi.org/10.1007/978-3-030-57808-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-57808-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57807-7
Online ISBN: 978-3-030-57808-4
eBook Packages: Computer ScienceComputer Science (R0)