Lucky 13 Strikes Back

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar


In this work we show how the Lucky 13 attack can be resurrected in the cloud by gaining access to a virtual machine co-located with the target. Our version of the attack exploits distinguishable cache access times enabled by VM deduplication to detect dummy function calls that only happen in case of an incorrectly CBC-padded TLS packet. Thereby, we gain back a new covert channel not considered in the original paper that enables the Lucky 13 attack. In fact, the new side channel is significantly more accurate, thus yielding a much more effective attack. We briefly survey prominent cryptographic libraries for this vulnerability. The attack currently succeeds to compromise PolarSSL, GnuTLS and CyaSSL on deduplication enabled platforms while the Lucky 13 patches in OpenSSL, Mozilla NSS and MatrixSSL are immune to this vulnerability. We conclude that, any program that follows secret data dependent execution flow is exploitable by side-channel attacks as shown in (but not limited to) our version of the Lucky 13 attack.
TitelProceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '15, Singapore, April 14-17, 2015
ErscheinungsortNew York, NY, USA
Herausgeber (Verlag)ACM
ISBN (Print)978-1-4503-3245-3
PublikationsstatusVeröffentlicht - 14.04.2015
VeranstaltungACM Symposium on Information, Computer and Communications Security - Singapore, Singapur
Dauer: 14.04.201517.04.2015


Untersuchen Sie die Forschungsthemen von „Lucky 13 Strikes Back“. Zusammen bilden sie einen einzigartigen Fingerprint.