Updated XML Encryption 1.1 with new security considerations section

I have updated the XML Encryption 1.1 editors draft with a new security considerations section on timing attacks, based on Hal's proposed text, with a slight change of wording in the last paragraph to "treat as suspect inputs when":

[[

6.7 Timing Attacks

It has been known for some time that it is feasible for an attacker to recover keys or cleartext by repeatedly sending chosen ciphertext and measuring the time required to process different requests with different types of errors. It has been demonstrated that attacks of this type are practical even when communicating over large and busy networks, especially if the receiver is willing to process large blocks of ciphertext.

Implementers should ensure that distinct errors detected during security algorithm processing do not consume systematically different amounts of processing time from each other. Implementers should consult the technical literature for more details on specific attacks and recommended countermeasures.

Deployments should treat as suspect inputs when a large number of security algorithm processing errors are detected within a short period of time, especially in messages from the same origin.

]]

Please send any correction or suggestion to the public list

regards, Frederick

Frederick Hirsch
Nokia

Received on Friday, 19 August 2011 19:38:39 UTC