This blog post is about AES ECB Byte At A Time attack. If you don’t have any prior knowledge regarding AES ECB please do refer to it, so that the attack will be understood clearly.
Some Important Points Regarding AES
- AES is a block cipher, each block of size 16bytes long
- If the length of message is not a multiple of 16, padding bytes are added to make it a multiple of 16. When it is multiple of 16 an extra 16bytes of padding are added.
Note: In ECB, encryption of first block is independent of the next block.
Generally, AES ECB ciphertext is of the format
ciphertext = AES(input, key)
We can use this attack when an unknown secret is appended to the input and therefore, we can determine the secret by manipulating our input.
Now our ciphertext is of the format
ciphertext = AES(input+secret, key)
Attack!!
How do we get to know the secret without knowing the key??
As already mentioned we got to manipulate our input. So, take the input as 15 * ‘a’ s. Now, send the input to the server and it returns the corresponding ciphertext. So, first block of our ciphertext is the encryption of 15bytes of input + 1byte of the secret and the next block contains encryption of rest of the secret and its padding. Now we again take our input append characters from ASCII value (0,255) one by one and send it to the server. We compare the first block of ciphertext obtained with the initial ciphertext block one. At a particular character, it matches with our ciphertext and that gives our first byte of secret 😀 .
Now we reduce our input to 14 * ‘a’ s. Add the obtained first byte of our secret to it and repeat the same again.
We do the same until we get our entire secret.
So, from this attack it is clear that we can find the appended secret even without the knowledge of the key using ECB byte at a time attack!
Thank You!! 🙂
