Skip to main content
SpringerLink
Log in
Book cover

International Conference on Applied Cryptography and Network Security

ACNS 2020: Applied Cryptography and Network Security pp 187–207Cite as

ACE in Chains: How Risky Is CBC Encryption of Binary Executable Files?

  • Conference paper
  • First Online:

  • 848 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12146))

Abstract

We present malleability attacks against encrypted binary executable files when they are encrypted by CBC mode of operation. While the CBC malleability is classic and has been used to attack on various real-world applications, the risk of encrypting binary executable via CBC mode on common OSs has not been widely recognized. We showed that, with a certain non-negligible probability, it is possible to manipulate the CBC-encrypted binary files so that the decryption result allows an arbitrary code execution (ACE), which is one of the most powerful exploits, even without the knowledge of plaintext binary. More specifically, for both 32- and 64-bit Linux and Windows OS, we performed a thorough analysis on the binary executable format to evaluate the practical impact of ACE on CBC encryption, and showed that the attack is possible if the adversary is able to correctly guess 13 to 25 bits of the address to inject code. In principle, our attack affects a wide range of storage/file encryption systems that adopt CBC encryption. In addition, a manual file encryption using OpenSSL API (AES-256-CBC) is affected, which is presumed to be frequently used in practice for file encryption. We provide Proof-of-Concept implementations for Linux and Windows. We have notified our findings to the appropriate institution as an act of responsible disclosure.

R. Fujita—Graduated from University of Hyogo and now belongs to NTT Corporation, Tokyo, Japan.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://www.jpcert.or.jp/english/.

  2. 2.

    https://www.openssl.org/.

  3. 3.

    https://wiki.openssl.org/index.php/Enc.

  4. 4.

    https://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files.

  5. 5.

    https://gist.github.com/dreikanter/c7e85598664901afae03fedff308736b.

  6. 6.

    http://type74.org/ed.php.

  7. 7.

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview.

  8. 8.

    https://www.checkpoint.com/.

  9. 9.

    https://www.jetico.com/.

References

  1. https://github.com/frintaro/ACE-in-Chains/tree/master/PoC

  2. Encrypt and Decrypt Files With Password Using OpenSSL. https://www.shellhacks.com/encrypt-decrypt-file-password-openssl/

  3. Encrypt files using AES with OPENSSL. https://medium.com/@kekayan/encrypt-files-using-aes-with-openssl-dabb86d5b748

  4. The Metasploit project. http://www.metasploit.com

  5. Packet storm. https://packetstormsecurity.com/

  6. PaX address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt

  7. Shellcodes database. http://shell-storm.org/shellcode/

  8. Ubuntu Wiki - Security/Features. https://wiki.ubuntu.com/Security/Features#pie

  9. Albrecht, M.R., Degabriele, J.P., Hansen, T.B., Paterson, K.G.: A surfeit of SSH cipher suites. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, Vienna, Austria, pp. 1480–1491. ACM Press, 24–28 October 2016 (2016). https://doi.org/10.1145/2976749.2978364

  10. Albrecht, M.R., Paterson, K.G.: Lucky microseconds: a timing attack on Amazon’s s2n implementation of TLS. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 622–643. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_24

    Chapter  Google Scholar 

  11. Albrecht, M.R., Paterson, K.G., Watson, G.J.: Plaintext recovery attacks against SSH. In: 2009 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 17–20 May 2009, pp. 16–26. IEEE Computer Society Press. https://doi.org/10.1109/SP.2009.5

  12. AlFardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 19–22 May 2013, pp. 526–540. IEEE Computer Society Press (2013). https://doi.org/10.1109/SP.2013.42

  13. Andersen, S., Abella, V.: Part 3: Memory Protection Technologies (2004). https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb457155(v=technet.10)

  14. Apecechea, G.I., Inci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 strikes back. In: Bao, F., Miller, S., Zhou, J., Ahn, G.J. (eds.) ASIACCS 2015, 14–17 April 2015, pp. 85–96. ACM Press, Singapore (2015)

    Google Scholar 

  15. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: USENIX Security 2003, Washington, DC, USA, 4–8 August 2003. USENIX Association (2003)

    Google Scholar 

  16. Bletsch, T.K., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Cheung, B.S.N., Hui, L.C.K., Sandhu, R.S., Wong, D.S. (eds.) ASIACCS 2011, Hong Kong, China, 22–24 March 2011, pp. 30–40. ACM Press (2011)

    Google Scholar 

  17. Böck, H.: Pwncloud - bad crypto in the owncloud encryption module (2016). https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-the-Owncloud-encryption-module.html

  18. Carlini, N., Wagner, D.A.: ROP is still dangerous: breaking modern defenses. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, San Diego, CA, USA, 20–22 August 2014, pp. 385–399. USENIX Association (2014)

    Google Scholar 

  19. Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: attacks and defenses for the vulnerability of the decade (2000). https://doi.org/10.1109/DISCEX.2000.821514, https://cis.upenn.edu/~sga001/classes/cis331f19/resources/buffer-overflows.pdf

  20. Cowan, C.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Rubin, A.D. (ed.) USENIX Security 1998, San Antonio, TX, USA, 26–29 January 1998. USENIX Association (1998)

    Google Scholar 

  21. Degabriele, J.P., Paterson, K.G.: Attacking the IPsec standards in encryption-only configurations. In: 2007 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 20–23 May 2007, pp. 335–349. IEEE Computer Society Press. https://doi.org/10.1109/SP.2007.8

  22. Degabriele, J.P., Paterson, K.G.: On the (in)security of IPsec in MAC-then-encrypt configurations. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 493–504. ACM Press (2010). https://doi.org/10.1145/1866307.1866363

  23. Duong, T., Rizzo, J.: Cryptography in the web: the case of cryptographic design flaws in asp.net. In: 2011 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 22–25 May 2011, pp. 481–489. IEEE Computer Society Press (2011). https://doi.org/10.1109/SP.2011.42

  24. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices. Standard, National Institute of Standards and Technology (2010)

    Google Scholar 

  25. eugene: Architecture spanning shellcode. http://www.ouah.org/archspan.html

  26. Linux Foundation: Linux Foundation Referenced specifications. https://refspecs.linuxfoundation.org/

  27. Fruhwirth, C.: New Methods in Hard Disk Encryption (2005). http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf

  28. Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices. Standard, IEEE Security in Storage Working Group (2008)

    Google Scholar 

  29. ixty: xarch\(\_\)shellcode. https://github.com/ixty/xarch_shellcode

  30. Jager, T., Somorovsky, J.: How to break XML encryption. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS 2011, Chicago, Illinois, USA, 17–21 October 2011, pp. 413–422. ACM Press (2011). https://doi.org/10.1145/2046707.2046756

  31. Kaliski, B.: PKCS 7: Cryptographic Message Syntax Version 1.5. Rfc 2315 (1998)

    Google Scholar 

  32. Klein, T.: A Bug Hunter’s Diary. No Starch Press (2011)

    Google Scholar 

  33. Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_19

  34. Lell, J.: Practical malleability attack against CBC-Encrypted LUKS partitions (2013)

    Google Scholar 

  35. Microsoft: PE Format. https://docs.microsoft.com/en-us/windows/win32/debug/pe-format

  36. Mitchell, C.J.: Error Oracle attacks on CBC mode: is there a future for CBC mode encryption? In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 244–258. Springer, Heidelberg (2005). https://doi.org/10.1007/11556992_18

    Chapter  Google Scholar 

  37. Müller, J., Ising, F., Mladenov, V., Mainka, C., Schinzel, S., Schwenk, J.: Practical decryption exFiltration: breaking PDF encryption. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, 11–15 November 2019, pp. 15–29. ACM Press (2019). https://doi.org/10.1145/3319535.3354214

  38. Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257–274. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_15

  39. One, A.: Smashing the stack for fun and profit. Phrack Mag. Seven(49) (1996). http://phrack.org/issues/49/14.html

  40. Paterson, K.G., Yau, A.: Padding oracle attacks on the ISO CBC mode encryption standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305–323. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24660-2_24

  41. Paterson, K.G., Yau, A.K.L.: Cryptography in theory and practice: the case of encryption in IPsec. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 12–29. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_2

  42. Poddebniak, D., et al.: Efail: breaking S/MIME and OpenPGP email encryption using exfiltration channels. In: Enck, W., Felt, A.P. (eds.) USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 549–566. USENIX Association (2018)

    Google Scholar 

  43. Rizzo, J., Duong, T.: Practical padding oracle attacks. In: WOOT. USENIX Association (2010)

    Google Scholar 

  44. Rogaway, P.: Evaluation of Some Blockcipher Modes of Operation. CRYPTREC Report (2011). https://www.cryptrec.go.jp/estimation/techrep_id2012_2.pdf

  45. Somorovsky, J.: Systematic fuzzing and testing of TLS libraries. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, Vienna, Austria, 24–28 October 2016, pp. 1492–1504. ACM Press (2016). https://doi.org/10.1145/2976749.2978411

  46. Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–546. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_35

Download references

Acknowledgments

The authors would like to thank the anonymous referees of ACNS 2020 for their insightful comments and suggestions. The authors also thank JPCERT Coordination Center for their helpful advice. Takanori Isobe is supported by Grant-in-Aid for Scientific Research (B) (KAKENHI 19H02141) for Japan Society for the Promotion of Science and SECOM science and technology foundation.

Author information

Authors and Affiliations

  1. University of Hyogo, Hyogo, Japan

    Rintaro Fujita & Takanori Isobe

  2. NEC, Kawasaki, Japan

    Kazuhiko Minematsu

  3. National Institute of Information and Communications Technology, Koganei, Japan

    Takanori Isobe

Authors
  1. Rintaro Fujita
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Takanori Isobe
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kazuhiko Minematsu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rintaro Fujita .

Editor information

Editors and Affiliations

  1. Department of Mathematics, University of Padua, Padua, Italy

    Mauro Conti

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  3. Dipt di Informatica Sistemi e Produ, Università di Roma “Tor Vergata”, Rome, Roma, Italy

    Emiliano Casalicchio

  4. Sapienza University of Rome, Rome, Italy

    Angelo Spognardi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fujita, R., Isobe, T., Minematsu, K. (2020). ACE in Chains: How Risky Is CBC Encryption of Binary Executable Files?. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds) Applied Cryptography and Network Security. ACNS 2020. Lecture Notes in Computer Science(), vol 12146. Springer, Cham. https://doi.org/10.1007/978-3-030-57808-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-57808-4_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-57807-7

  • Online ISBN: 978-3-030-57808-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation