suit-wg / suit-firmware-encryption

Repo for draft-ietf-suit-firmware-encryption
1 stars 5 forks source link

No mention against some Oracle Attacks #52

Open kentakayama opened 10 months ago

kentakayama commented 10 months ago

The recipient SHOULD carefully reply on decryption failure to prevent some attacks.

Padding Oracle Attacks (+ Encryption Oracle Attacks)

Decryption Oracle Attacks

Resources

kentakayama commented 10 months ago

@hannestschofenig In the last meeting, we've talked a bit about the Decryption Oracle Attacks presented at LAMPS WG in IETF 118. While researching on it, I found another attack, Padding Oracle Attack, on AES-CBC mode and it seems more realistic. I think it is better to add some notes in security considerations in suit-firmware-encryption or suit-report documents. I'm still wondering the Decryption Oracle Attacks is realistic on SUIT Encrypted Payload case.