dbo:abstract |
In the field of security engineering, an oracle attack is an attack that exploits the availability of a weakness in a system that can be used as an "oracle" to give a simple go/no go indication to inform attackers how close they are to their goals. The attacker can then combine the oracle with a systematic search of the problem space to complete their attack. The padding oracle attack, and compression oracle attacks such as BREACH, are examples of oracle attacks, as was the practice of "crib-dragging" in the cryptanalysis of the Enigma machine. An oracle need not be 100% accurate: even a small statistical correlation with the correct go/no go result can frequently be enough for a systematic automated attack. In a compression oracle attack the use of adaptive data compression on a mixture of chosen plaintext and unknown plaintext can result in content-sensitive changes in the length of the compressed text that can be detected even though the content of the compressed text itself is then encrypted. This can be used in protocol attacks to detect when the injected known plaintext is even partially similar to the unknown content of a secret part of the message, greatly reducing the complexity of a search for a match for the secret text. The CRIME and BREACH attacks are examples of protocol attacks using this phenomenon. (en) |
dbo:wikiPageID |
40705185 (xsd:integer) |
dbo:wikiPageLength |
1772 (xsd:nonNegativeInteger) |
dbo:wikiPageRevisionID |
1072238850 (xsd:integer) |
dbo:wikiPageWikiLink |
dbr:BREACH_(security_exploit) dbr:Security_engineering dbr:Enigma_machine dbr:Cryptanalysis dbr:Data_compression dbc:Security_engineering dbr:BREACH dbr:Test_oracle dbr:CRIME dbr:Side-channel_attack dbr:Padding_oracle_attack dbr:Chosen_plaintext |
dbp:wikiPageUsesTemplate |
dbt:Reflist dbt:Crypto-stub |
dct:subject |
dbc:Security_engineering |
gold:hypernym |
dbr:Attack |
rdf:type |
dbo:MilitaryConflict |
rdfs:comment |
In the field of security engineering, an oracle attack is an attack that exploits the availability of a weakness in a system that can be used as an "oracle" to give a simple go/no go indication to inform attackers how close they are to their goals. The attacker can then combine the oracle with a systematic search of the problem space to complete their attack. (en) |
rdfs:label |
Oracle attack (en) |
owl:sameAs |
freebase:Oracle attack wikidata:Oracle attack https://global.dbpedia.org/id/fKr2 |
prov:wasDerivedFrom |
wikipedia-en:Oracle_attack?oldid=1072238850&ns=0 |
foaf:isPrimaryTopicOf |
wikipedia-en:Oracle_attack |
is dbo:wikiPageRedirects of |
dbr:Compression_oracle dbr:Compression_oracle_attack |
is dbo:wikiPageWikiLink of |
dbr:Concrete_security dbr:Padding_oracle_attack dbr:Compression_oracle dbr:Compression_oracle_attack |
is foaf:primaryTopic of |
wikipedia-en:Oracle_attack |