Lucky 13 Strikes Back

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar

Abstract

In this work we show how the Lucky 13 attack can be resurrected in the cloud by gaining access to a virtual machine co-located with the target. Our version of the attack exploits distinguishable cache access times enabled by VM deduplication to detect dummy function calls that only happen in case of an incorrectly CBC-padded TLS packet. Thereby, we gain back a new covert channel not considered in the original paper that enables the Lucky 13 attack. In fact, the new side channel is significantly more accurate, thus yielding a much more effective attack. We briefly survey prominent cryptographic libraries for this vulnerability. The attack currently succeeds to compromise PolarSSL, GnuTLS and CyaSSL on deduplication enabled platforms while the Lucky 13 patches in OpenSSL, Mozilla NSS and MatrixSSL are immune to this vulnerability. We conclude that, any program that follows secret data dependent execution flow is exploitable by side-channel attacks as shown in (but not limited to) our version of the Lucky 13 attack.
Original languageEnglish
Title of host publicationProceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '15, Singapore, April 14-17, 2015
Number of pages12
Place of PublicationNew York, NY, USA
PublisherACM
Publication date14.04.2015
Pages85-96
ISBN (Print)978-1-4503-3245-3
DOIs
Publication statusPublished - 14.04.2015
EventACM Symposium on Information, Computer and Communications Security - Singapore, Singapore
Duration: 14.04.201517.04.2015

Fingerprint

Dive into the research topics of 'Lucky 13 Strikes Back'. Together they form a unique fingerprint.

Cite this