Paper Info
Title
Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures
Abstract
In highly security-critical network environments, it is a popular design decision to offload cryptographic tasks like encryption or signature generation to a dedicated trusted module or key server with paramount security features, we in this paper refer to with the general term Cryptographic Key Management Device (CKMD). While this network design yields several benefits, we demonstrate that the use of popular counter mode encryption modes like CTR or GCM can show substantial shortcomings in terms of security when used in conjunction with this network design. In particular, we show how the use of authenticated encryption using GCM enables the possibility of establishing a subliminal channel by exploiting the authentication information within messages. We show how decoding of hidden information can proceed in addition to decryption of overt information without raising authentication failures. With an exemplary but typical infrastructure, we show how the subliminal channel might be exploited and discuss approaches to mitigating the threat by preventing the ability to embed hidden information. In contrast to previous work, we conclude that, when using an infrastructure involving a CKMD and GCM is deployed, the use of random, CKMD-generated Initialization Vectors (IVs) is beneficial to avoid the subliminal channel described in this paper. However, the most potent remedy is deploying a different operational mode like GCM-SIV.
Year
DOI
Venue
2021
10.1145/3465481.3470082
ARES 2021: 16TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY
Keywords
DocType
Citations 
Information leakage, subliminal channels, counter mode encryption, GCM
Conference
0
PageRank 
References 
Authors
0.34
0
7
Name
Order
Citations
PageRank
Alexander Hartl100.68
Joachim Fabini271.21
Christoph Roschger300.68
Peter Eder-Neuhauser400.34
Marco Petrovic500.34
Roman Tobler600.34
Tanja Zseby719936.35