The attacker model of the Lucky13 attack in TLS

Clash Royale CLAN TAG#URR8PPP

up vote
2
down vote

favorite

Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:

The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.

My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?

tls cbc openssl cbc-mac timing-attack

share|improve this question

edited 2 hours ago

asked 2 hours ago

user9371654

1623

add a comment | 

up vote
2
down vote

favorite

Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:

The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.

My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?

tls cbc openssl cbc-mac timing-attack

share|improve this question

edited 2 hours ago

asked 2 hours ago

user9371654

1623

add a comment | 

up vote
2
down vote

favorite

up vote
2
down vote

favorite

Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:

The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.

My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?

tls cbc openssl cbc-mac timing-attack

share|improve this question

edited 2 hours ago

asked 2 hours ago

user9371654

1623

Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:

The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.

My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?

tls cbc openssl cbc-mac timing-attack

tls cbc openssl cbc-mac timing-attack

share|improve this question

edited 2 hours ago

asked 2 hours ago

user9371654

1623

share|improve this question

edited 2 hours ago

asked 2 hours ago

user9371654

1623

share|improve this question

share|improve this question

edited 2 hours ago

edited 2 hours ago

edited 2 hours ago

asked 2 hours ago

user9371654

1623

asked 2 hours ago

user9371654

1623

asked 2 hours ago

user9371654

1623

1623

add a comment | 

add a comment | 

2 Answers
2

active

oldest

votes

up vote
1
down vote

The Lucky13 article on Our Results;

... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.

on the discussion;

We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.

share|improve this answer

answered 1 hour ago

kelalaka

1,864419

add a comment | 

up vote
1
down vote

Can a passive adversary perform Lucky13?

No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.

share|improve this answer

answered 54 mins ago

poncho

87.5k2130223

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63524%2fthe-attacker-model-of-the-lucky13-attack-in-tls%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
1
down vote

The Lucky13 article on Our Results;

... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.

on the discussion;

We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.

share|improve this answer

answered 1 hour ago

kelalaka

1,864419

add a comment | 

up vote
1
down vote

The Lucky13 article on Our Results;

... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.

on the discussion;

We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.

share|improve this answer

answered 1 hour ago

kelalaka

1,864419

add a comment | 

up vote
1
down vote

up vote
1
down vote

The Lucky13 article on Our Results;

... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.

on the discussion;

We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.

share|improve this answer

answered 1 hour ago

kelalaka

1,864419

The Lucky13 article on Our Results;

... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.

on the discussion;

We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.

share|improve this answer

answered 1 hour ago

kelalaka

1,864419

share|improve this answer

share|improve this answer

answered 1 hour ago

kelalaka

1,864419

answered 1 hour ago

kelalaka

1,864419

answered 1 hour ago

kelalaka

1,864419

1,864419

add a comment | 

add a comment | 

up vote
1
down vote

Can a passive adversary perform Lucky13?

No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.

share|improve this answer

answered 54 mins ago

poncho

87.5k2130223

add a comment | 

up vote
1
down vote

Can a passive adversary perform Lucky13?

No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.

share|improve this answer

answered 54 mins ago

poncho

87.5k2130223

add a comment | 

up vote
1
down vote

up vote
1
down vote

Can a passive adversary perform Lucky13?

No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.

share|improve this answer

answered 54 mins ago

poncho

87.5k2130223

Can a passive adversary perform Lucky13?

No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.

share|improve this answer

answered 54 mins ago

poncho

87.5k2130223

share|improve this answer

share|improve this answer

answered 54 mins ago

poncho

87.5k2130223

answered 54 mins ago

poncho

87.5k2130223

answered 54 mins ago

poncho

87.5k2130223

87.5k2130223

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63524%2fthe-attacker-model-of-the-lucky13-attack-in-tls%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email