aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>2020-08-26 10:10:11 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>2020-08-26 10:10:11 +0200
commit8f18d08fae10a80c9cc6580f5cfea1821791dcda (patch)
treeacb6a432bdefd4c2de861359c84e4579e5adb966
parent53d216081cf97b90d2cfdf06f9802680c0e8a05a (diff)
downloadmbed-tls-8f18d08fae10a80c9cc6580f5cfea1821791dcda.tar.gz
Clarify that the Lucky 13 fix is quite general
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
-rw-r--r--ChangeLog.d/local-lucky13.txt16
1 files changed, 9 insertions, 7 deletions
diff --git a/ChangeLog.d/local-lucky13.txt b/ChangeLog.d/local-lucky13.txt
index 5a3eed0ba..adf493abe 100644
--- a/ChangeLog.d/local-lucky13.txt
+++ b/ChangeLog.d/local-lucky13.txt
@@ -1,9 +1,11 @@
Security
- * Fix a local timing side channel vulnerability in (D)TLS record decryption
- when using a CBC ciphersuites without the Encrypt-then-Mac extension. In
- those circumstances, a local attacker able to observe the state of the
- cache could use well-chosen functions to measure the exact computation
- time of the HMAC, and follow up with the usual range of Lucky 13 attacks,
- including plaintext recovery and key recovery. Found and reported by Tuba
- Yavuz, Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
+ * In (D)TLS record decryption, when using a CBC ciphersuites without the
+ Encrypt-then-Mac extension, use constant code flow memory access patterns
+ to extract and check the MAC. This is an improvement to the existing
+ countermeasure against Lucky 13 attacks. The previous countermeasure was
+ effective against network-based attackers, but less so against local
+ attackers. The new countermeasure defends against local attackers, even
+ if they have access to fine-grained measurements. In particular, this
+ fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
+ Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
(University of Florida) and Dave Tian (Purdue University).