Open
Description
id: 451
title: 'RVD#451: DDS cryptographic plugin, AES_GCM subject to forgery, key recovery
and timing attacks, and nonce replay attacks'
type: vulnerability
description: For the cryptographic plugin, AES_GCM and AES_GMAC are used for sign
and encrypt functions, which are symmetric key operations. As discussed earlier,processing
symmetric key operations are low latency, especially when cryptographic modes are
combined into an atomic operation. A number of published papers have investigated
the exploits using AES_GCM including forgery, key recovery and timing attacks, and
nonce replay attacks. AES_GCM is mostly discussed in the papers, but GMAC is a mode
of GCM in which no plaintext is supplied and the output is the authenticated field.
First reported at https://journals.sagepub.com/doi/pdf/10.1177/1729881418770011
by DiLuoffo et al.
cwe: CWE-208 (Information Exposure Through Timing Discrepancy)
cve: None
keywords:
- malformed
- 'robot component: DDS'
- 'robot component: FastRTPS'
- 'robot component: ROS2'
- 'vendor: ADLINK'
- 'vendor: RTI'
- 'vendor: eProsima'
- weakness
system: ROS 2
vendor: eProsima, ADLINK, RTI
severity:
rvss-score: None
rvss-vector: N/A
severity-description: ''
cvss-score: 0
cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/451
- https://journals.sagepub.com/doi/pdf/10.1177/1729881418770011
flaw:
phase: unknown
specificity: N/A
architectural-location: N/A
application: N/A
subsystem: N/A
package: N/A
languages: None
date-detected: 2018-06-01 (00:00)
detected-by: Vincenzo DiLuoffo, William R Michalson and Berk Sunar
detected-by-method: N/A
date-reported: 2019-10-07 (00:00)
reported-by: Alias Robotics
reported-by-relationship: security researcher
issue: https://github.com/aliasrobotics/RVD/issues/451
reproducibility: ''
trace: null
reproduction: ''
reproduction-image: ''
exploitation:
description: ''
exploitation-image: ''
exploitation-vector: ''
exploitation-recipe: ''
mitigation:
description: ''
pull-request: ''
date-mitigation: ''