Abstract
E-mail system has become one of the most important and popular Internet services. Instead of using traditional surface mail, we have the alternative of employing e-mail system which provides a reliable and efficient message delivery. However, in the electronic era, privacy, data integrity, and authentication requirements turn out to be especially unavoidable. Secure e-mail system specifications and software developments have been widely discussed in the past decade. Among which OpenPGP is a widespread and well known specification, and PGP becomes a famous implementation. But only limited security analyses on both theoretical and practical aspects about secure e-mail system has been considered previously. In this paper, new chosen ciphertext attacks against the latest version of OpenPGP are proposed with detailed analysis. Furthermore, a new vulnerability due to system version backward compatibility will be pointed out.
This work was supported in part by the National Science Council R.O.C. under contract NSC 93-2213-E-008-039.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Garfinkel, S.: PGP: pretty good privacy. O’Reilly, Sebastopol (1995)
Zimmerman, P.: The official PGP user’s guide. MIT Press, Cambridge (1995)
Atkins, D., Stallings, W., Zimmermann, P.: PGP message exchange formats. RFC 1991 (August 1996)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP message format. RFC 2440 (November 1998)
Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP message format. RFC 2440, draft 09 (October 2003)
National Bureau of Standards, DES modes of operation, NBS FIPS PUB 81, U.S. Department of Commerce (December 1980)
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proc. of the 38th Symposium on Foundations of Computer Science, FOCS 1997, IEEE, Los Alamitos (1997)
Katz, J., Yung, M.: Complete characterization of security notions for probabilistic private-key encryption. In: Proc. of the 32nd Annual ACM Symposium on Theory of Computing, STOC 2000, pp. 245–254. ACM, New York (2000)
Katz, J., Schneier, B.: A chosen ciphertext attack against several e-mail encryption protocols. In: Proc. of the 9th USENIX Security Symposium (2000)
Jallad, K., Katz, J., Schneier, B.: Implementation of chosen-ciphertext attacks against PGP and GnuPG. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 90–101. Springer, Heidelberg (2002)
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)
Manger, J.: A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1 v2.0. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 230–238. Springer, Heidelberg (2001)
Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lin, HC., Yen, SM., Chen, GT. (2004). Adaptive-CCA on OpenPGP Revisited. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive