Cerias tech Report 2015-01 The Weakness of Winrar encrypted Archives to Compression Side-channel Attacks
Yüklə 274,97 Kb. Pdf görüntüsü
|
6 2. WINRAR WinRAR is capable of supporting all popular compression formats, including .rar and .zip files [17]. The software uses the Advanced Encryption Standard (AES) to encrypt archives. WinRAR 5.0 and higher supports AES-256 while earlier versions use AES 128. Users specify a password to encrypt the archive in question. The AES key is then derived from the given password implementing Password-Based Key Derivation Function 2 (PBKDF2) [18]. The compression and encryption functions in WinRAR are independent of each other. Files are first compressed then encrypted when added to an archive [9]. The user may further specify one of two encryption modes to apply to the archive. First, the user may encrypt only the file data. This allows information such as file names to be viewed in plaintext. The second mode encrypts both file data and header information, including file names, sizes, and other attributes [19]. 2.1 WinRAR v5.0 As of September 2013, WinRAR introduced the new RAR5 archiving format. Sev eral important changes, which will be discussed below, are implemented in the newest version. It is important to note that RAR5 files are not compatible with versions of WinRAR prior to 5.0. During this transition to a new format, the older RAR format is currently the default archive format. Versions 5.0 and above introduce new features to the compression algorithm [18]. The maximum dictionary size has been increased to 1GB. The default size is now 32MB. This gives a higher compression ratio with a sacrifice to speed when compared to the earlier versions. In addition to the general compression algorithms, Intel IA-32 executable and delta compression algorithms are now implemented. Some older algo
7 rithms such as RAR 4.x test, audio, true color and itanium are no longer supported. Theses changes increase the efficiency of the software when handling modern data types.
Changes in the encryption algorithm and related features offers stronger infor mation security. The encryption algorithm now uses 256-bit AES in place of the previous 128-bit AES. To derive the key for AES-256, WinRAR now implements the key derivation function PBKDF2 using HMAC-SHA1. To circumvent the discovery of encrypted information through system memory, the password verification method now allows for the detection of wrong passwords without unpacking the encrypted file. Ad ditionally, the file checksums are now modified with a propriety password-dependent algorithm. According to Rarlabs, it is now “impossible” to guess the contents of a file by comparing it with the typical CRC32 and BLAKE2 values [18]. Users can use a 256-bit length BLAKE2 hash in lieu of the default CRC32 file checksum. Finally, the RAR5 format has improved the recovery of broken archives. The new implementation is now based on Reed-Solomon error correction codes [18]. If the recovery record is at least 5% of the original file size, the correction scheme pro vides much higher resistance. This allows the software to detect larger deletions and insertions to an archive. Further details can be found in [20]. 2.2 WinRAR encryption WinRAR has used AES encryption beginning with the release of version 3.00 [21]. AES was introduced by the National Institute of Standards and Technology (NIST) in 2001 [22]. It is a symmetric block cipher based on the Rijdael cipher developed by Joan Daemen and Vincent Rijmen. AES-128 uses a 128-bit length key and consists of 10 rounds while AES-256 has a key length of 256 bits and goes through 14 rounds. Each AES round consists of four transformations [22]: SubBytes This is a non-linear byte substitution using a substitution table. 8 ShiftRows The final three rows of the state are cyclically left shifted. MixColumns Each column is multiplied modulo x 4 + 1 to mix the bytes. AddRoundKey The final transformation is an XOR of the state with the round key.
The final round omits the MixColumns transformation. The AES algorithm requires a cryptographic key. In a password protected archive, a key can be generated from the password using a key derivation function (KDF). KDFs take as input the password, salt, and the desired length of the master key. These are then used in a pseudorandom function for a fixed number of interations. In WinRAR, the salt is stored as an option field in the file header and the key length depends on the file version. WinRAR uses PBKDF2, which implements HMAC with SHA-1 as the pseudorandom function [23]. 2.3 WinRAR compression WinRAR uses a proprietary compression implementatiom developed by Eugene Roshal [17]. This implementation includes several well-known compression algorithms such as: Lempel-Ziv-Storer-Szymanski (LZSS), PPM with Information Inheritance (PPMII), Intel IA-32 and delta encoding. These methods will be discussed in detail below.
2.3.1 LZSS LZSS is the primary compression method for WinRAR. It is a lossless data com pression algorithm derived from LZ77 [24]. LZSS is a dictionary coding technique that utilizes previously seen text as a dictionary. A string of symbols, S, is replaced by pointers to substrings of S in the dictionary along with the length of the substring. The pointers are original if they point to a substring of the original source. Similarly, Yüklə 274,97 Kb. Dostları ilə paylaş:
|