Lucky Thirteen TLS Attack

EncryptedBytes · Feb 4, 2013

Another method of performing Vaudenay's attack on CBC as used in TLS:

http://www.isg.rhul.ac.uk/tls/

We have discovered a variety of attacks, each having different complexity and severity. For TLS, our attacks are multi-session attacks, which means that we require the target plaintext to be repeatedly sent in the same position in the plaintext stream in multiple TLS sessions. The attacks involve detecting small differences in the time at which TLS error messages appear on the network in response to attacker-generated ciphertexts. Because of network jitter and other effects, the times observed by the attacker are noisy, and multiple samples of each time are needed to make the attacks reliable. In their simplest form, our attacks can reliably recover a complete block of TLS-encrypted plaintext using about 223 TLS sessions, assuming the attacker is located on the same LAN as the machine being attacked and HMAC-SHA1 is used as TLS's MAC algorithm. This can be reduced to 219 TLS sessions if the plaintext is known to be base64 encoded. This can be further reduced to 213 sessions per byte if a byte of plaintext in one of the last two positions in a block is already known. The attack complexities are different for different MAC algorithms. Further details can be found in our research paper.

The sessions needed for our attacks on TLS can be generated in various ways. The attacks cause the TLS session to be terminated, and some applications running over TLS automatically reconnect and retransmit a cookie or password. In a web environment, the sessions may also be generated by client-side malware, in a similar way to the BEAST attack. Unlike BEAST, no exploit is needed to bypass the same origin policy in the web browser, since the attacker does not require the ability to inject plaintext blocks into the TLS session. And, with the BEAST-style enhancements, the attacker no longer needs to know one out of two bytes of plaintext at the end of the block, so that full plaintext recovery of the full base64 encoded plaintext is possible using 213 sessions per byte.

For DTLS, the attacks can be carried out in a single session, and known amplification techniques can be used to boost the timing signals relative to the noise. (Further details of these techniques can be found in our NDSS13 paper.) The attacks are fully practical for DTLS. For further details, see the research paper.
Click to expand...

lotuseclat79 · Feb 5, 2013

“Lucky Thirteen” attack snarfs cookies protected by SSL encryption

“Lucky Thirteen” attack snarfs cookies protected by SSL encryption.

Exploit is the latest to subvert crypto used to secure Web transactions.
Click to expand...

-- Tom

BoerenkoolMetWorst · Feb 5, 2013

Re: “Lucky Thirteen” attack snarfs cookies protected by SSL encryption

The major browser should really start to implement TLS 1.1 and 1.2 and enable them by default. SSL 3.0 is already from 1996, that's 17 years old, which is a century in computing, and TLS 1.0 is only 3 years younger.

TheKid7 · Feb 6, 2013

Researchers Find Hole in TLS, Can Now Snoop on Your Secure Traffic

Researchers Find Hole in TLS, Can Now Snoop on Your Secure Traffic:

Researchers at the Royal Holloway University of London have uncovered a range of methods to attack the TLS cryptographic protocol to expose encrypted data circulating between clients and servers...........
Click to expand...

http://www.hotforsecurity.com/blog/...an-now-snoop-on-your-secure-traffic-5242.html

TheKid7 · Feb 7, 2013

Boffins 'crack' HTTPS encryption in Lucky Thirteen attack

Boffins 'crack' HTTPS encryption in Lucky Thirteen attack:

The security of online transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS...........
Click to expand...

http://nakedsecurity.sophos.com/2013/02/07/boffins-crack-https-encryptionin-lucky-thirteen-attack/

TheKid7 · Feb 11, 2013

Theoretical Lucky Thirteen TLS Attacks Could Turn Practical:

For now, the Lucky Thirteen attacks described in a paper last week by researchers at Royal Holloway, University of London, are largely theoretical. But the potential exists to adapt techniques used in the BEAST attacks against TLS/SSL to improve the feasibility of Lucky Thirteen, a researcher said...........
Click to expand...

http://threatpost.com/en_us/blogs/theoretical-lucky-thirteen-tls-attacks-could-turn-practical-021113

Log in or Sign up

Lucky Thirteen TLS Attack

EncryptedBytes Registered Member

lotuseclat79 Registered Member

BoerenkoolMetWorst Registered Member

TheKid7 Registered Member

TheKid7 Registered Member

TheKid7 Registered Member

Log in or Sign up

Lucky Thirteen TLS Attack

EncryptedBytes Registered Member

lotuseclat79 Registered Member

BoerenkoolMetWorst Registered Member

TheKid7 Registered Member

TheKid7 Registered Member

TheKid7 Registered Member

Useful Searches