Talks and Poster Presentations (with Proceedings-Entry):

A. Hartl, J. Fabini, Ch Roschger, P. Eder-Neuhauser, M. Petrovic, R. Tobler, T. Zseby:
"Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures";
Talk: The 16th International Conference on Availability, Reliability and Security (ARES 2021), Wien; 08-17-2021 - 08-20-2021; in: "ARES 2021: The 16th International Conference on Availability, Reliability and Security", Association for Computing Machinery, New York, NY, USA (2021), ISBN: 978-1-4503-9051-4; Paper ID 301, 11 pages.

English abstract:
In highly security-critical network environments, it is a popular design decision to offload cryptographic tasks like encryption or signature generation to a dedicated trusted module or key server with paramount security features, we in this paper refer to with the general term Cryptographic Key Management Device (CKMD). While this network design yields several benefits, we demonstrate that the use of popular counter mode encryption modes like CTR or GCM can show substantial shortcomings in terms of security when used in conjunction with this network design. In particular, we show how the use of authenticated encryption using GCM enables the possibility of establishing a subliminal channel by exploiting the authentication information within messages. We show how decoding of hidden information can proceed in addition to decryption of overt information without raising authentication failures.
With an exemplary but typical infrastructure, we show how the subliminal channel might be exploited and discuss approaches to mitigating the threat by preventing the ability to embed hidden information. In contrast to previous work, we conclude that, when using an infrastructure involving a CKMD and GCM is deployed, the use of random, CKMD-generated Initialization Vectors (IVs) is beneficial to avoid the subliminal channel described in this paper. However, the most potent remedy is deploying a different operational mode like GCM-SIV.

Information leakage, subliminal channels, counter mode encryption, GCM

"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)

Electronic version of the publication:

Created from the Publication Database of the Vienna University of Technology.