Two scientists have announced encryption software that secures web servers against the active chosen plaintext attack, discovered in June by Daniel Bleichenbacher of Lucent Bell Labs (NBD 06/29/98). Charles Palmer, manager of network security and cryptography at IBM’s Thomas J. Watson Research Center, explains that: Bleichenbacher’s attack works like twenty questions. An attacker sends a large volume of messages, and depending on which messages are accepted and which are rejected, can deduce the encryption key for a given session. You have to try one million times, says Palmer, but since the entire keyspace is one with forty zeroes after it, the active attack is really quite efficient. Discovered by Victor Shoup of IBM Research and Ronald Cramer of the Swiss Federal Institute of Technology, the new cryptosystem prevents attackers from tricking servers into leaking information this way. It’s mathematically proven that the server won’t give away any information, Palmer says. It can tell if you’re just making up the bits at random. It takes your bits and does a whole lot of ugly math on them to determine whether those bits are actually possible. To mount a successful active chosen plaintext attack against the Cramer-Shoup system using randomly chosen bits, the attacker would have to search half the total keyspace, or 5 with 39 zeroes after its worth of possible combinations. Palmer calls this a number so big you don’t want to think about it. After announcing the findings at the Crypto ’98 conference in Santa Barbara, California, IBM says it will publish the theory and the practical results of the research so that other vendors can secure their servers against Bleichenbacher’s attack. IBM also plans to incorporate the research into its eVault product. Palmer says the cryptosystem was a happy by-product of some independent work Shoup had done. It proved more useful than he had realized, Palmer says, we do a lot of pure research at IBM. We’re always really tickled when some of it escapes into the real world.
