ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Attacking and repairing the winZip encryption scheme
Full text PdfPdf (172 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 11th ACM conference on Computer and communications security table of contents
Washington DC, USA
SESSION: Applied cryptography table of contents
Pages: 72 - 81  
Year of Publication: 2004
ISBN:1-58113-961-6
Author
Tadayoshi Kohno  University of California at San Diego
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 22,   Downloads (12 Months): 106,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1030083.1030095
What is a DOI?

ABSTRACT

WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having "easy-to-use AES encryption to protect your sensitive data." We exhibit several attacks against WinZip's new encryption method, dubbed "AE-2" or "Advanced Encryption, version two." We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encrypt-then-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc. decided to fix a different security problem with its previous encryption method AE-1, our attacks further underscore the subtlety of designing cryptographically secure software.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Mihir Bellare , Chanathip Namprempre, Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.531-545, December 03-07, 2000
 
2
Mihir Bellare , Phillip Rogaway, Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.317-330, December 03-07, 2000
 
3
D. Benedetto, E. Caglioti, and V. Loreto. Language trees and Zipping. Physical Review Letters, 88(4), Jan. 2002.
 
4
Eli Biham, How to decrypt or even substitute DES-Encrypted messages in 228 steps, Information Processing Letters, v.84 n.3, p.117-124, 15 November 2022  [doi>10.1016/S0020-0190(02)00269-7 ]
 
5
E. Biham and P. Kocher. A known plaintext attack on the PKZIP stream cipher. In B. Preneel, editor, Fast Software Encryption ' 94, volume 1008 of Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 1994.
 
6
Ran Canetti , Hugo Krawczyk, Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.453-474, May 06-10, 2001
 
7
Joan Daemen , Vincent Rijmen, The Design of Rijndael, Springer-Verlag New York, Inc., Secaucus, NJ, 2002
 
8
P. Deutsch. DEFLATE compressed data format specication version 1.3. IETF RFC 1951, May 1996.
 
9
Info-ZIP. Info-ZIP note, 20011203, Dec. 2001. Available at ftp://ftp.info-zip.org/pub/infozip/doc/appnote-011203-iz.zip.
 
10
Kahil Jallad , Jonathan Katz , Bruce Schneier, Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG, Proceedings of the 5th International Conference on Information Security, p.90-101, September 30-October 02, 2002
 
11
D. W. Jones. The Case of the Diebold FTP Site, July 2003. Available at http://www.cs.uiowa.edu/ jones/voting/dieboldftp.html.
 
12
B. Kaliski. PKCS #5: Password-based cryptography specication version 2.0. IETF RFC 2898, Sept. 2000.
 
13
J. Katz and B. Schneier. A chosen ciphertext attack against several e-mail encryption protocols. In Ninth USENIX Security Symposium, 2000.
 
14
Jonathan Katz , Moti Yung, Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation, Proceedings of the 7th International Workshop on Fast Software Encryption, p.284-299, April 10-12, 2000
 
15
John Kelsey, Compression and Information Leakage of Plaintext, Revised Papers from the 9th International Workshop on Fast Software Encryption, p.263-276, February 04-06, 2002
 
16
T. Kohno. Attacking and repairing the WinZip encryption scheme. Cryptology ePrint Archive Report 2004/078, http://eprint.iacr.org/2004/078/, 2004. Full version of this paper.
 
17
Hugo Krawczyk, The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?), Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.310-331, August 19-23, 2001
 
18
Ilya Mironov, (Not So) Random Shuffles of RC4, Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, p.304-319, August 18-22, 2002
 
19
PKWARE. APPNOTE.TXT - .ZIP File Format Specication, Apr. 2004. Version 6.2.0, available at http://www.pkware.com/products/enterprise/white_papers/appnote.txt.
 
20
PKWARE. APPNOTE.TXT-.ZIP File Format Specication, Jan. 2004. Version 6.1.0, replaced by {19}.
21
Phillip Rogaway, Authenticated-encryption with associated-data, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586125]
 
22
Michael Stay, ZIP Attacks with Reduced Known Plaintext, Revised Papers from the 8th International Workshop on Fast Software Encryption, p.125-134, April 02-04, 2001
 
23
D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proceedings of the Second USENIX Workshop on Electronic Commerce, 1996.
 
24
WinZip Computing, Inc. AES encryption information: Encryption specication AE-2, Jan. 2004. Version 1.02, available at http://www.winzip.com/aes_info.htm.
 
25
WinZip Computing, Inc. Download WinZip add-ons, Apr. 2004. Available at http://www.winzip.com/daddons.htm.
 
26
WinZip Computing, Inc. Homepage, Mar. 2004. Available at http://www.winzip.com/.
 
27
WinZip Computing, Inc. What's new in WinZip 9.0, Mar. 2004. Available at http://www.winzip.com/whatsnew90.htm.

CITED BY
Joshua Mason , Kathryn Watkins , Jason Eisner , Adam Stubblefield, A natural language approach to automated cryptanalysis of two-time pads, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA

INDEX TERMS

Primary Classification:
  E. Data
  E.3 DATA ENCRYPTION

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

  H. Information Systems
  H.3 INFORMATION STORAGE AND RETRIEVAL


Keywords:
WinZip, Zip, applied cryptography, attacks, compression, encryption, security fixes


REVIEW

"Bayard Kohlhepp : Reviewer"

Security failures have been front-page information technology (IT) news for more than a year. Spectacular customer information losses have (hopefully) caused every IT department to encrypt its backup data. Many companies, especially smaller ones,   more...

Collaborative Colleagues:
Tadayoshi Kohno: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player