Overview

The learning objective of this lab is for students to get a hands-on experience on an interesting attack on crypto systems. Some systems, when decrypting a given ciphertext, verify whether the padding is valid or not, and throw an error if the padding is invalid. This seemly-harmless behavior enables a type of attack called padding oracle attack. Many well-known systems were found vulnerable to this attack, including Ruby on Rails, ASP.NET, and OpenSSL.
In this lab, students are given two oracle servers running inside a container. Each oracle has a secret message hidden inside, and it lets you know the ciphertext and the IV. Moreover, for any ciphertext provided by you, it tells you whether the padding is valid or not. Your job is to use the response from the oracle to figure out the content of the secret message.

Tasks (PDF)

• VM version: This lab has been tested on our SEED Ubuntu-20.04 VM
• Lab setup files
  • Labsetup.zip
  • Labsetup-arm.zip (for Apple Silicon machines)
• Manual:: Docker manual

Time (Suggested)

• Supervised (closely-guided lab session): 2 hours
• Unsupervised (take-home project): 1 week

SEED Videos

• Udemy: Cryptography: A Hands-on Approach (§ 2)

SEED Books (English)

• Computer & Internet Security: A Hands-on Approach, 3rd edition (§ 24)
• Computer Security: A Hands-on Approach, 3rd edition (§ 15)
• Internet Security: A Hands-on Approach, 3rd edition (§ 19)

Additional Reading

• Padding Oracle Attack.

Feedback and Help