Lucky Thirteen attack against implementations of the Transport Layer Security

The Lucky Thirteen attack is a famous and one of the dangerous cryptographic timing attack. This attack is used against implementations of the Transport Layer Security (TLS) protocol that uses the CBC (Cipher Block Chaining) mode of operation. The server has a vulnerability that may cause Lucky Thirteen attack against implementations of the Transport Layer Security protocol. This may result in loss of sensitive information. An attacker can perform an attack on the MAC check during the processing of malformed CBC padding. This vulnerability allows an attacker to execute a plaintext-recovery attack using the statistical analysis of the packet’s timing data. This vulnerability is known as “Lucky Thirteen” attack. The TLS 1.1 and 1.2 are used in OpenSSL, OpenJDK, PolarSSL and so on. This attack is also possible on SSL 3.0 and TLS 1.0. It is impossible to find if a vulnerable version is active at the endpoint. Thus, all the SSL running CBC cipher were flagged as a potential vulnerability.

Impact

An attacker can steal sensitive information using the man in the middle attack. The man in the middle attack is used to sniff the communication. The sniffing process will leak information from the communication channel. The information might include usernames, passwords and so on.

Mitigation / Precaution

Beagle recommends the following impacts:-

• It is best to disable TLS
• Upgrade the OpenSSL version.
• Remove all cipher block chaining ciphers.
• Try to disable SSL-disable-CBC-ciphers.

Written by

Jijith Rajan

Cyber Security Engineer