The attacker model of the Lucky13 attack in TLS
Multi tool use
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:
The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.
My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?
tls cbc openssl cbc-mac timing-attack
asked 2 hours ago
user9371654
1623
add a comment |Â
up vote
2
down vote
favorite
Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:
The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.
My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?
tls cbc openssl cbc-mac timing-attack
asked 2 hours ago
user9371654
1623
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:
The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.
My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?
tls cbc openssl cbc-mac timing-attack
asked 2 hours ago
user9371654
1623
Lucky13 is a timing attack against the MAC in the CBC MAC-then-encrypt ciphersuites. In the attack's page:
The attacks involve detecting small differences in the time at which
TLS error messages appear on the network in response to
attacker-generated ciphertexts.
My question is: Can a passive adversary perform Lucky13? In other words, I need to know if Lucky13 attacker's model is active MitM or passive network attacker who just collect traffic and perform analysis afterwards?
tls cbc openssl cbc-mac timing-attack
tls cbc openssl cbc-mac timing-attack
asked 2 hours ago
user9371654
1623
asked 2 hours ago
user9371654
1623
edited 2 hours ago
asked 2 hours ago
user9371654
1623
asked 2 hours ago
user9371654
1623
asked 2 hours ago
user9371654
1623
1623
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
1
down vote
The Lucky13 article on Our Results;
... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.
on the discussion;
We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.
answered 1 hour ago
kelalaka
1,864419
add a comment |Â
up vote
1
down vote
Can a passive adversary perform Lucky13?
No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.
answered 53 mins ago
poncho
87.5k2130223
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
The Lucky13 article on Our Results;
... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.
on the discussion;
We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.
answered 1 hour ago
kelalaka
1,864419
add a comment |Â
up vote
1
down vote
The Lucky13 article on Our Results;
... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.
on the discussion;
We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.
answered 1 hour ago
kelalaka
1,864419
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The Lucky13 article on Our Results;
... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.
on the discussion;
We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.
answered 1 hour ago
kelalaka
1,864419
The Lucky13 article on Our Results;
... attacks can be mounted by a standard man-in-the-middle (MITM) attacker who sees only ciphertext and can inject ciphertexts of his own composition into the network.
on the discussion;
We reiterate that the attacks are ciphertext-only, and so can be carried out by the standard MITM attacker, without a chosen-plaintext capability.
answered 1 hour ago
kelalaka
1,864419
answered 1 hour ago
kelalaka
1,864419
answered 1 hour ago
kelalaka
1,864419
answered 1 hour ago
kelalaka
1,864419
1,864419
add a comment |Â
add a comment |Â
up vote
1
down vote
Can a passive adversary perform Lucky13?
No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.
answered 53 mins ago
poncho
87.5k2130223
add a comment |Â
up vote
1
down vote
Can a passive adversary perform Lucky13?
No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.
answered 53 mins ago
poncho
87.5k2130223
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Can a passive adversary perform Lucky13?
No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.
answered 53 mins ago
poncho
87.5k2130223
Can a passive adversary perform Lucky13?
No. The attacker must have the capability to inject chosen ciphertexts into the stream. A passive adversary (who listens into the encrypted traffic but cannot modify it) cannot do this.
answered 53 mins ago
poncho
87.5k2130223
answered 53 mins ago
poncho
87.5k2130223
answered 53 mins ago
poncho
87.5k2130223
answered 53 mins ago
poncho
87.5k2130223
87.5k2130223
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63524%2fthe-attacker-model-of-the-lucky13-attack-in-tls%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password