Oracle Attack
   HOME

TheInfoList



Click Here for Items Related To - Oracle Attack
OR:
Oracle Attack on:   [Wikipedia]   [Google]   [Amazon]

In the field of
security engineering Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system's operational capabilities. It is similar to other systems engineering activities in that ...
, an oracle attack is an attack that exploits the availability of a weakness in a system that can be used as an "
oracle An oracle is a person or thing considered to provide insight, wise counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. If done through occultic means, it is a form of divination. Descript ...
" to give a simple go/no go indication to inform attackers how close they are to their goals. The attacker can then combine the oracle with a systematic search of the problem space to complete their attack. The
padding oracle attack In cryptography, a padding oracle attack is an attack which uses the padding validation of a cryptographic message to decrypt the ciphertext. In cryptography, variable-length plaintext messages often have to be padded (expanded) to be compatible ...
, and compression oracle attacks such as BREACH, are examples of oracle attacks, as was the practice of "crib-dragging" in the
cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic se ...
of the
Enigma machine The Enigma machine is a cipher device developed and used in the early- to mid-20th century to protect commercial, diplomatic, and military communication. It was employed extensively by Nazi Germany during World War II, in all branches of the W ...
. An oracle need not be 100% accurate: even a small statistical correlation with the correct go/no go result can frequently be enough for a systematic automated attack. In a compression oracle attack the use of adaptive
data compression In information theory, data compression, source coding, or bit-rate reduction is the process of encoding information using fewer bits than the original representation. Any particular compression is either lossy or lossless. Lossless compressi ...
on a mixture of
chosen plaintext Chosen or The Chosen may refer to: Books *The Chosen (Potok novel), ''The Chosen'' (Potok novel), a 1967 novel by Chaim Potok * ''The Chosen'', a 1997 novel by L. J. Smith (author), L. J. Smith *The Chosen (Pinto novel), ''The Chosen'' (Pinto nov ...
and unknown plaintext can result in content-sensitive changes in the length of the compressed text that can be detected even though the content of the compressed text itself is then encrypted. This can be used in protocol attacks to detect when the injected known plaintext is even partially similar to the unknown content of a secret part of the message, greatly reducing the complexity of a search for a match for the secret text. The
CRIME In ordinary language, a crime is an unlawful act punishable by a State (polity), state or other authority. The term ''crime'' does not, in modern criminal law, have any simple and universally accepted definition,Farmer, Lindsay: "Crime, definiti ...
and BREACH attacks are examples of protocol attacks using this phenomenon.


See also

*
Side-channel attack In computer security, a side-channel attack is a type of security exploit that leverages information inadvertently leaked by a system—such as timing, power consumption, or electromagnetic or acoustic emissions—to gain unauthorized access to ...


References

{{crypto-stub Security engineering