Descrizione
Third laboratory for the Computer Network Security (CNS) course at Tor Vergata during scholar year 2022-2023.
In the laboratory we implemented the classical CBC padding oracle over padding scheme PKCS#7 that was introduced by Serge Vaudenay in his seminal paper “CBC Padding: Security Flaws in SSL, IPSEC, WTLS”. In order to understand how to implement the attack we have used a CTF-like challenge made up of a server TCP written in python.
Timestamps
00:00:00 Introduction to CTFs
00:02:00 Description of the challenge
00:14:30 Review on AES-CBC
00:20:08 PKCS7 Padding
00:21:38 MAC-THEN-ENCRYPT scheme
00:27:40 Cryptographic oracles
00:32:20 Explaining the padding oracle attack
00:52:33 Implementing the attack
Riferimenti / Materiale
https://github.com/LeonardoE95/yt-it/tree/main/src/2022-11-12-università-teaching-2022-2023-cns-03
https://teaching.leonardotamiano.xyz/cns/labs/lab_03_cbc_padding_oracle/