This document specifies AES-CTR and AES-CBC for COSE, which are not AEAD ciphers. The use of the ciphers is limited to special use cases, such as firmware encryption, where integrity and authentication is provided by another mechanism.
Since AES has a 128-bit block size, regardless of the mode employed, the ciphertext generated by AES encryption becomes distinguishable from random values after 2
^{64} blocks are encrypted with a single key. Implementations should change the key before reaching this limit.
To avoid cross-protocol concerns, implementations
MUST NOT use the same keying material with more than one mode. For example, the same keying material must not be used with AES-CTR and AES-CBC.
There are fairly generic precomputation attacks against all block cipher modes that allow a meet-in-the-middle attack against the key. These attacks require the creation and searching of huge tables of ciphertext associated with known plaintext and known keys. Assuming that the memory and processor resources are available for a precomputation attack, then the theoretical strength of AES-CTR and AES-CBC is limited to 2
^{(n/2)} bits, where n is the number of bits in the key. The use of long keys is the best countermeasure to precomputation attacks.
When used properly, AES-CTR mode provides strong confidentiality. Unfortunately, it is very easy to misuse this counter mode. If counter block values are ever used for more than one plaintext with the same key, then the same key stream will be used to encrypt both plaintexts, and the confidentiality guarantees are voided.
What happens if the encryptor XORs the same key stream with two different plaintexts? Suppose two plaintext octet sequences P1, P2, P3 and Q1, Q2, Q3 are both encrypted with key stream K1, K2, K3. The two corresponding ciphertexts are:
(P1 XOR K1), (P2 XOR K2), (P3 XOR K3)
(Q1 XOR K1), (Q2 XOR K2), (Q3 XOR K3)
If both of these two ciphertext streams are exposed to an attacker, then a catastrophic failure of confidentiality results, since:
(P1 XOR K1) XOR (Q1 XOR K1) = P1 XOR Q1
(P2 XOR K2) XOR (Q2 XOR K2) = P2 XOR Q2
(P3 XOR K3) XOR (Q3 XOR K3) = P3 XOR Q3
Once the attacker obtains the two plaintexts XORed together, it is relatively straightforward to separate them. Thus, using any stream cipher, including AES-CTR, to encrypt two plaintexts under the same key stream leaks the plaintext.
Data forgery is trivial with AES-CTR mode. The demonstration of this attack is similar to the key stream reuse discussion above. If a known plaintext octet sequence P1, P2, P3 is encrypted with key stream K1, K2, K3, then the attacker can replace the plaintext with one of its own choosing. The ciphertext is:
(P1 XOR K1), (P2 XOR K2), (P3 XOR K3)
The attacker simply XORs a selected sequence Q1, Q2, Q3 with the ciphertext to obtain:
(Q1 XOR (P1 XOR K1)), (Q2 XOR (P2 XOR K2)), (Q3 XOR (P3 XOR K3))
Which is the same as:
((Q1 XOR P1) XOR K1), ((Q2 XOR P2) XOR K2), ((Q3 XOR P3) XOR K3)
Decryption of the attacker-generated ciphertext will yield exactly what the attacker intended:
(Q1 XOR P1), (Q2 XOR P2), (Q3 XOR P3)
AES-CBC does not provide integrity protection. Thus, an attacker can introduce undetectable errors if AES-CBC is used without a companion authentication mechanism.
If an attacker is able to strip the authentication and integrity mechanism, then the attacker can replace it with one of their own creation, even without knowing the plaintext. The usual defense against such an attack is an Authenticated Encryption with Associated Data (AEAD) algorithm [
RFC 5116]. Of course, neither AES-CTR nor AES-CBC is an AEAD. Thus, an implementation should provide integrity protection for the 'kid' field to prevent undetected stripping of the authentication and integrity mechanism; this prevents an attacker from altering the 'kid' to trick the recipient into using a different key.
With AES-CBC mode, implementers should perform integrity checks prior to decryption to avoid padding oracle vulnerabilities [
Vaudenay].
With the assignment of COSE algorithm identifiers for AES-CTR and AES-CBC in the COSE Algorithms Registry, an attacker can replace the COSE algorithm identifiers with one of these identifiers. Then, the attacker might be able to manipulate the ciphertext to learn some of the plaintext or extract the keying material used for authentication and integrity.
Since AES-CCM [
RFC 3610] and AES-GCM [
GCMMODE] use AES-CTR for encryption, an attacker can switch the algorithm identifier to AES-CTR and then strip the authentication tag to bypass the authentication and integrity, allowing the attacker to manipulate the ciphertext.
An attacker can switch the algorithm identifier from AES-GCM to AES-CBC, guessing 16 bytes of plaintext at a time, and see if the recipient accepts the padding. Padding oracle vulnerabilities are discussed further in [
Vaudenay].