| 摘要: | 近年來網際網路的普及以及使用人數的快速成長,越來越多的應用與服務建構於網際網路上 (如:網路報 People throughout the world could communicate instantly and transfer information with others on the Internet via variety applications (e.g., e-mail, e-commerce, online banking, etc.). Due to the very openness of the Internet, more and more security issues were required to protect personal privacy and commercial confidentiality. A reliable, trusted cryptography is expected to protect private information according to the increasing number of Internet services that applies cryptography. The extensions usually cause security leaks. The Chosen Ciphertext Attacks (CCA) is aimed at this kind of leaks. If an adversary can intercept an encrypted message and modify it, the adversary then resend modified message to the same service and analyze the service response. Therefore, the adversary can restore the original message. It is hard for Internet service to discover CCA, since the Internet service does not have enough information to distinguish between the general error messages, which are created by normal users, and sample messages, which are created by adversaries. In fact, would rather fill up leak of standard then proven the standard is secure against CCA in designed stage. Bellare and Rogaway introduce a proof named random oracle model and it can be used to prove that encryption scheme, signature scheme and protocol are secure against CCA. A new RSA padding scheme have by introduced as BLRP, will be proposed to improve the cryptographic methods of RSA PKCS #1 v1.5 and RSA PKCS #1 v2.1. Not only the efficiency is better than RSA PKCS #1 v2.1, the security is also better than RSA PKCS #1 v1.5. In addition, BLRP is proven in random oracle model and is secure against CCA. Besides, A new CCA attack is proposed to attack the most popular internet S/MIME standard, S/MIME (Secure/Multipurpose Internet Mail Extensions) which provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption). The new propose CCA attack can decrypt E-mail of S/MIME encrypted format without private-key and just ask oracle ones. We also propose the countermeasures in addition. |
