Systematic Analysis of the POODLE Attack on SSL 3.0 with AES-CBC and Evaluation of Countermeasures
DOI:
https://doi.org/10.31449/upinf.266Keywords:
cryptography, cryptographic attack, POODLE, SSLAbstract
In this paper, we examine the POODLE (Padding Oracle On Downgraded Legacy Encryption) cryptographic attack, which exploits a vulnerability in the SSL 3.0 protocol when AES encryption in CBC mode is used together with the MAC-then-encrypt approach. We first present the theoretical background of the attack, including the role of padding, block chaining, and the distinction between different types of decryption errors. We then show how an attacker can gradually recover data by observing server responses without knowing the secret key. In the practical part, we describe an implementation of AES-CBC in the Java programming language, the execution of the POODLE attack, and an analysis of the conditions that enable its success. Particular attention is given to two defense strategies: unifying error responses so that the server does not reveal the type of error, and using the encrypt-then-MAC approach, which prevents the attack before any data is decrypted. The results show that POODLE is a consequence of an inappropriate combination of cryptographic mechanisms and that the security of such systems also depends strongly on the correct implementation of countermeasures.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Applied Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
