The attacker model of the Lucky13 attack in TLS

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:




The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.




My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?










share|improve this question



























    up vote
    2
    down vote

    favorite












    Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:




    The attacks involve detecting small differences in the time at which
    TLS error messages appear on the network in response to
    attacker-generated ciphertexts.




    My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?










    share|improve this question

























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:




      The attacks involve detecting small differences in the time at which
      TLS error messages appear on the network in response to
      attacker-generated ciphertexts.




      My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?










      share|improve this question















      Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:




      The attacks involve detecting small differences in the time at which
      TLS error messages appear on the network in response to
      attacker-generated ciphertexts.




      My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?







      tls cbc openssl cbc-mac timing-attack






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 2 hours ago

























      asked 2 hours ago









      user9371654

      1623




      1623




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote













          The Lucky13 article on Our Results;




          ... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.




          on the discussion;




          We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.







          share|improve this answer



























            up vote
            1
            down vote














            Can a passive adversary perform Lucky13?




            No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.






            share|improve this answer




















              Your Answer




              StackExchange.ifUsing("editor", function ()
              return StackExchange.using("mathjaxEditing", function ()
              StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
              StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
              );
              );
              , "mathjax-editing");

              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "281"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              convertImagesToLinks: false,
              noModals: false,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              noCode: true, onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );













               

              draft saved


              draft discarded


















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63524%2fthe-attacker-model-of-the-lucky13-attack-in-tls%23new-answer', 'question_page');

              );

              Post as a guest






























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              1
              down vote













              The Lucky13 article on Our Results;




              ... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.




              on the discussion;




              We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.







              share|improve this answer
























                up vote
                1
                down vote













                The Lucky13 article on Our Results;




                ... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.




                on the discussion;




                We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.







                share|improve this answer






















                  up vote
                  1
                  down vote










                  up vote
                  1
                  down vote









                  The Lucky13 article on Our Results;




                  ... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.




                  on the discussion;




                  We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.







                  share|improve this answer












                  The Lucky13 article on Our Results;




                  ... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.




                  on the discussion;




                  We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.








                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 1 hour ago









                  kelalaka

                  1,864419




                  1,864419




















                      up vote
                      1
                      down vote














                      Can a passive adversary perform Lucky13?




                      No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.






                      share|improve this answer
























                        up vote
                        1
                        down vote














                        Can a passive adversary perform Lucky13?




                        No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.






                        share|improve this answer






















                          up vote
                          1
                          down vote










                          up vote
                          1
                          down vote










                          Can a passive adversary perform Lucky13?




                          No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.






                          share|improve this answer













                          Can a passive adversary perform Lucky13?




                          No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered 54 mins ago









                          poncho

                          87.5k2130223




                          87.5k2130223



























                               

                              draft saved


                              draft discarded















































                               


                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63524%2fthe-attacker-model-of-the-lucky13-attack-in-tls%23new-answer', 'question_page');

                              );

                              Post as a guest













































































                              Comments

                              Popular posts from this blog

                              What does second last employer means? [closed]

                              Installing NextGIS Connect into QGIS 3?

                              One-line joke