Jump to content

Lucky Thirteen attack

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Jochem van Hees (talk | contribs) at 22:23, 29 September 2020 (In the lead sentence, the word "The" sounds like it's referring to one particular attack. I changed it to "A", because the article is about Lucky Thirteen attacks in general. But I'm happy to discuss what the wording should be.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol that use the CBC mode of operation, first reported in February 2013 by its developers Nadhem J. AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London.[1][2]

Attack

It is a novel variant of Serge Vaudenay's padding oracle attack that was previously thought to have been fixed, that uses a timing side-channel attack against the message authentication code (MAC) check stage in the TLS algorithm to break the algorithm in a way that was not fixed by previous attempts to mitigate Vaudenay's attack.[3]

"In this sense, the attacks do not pose a significant danger to ordinary users of TLS in their current form. However, it is a truism that attacks only get better with time, and we cannot anticipate what improvements to our attacks, or entirely new attacks, may yet be discovered." — Nadhem J. AlFardan and Kenny Paterson[1]

The researchers only examined Free Software implementations of TLS and found all examined products to be potentially vulnerable to the attack. They have tested their attacks successfully against OpenSSL and GnuTLS. Because the researchers applied responsible disclosure and worked with the software vendors, some software updates to mitigate the attacks were available at the time of publication.[2]

Martin R. Albrecht and Paterson have since demonstrated a variant Lucky Thirteen attack against Amazon's s2n TLS implementation, even though s2n includes countermeasures intended to prevent timing attacks.[4]

References

  1. ^ a b Dan Goodin (4 February 2013). ""Lucky Thirteen" attack snarfs cookies protected by SSL encryption". Ars Technica. Retrieved 4 February 2013.
  2. ^ a b "Lucky Thirteen: Breaking the TLS and DTLS Record Protocols". Royal Holloway, University of London. 4 February 2013. Retrieved 21 June 2013. {{cite web}}: Unknown parameter |authors= ignored (help)
  3. ^ Adam Langley (4 February 2013). "Lucky Thirteen attack on TLS CBC". Retrieved 4 February 2013.
  4. ^ Albrecht, Martin R.; Paterson, Kenneth G. "Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS". Cryptology ePrint Archive. Retrieved 24 November 2015.