Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS. / Albrecht, Martin; Paterson, Kenneth.

Advances in Cryptology – EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I. Vol. 9665 2016. p. 622-643 (Lecture Notes in Computer Science; Vol. 9665).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS. / Albrecht, Martin; Paterson, Kenneth.

Advances in Cryptology – EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I. Vol. 9665 2016. p. 622-643 (Lecture Notes in Computer Science; Vol. 9665).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Albrecht, M & Paterson, K 2016, Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS. in Advances in Cryptology – EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I. vol. 9665, Lecture Notes in Computer Science, vol. 9665, pp. 622-643. https://doi.org/10.1007/978-3-662-49890-3_24

APA

Albrecht, M., & Paterson, K. (2016). Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS. In Advances in Cryptology – EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I (Vol. 9665, pp. 622-643). (Lecture Notes in Computer Science; Vol. 9665). https://doi.org/10.1007/978-3-662-49890-3_24

Vancouver

Albrecht M, Paterson K. Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS. In Advances in Cryptology – EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I. Vol. 9665. 2016. p. 622-643. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-662-49890-3_24

Author

Albrecht, Martin ; Paterson, Kenneth. / Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS. Advances in Cryptology – EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I. Vol. 9665 2016. pp. 622-643 (Lecture Notes in Computer Science).

BibTeX

@inproceedings{ed34d762fee549dc944694bb919dfd11,
title = "Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS",
abstract = "s2n is an implementation of the TLS protocol that was released in late June 2015 by Amazon. It is implemented in around 6,000 lines of C99 code. By comparison, OpenSSL needs around 70,000 lines of code to implement the protocol. At the time of its release, Amazon announced that s2n had undergone three external security evaluations and penetration tests. We show that, despite this, s2n — as initially released — was vulnerable to a timing attack in the case of CBC-mode ciphersuites, which could be extended to complete plaintext recovery in some settings. Our attack has two components. The first part is a novel variant of the Lucky 13 attack that works even though protections against Lucky 13 were implemented in s2n. The second part deals with the randomised delays that were put in place in s2n as an additional countermeasure to Lucky 13. Our work highlights the challenges of protecting implementations against sophisticated timing attacks. It also illustrates that standard code audits are insufficient to uncover all cryptographic attack vectors.",
author = "Martin Albrecht and Kenneth Paterson",
year = "2016",
month = "4",
day = "28",
doi = "10.1007/978-3-662-49890-3_24",
language = "English",
isbn = "978-3-662-49889-7",
volume = "9665",
series = "Lecture Notes in Computer Science",
publisher = "Springer Berlin Heidelberg",
pages = "622--643",
booktitle = "Advances in Cryptology – EUROCRYPT 2016",

}

RIS

TY - GEN

T1 - Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS

AU - Albrecht, Martin

AU - Paterson, Kenneth

PY - 2016/4/28

Y1 - 2016/4/28

N2 - s2n is an implementation of the TLS protocol that was released in late June 2015 by Amazon. It is implemented in around 6,000 lines of C99 code. By comparison, OpenSSL needs around 70,000 lines of code to implement the protocol. At the time of its release, Amazon announced that s2n had undergone three external security evaluations and penetration tests. We show that, despite this, s2n — as initially released — was vulnerable to a timing attack in the case of CBC-mode ciphersuites, which could be extended to complete plaintext recovery in some settings. Our attack has two components. The first part is a novel variant of the Lucky 13 attack that works even though protections against Lucky 13 were implemented in s2n. The second part deals with the randomised delays that were put in place in s2n as an additional countermeasure to Lucky 13. Our work highlights the challenges of protecting implementations against sophisticated timing attacks. It also illustrates that standard code audits are insufficient to uncover all cryptographic attack vectors.

AB - s2n is an implementation of the TLS protocol that was released in late June 2015 by Amazon. It is implemented in around 6,000 lines of C99 code. By comparison, OpenSSL needs around 70,000 lines of code to implement the protocol. At the time of its release, Amazon announced that s2n had undergone three external security evaluations and penetration tests. We show that, despite this, s2n — as initially released — was vulnerable to a timing attack in the case of CBC-mode ciphersuites, which could be extended to complete plaintext recovery in some settings. Our attack has two components. The first part is a novel variant of the Lucky 13 attack that works even though protections against Lucky 13 were implemented in s2n. The second part deals with the randomised delays that were put in place in s2n as an additional countermeasure to Lucky 13. Our work highlights the challenges of protecting implementations against sophisticated timing attacks. It also illustrates that standard code audits are insufficient to uncover all cryptographic attack vectors.

UR - http://eprint.iacr.org/2015/1129

U2 - 10.1007/978-3-662-49890-3_24

DO - 10.1007/978-3-662-49890-3_24

M3 - Conference contribution

SN - 978-3-662-49889-7

VL - 9665

T3 - Lecture Notes in Computer Science

SP - 622

EP - 643

BT - Advances in Cryptology – EUROCRYPT 2016

ER -