Abstract
In this work we show how the Lucky 13 attack can be resurrected in the cloud by gaining access to a virtual machine co-located with the target. Our version of the attack exploits distinguishable cache access times enabled by VM deduplication to detect dummy function calls that only happen in case of an incorrectly CBC-padded TLS packet. Thereby, we gain back a new covert channel not considered in the original paper that enables the Lucky 13 attack. In fact, the new side channel is significantly more accurate, thus yielding a much more effective attack. We briefly survey prominent cryptographic libraries for this vulnerability. The attack currently succeeds to compromise PolarSSL, GnuTLS and CyaSSL on deduplication enabled platforms while the Lucky 13 patches in OpenSSL, Mozilla NSS and MatrixSSL are immune to this vulnerability. We conclude that, any program that follows secret data dependent execution flow is exploitable by side-channel attacks as shown in (but not limited to) our version of the Lucky 13 attack.
Original language | English |
---|---|
Title of host publication | Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '15, Singapore, April 14-17, 2015 |
Number of pages | 12 |
Place of Publication | New York, NY, USA |
Publisher | ACM |
Publication date | 14.04.2015 |
Pages | 85-96 |
ISBN (Print) | 978-1-4503-3245-3 |
DOIs | |
Publication status | Published - 14.04.2015 |
Event | ACM Symposium on Information, Computer and Communications Security - Singapore, Singapore Duration: 14.04.2015 → 17.04.2015 |