User:Karinlama/Lucky Thirteen attack

{Transport layer security}

Lead
A Lucky Thirteen Attack is a cryptographic attack, where attackers track the time it takes to do cryptographic algorithm and execution and then try to attack the Transport Layer Security(TLS) protocol using the Cipher Block Chaining (CBC) mode of operation. This kind of attack is applicable on protocols using CBC mode of encryption and MAC-then-Encyprt Scheme.

Article body
An implementation of the Transport Layer Security(TLS)protocol known as s2n was released by Amazon in late June 2015 and is implemented in around 6,000 C99 code. Even after undergoing three external security evaluations and penetration tests, s2n was still vulnerable to timing attacks in the initial phase. The novel variant of Lucky thirteen attack is effective even though works even though protection against Lucky 13 were implemented in s2n.

Lucky Thirteen affects the TLS 1.1 and 1.2 and DTLS 1.0 or 1.2 implementations and its previous versions such as SSL 3.0 and TLS 1.0. Security researchers Nadhem AlFardan and Kenny Paterson standardized the possibility of the Lucky Thirteen Attack. It's given the name Lucky Thirteen because of the 13 bytes of header information in the TLS MAC calculation which is a part of the vulnerability that makes the attack possible.