Open kentakayama opened 10 months ago
@hannestschofenig In the last meeting, we've talked a bit about the Decryption Oracle Attacks presented at LAMPS WG in IETF 118. While researching on it, I found another attack, Padding Oracle Attack, on AES-CBC mode and it seems more realistic. I think it is better to add some notes in security considerations in suit-firmware-encryption or suit-report documents. I'm still wondering the Decryption Oracle Attacks is realistic on SUIT Encrypted Payload case.
The recipient SHOULD carefully reply on decryption failure to prevent some attacks.
Padding Oracle Attacks (+ Encryption Oracle Attacks)
padding incorrect
to the sender in suit-report."Decryption Oracle Attacks
suit-encryption-info
for AEAD algorithmssuit-authentication-wrapper
Resources