[Ideas] RFC-8452 enhancement with adding "custom-padding" trick and more..
Shahin Noursalehi <mixoftix@gmail.com> Fri, 25 August 2023 09:23 UTC
Return-Path: <mixoftix@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ED07C14CE45 for <ideas@ietfa.amsl.com>; Fri, 25 Aug 2023 02:23:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.134
X-Spam-Level:
X-Spam-Status: No, score=-5.134 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cb9pglonYc26 for <ideas@ietfa.amsl.com>; Fri, 25 Aug 2023 02:23:11 -0700 (PDT)
Received: from mail-oo1-xc2a.google.com (mail-oo1-xc2a.google.com [IPv6:2607:f8b0:4864:20::c2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BA3CC151063 for <ideas@ietf.org>; Fri, 25 Aug 2023 02:23:11 -0700 (PDT)
Received: by mail-oo1-xc2a.google.com with SMTP id 006d021491bc7-5733710eecaso450542eaf.1 for <ideas@ietf.org>; Fri, 25 Aug 2023 02:23:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692955390; x=1693560190; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Sxbi9nsFF0JGR4R15GBdaQNqr664Bm4qAPPsqkwIbvw=; b=jz7pN3C9eaQW0Lh/ekYhgEceYZ6mlSZaTsv/bQ6k+bKS0k7m8HZJZh4deNCfR8+qQ8 FbQmvHBAmBTWImg3HvmdSd1Y4p7lbpoSj0hfpgEkrDaN4/qnEHXOaE2/F8btqeFYdKjN 0WEppgpz0+zFH8DHYY9C7oQ909LnWkKRkFtgSjNc1zO65vhM+7EZOkYa8vEhpfT1be8Q Qlm322TASDKBfds4N6Bff56ko0Srlkq0zO7OBdpg4FLBEixGUaU8Goy4PMnYuiv8izIl etCeKWE67OWy0PzQOkbZNuT2rjpJlFiPA1oloHgWi+lWPH/Pps6XLHhIng3+jSyrnh3M KGHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692955390; x=1693560190; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Sxbi9nsFF0JGR4R15GBdaQNqr664Bm4qAPPsqkwIbvw=; b=D5Hy+I/L80Xs5P6uJask9V04PVR5Rf74I/4G9aHkLotZZDS/uMq4NIa0Q8CLEevLPy y+DqEq/fCqU8ew0SWXRAjM1CeLi0/znTcn8Om/LrJF+T8m3TRBD90g+XD05wieQawG/t 2Lfqi6Lurzf+DQJr1hSipUPmtCCzrnJqty82G23pH7JqUHyDpKxFYK0C7ocraWwGLRLh SHUxwI4kNHiyOh9VG+Ms6eoFCDezTEirwY7Rr42VdBC/VzkNLH1nnh2wu4gm0XuTW7n/ l6fJjsvU6DEsh9E9Ye89l3elUaiRa7K9M8skbvHPRny62DgDhdBTFlg8oqX/jfcWcQ6O LEZg==
X-Gm-Message-State: AOJu0YxJ3NZiXakUn2FMRJTsxVsMTTWdqFqT21UoWTs6d4kxQdn6J9L6 qW5c525ZgvWUTECQwy6Je7/T3Ws/k8yJU2NFetkdAfHr3RA=
X-Google-Smtp-Source: AGHT+IEeyDpE+UYV2DYCJ5DYtlDf7Wqpc4KBbcqT7kJvAXbq/mszILGusPlf5jkBINTYlW6juGGrUNCu7uAGP3iZ2UM=
X-Received: by 2002:a05:6808:1a84:b0:3a7:53a8:aed2 with SMTP id bm4-20020a0568081a8400b003a753a8aed2mr2193597oib.7.1692955389974; Fri, 25 Aug 2023 02:23:09 -0700 (PDT)
MIME-Version: 1.0
From: Shahin Noursalehi <mixoftix@gmail.com>
Date: Fri, 25 Aug 2023 12:52:58 +0330
Message-ID: <CADrAmL5YbUJPOiQxOaWwwLbJGHYXg-C63ft-CCoNUu+Kucymmg@mail.gmail.com>
To: ideas@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a3dd1a0603bbe4a7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/VEzD4RXKlCFIUftYIrrEdMFgoW0>
Subject: [Ideas] RFC-8452 enhancement with adding "custom-padding" trick and more..
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Aug 2023 09:23:11 -0000
dear madam / sir
during a private research around RFC-8452 (section 9. security
considerations) in response to any "downgrade attacks" with poor legacy
cryptographic algorithms and also poor key management with modern
algorithms that could end at some sort of "padding oracle attacks", just
added two "custom-padding" phrases, separating with "|" (vertical bar ) to
the left and right sides of any plaintext, before getting processed by ANY
encryption phase. the sample code bellow in C# explains how simple could
this implementation be (in applied implementation we will replace the
mentioned RNG function bellow with robust editions):
// BGN: add custom-padding to the plain_text
public static string custom_padding(string plain_text)
{
Random rnd = new Random();
int custom_padding_size_left = rnd.Next(10, 100);
int custom_padding_size_right = rnd.Next(10, 100);
string custom_padding_left = rnd_simple(custom_padding_size_left);
string custom_padding_right = rnd_simple(custom_padding_size_right);
string plain_text_with_custom_padding = custom_padding_left + "|" +
plain_text + "|" + custom_padding_right;
}
// END: add custom-padding to the plain_text
// BGN: generate random string for custom-padding
public static string rnd_simple(int size)
{
var chars =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
var stringChars = new char[size];
var random = new Random();
for (int i = 0; i < stringChars.Length; i++)
{
stringChars[i] = chars[random.Next(chars.Length)];
}
var finalString = new String(stringChars);
return finalString;
}
// END: generate random string for custom-padding
after the decryption phase, the added "custom-padding" phrases could get
clear by addressing those vertical bars (|). so, because of the benefits I
could see in this approach with many cryptographic algorithms (including
RFC-8452), just decided to send this idea to the respected members of IETF
for more evaluation and suggestions.
any feedback welcome,
--shahiN Noursalehi
- [Ideas] RFC-8452 enhancement with adding "custom-… Shahin Noursalehi