A method to prevent information leakage in a cryptographic protocol is implemented in a network device. The method implements an error message processing strategy to mask information otherwise useful to an attacker and that has been generated (by decryption processes) as a consequence of an attacker's exploit. The technique avoids information leakage associated with a padding oracle attack. In one aspect each error message (irrespective of its content) is replaced with a generic error message so that the attacker does not obtain the specific error message content(s) that might otherwise provide useful information. In addition to masking the error message content, the technique preferably implements a “delay” policy that delays the transmission of particular error messages (or message types) to hide (from the attacker's point-of-view) whether a particular error message is relevant to (or a consequence of) the attacker's exploit.
展开▼
