Lucky Thirteen attack


The Lucky Thirteen attack is a cryptographic timing attack against implementations of the Transport Layer Security protocol that use the CBC mode of operation, first reported in February 2013 by its developers Nadhem J. AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London.

Attack

It is a novel variant of Serge Vaudenay's padding oracle attack that was previously thought to have been fixed, that uses a timing side-channel attack against the message authentication code check stage in the TLS algorithm to break the algorithm in a way that was not fixed by previous attempts to mitigate Vaudenay's attack.
"In this sense, the attacks do not pose a significant danger to ordinary users of TLS in their current form. However, it is a truism that attacks only get better with time, and we cannot anticipate what improvements to our attacks, or entirely new attacks, may yet be discovered." — Nadhem J. AlFardan and Kenny Paterson

The researchers only examined Free Software implementations of TLS and found all examined products to be potentially vulnerable to the attack.
They have tested their attacks successfully against OpenSSL and GnuTLS. Because the researchers applied responsible disclosure and worked with the software vendors,
some software updates to mitigate the attacks were available at the time of publication.
Martin R. Albrecht and Paterson have since demonstrated a variant Lucky Thirteen attack against Amazon's s2n TLS implementation, even though s2n includes countermeasures intended to prevent timing attacks.