[ISN] Encrypted image backups open to new attack

From: InfoSec News <alerts_at_private>
Date: Mon, 6 Oct 2008 01:20:02 -0500 (CDT)

By John E. Dunn
03 October 2008

Bitmaps stored inside encrypted backup files could be vulnerable to a 
sophisticated 'comparison' attack, a German security researcher has 

In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC 
Ciphers, explains how it is possible to compare an encrypted backup 
image file made with almost any commercial encryption program or 
algorithm to an original that has subsequently changed so that small but 
telling quantities of data 'leaks'.

The problem is that bitmaps often display low levels of entropy, such as 
would be the case in pictures taken at night with large areas of high 
contrast. Roellgen's attack is based on comparing two volumes encrypted 
into scrambled ciphertext using the same symmetric or 'static' key, 
where the original subsequently has new files added. This yields a 
pattern of structured similarities and differences that can be used to 
reveal some of the original information in plaintext form.

The attack doesn't work for other types of data, for instance text 
files, because the entropy levels are too high. But it is believed to 
effect almost any encryption program currently on sale as long as the 
two volumes being compared use the same encryption key whilst being 
slightly different from one another.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Sun Oct 05 2008 - 23:20:02 PDT

This archive was generated by hypermail 2.2.0 : Sun Oct 05 2008 - 23:29:39 PDT