Lucky Thirteen attack

From Wikipedia, the free encyclopedia

The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol, first reported in February 2013 by its developers Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group at Royal Holloway, University of London.[1][2]

Attack

It is a novel variant of Serge Vaudenay's padding oracle attack that had previously thought to have been fixed, that uses a timing side-channel attack against the message authentication code (MAC) check stage in the TLS algorithm to break the algorithm in a way that was not fixed by previous attempts to mitigate Vaudenay's attack.[3]

"In this sense, the attacks do not pose a significant danger to ordinary users of TLS in their current form. However, it is a truism that attacks only get better with time, and we cannot anticipate what improvements to our attacks, or entirely new attacks, may yet be discovered." — Nadhem J. AlFardan and Kenneth G. Paterson[1]

The researchers only examined Free Software implementations of TLS and found all examined products to be potentially vulnerable to the attack. They have tested their attacks successfully against OpenSSL and GnuTLS. Because the researchers applied "responsible disclosure" and worked with the software vendors, some software updates to migitate the attacks were available at the time of publication.[2]

References

  1. 1.0 1.1 Dan Goodin (4 February 2013). ""Lucky Thirteen" attack snarfs cookies protected by SSL encryption". Ars Technica. Retrieved 4 February 2013. 
  2. 2.0 2.1 Nadhem J. AlFardan and Kenneth G. Paterson (4 February 2013). "Lucky Thirteen: Breaking the TLS and DTLS Record Protocols". Royal Holloway, University of London. Retrieved 21 June 2013. 
  3. Adam Langley (4 February 2013). "Lucky Thirteen attack on TLS CBC". Retrieved 4 February 2013. 

External links


This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.