Company News: Page (1) of 1 - 02/06/13 Email this story to a friend. email article Print this page (Article printing at MyDmn.com).print page facebook

wolfSSL, Provider of CyaSSL Embedded SSL, Releases First Embedded TLS and DTLS Protocol Fix for Lucky Thirteen Attack

  (February 06, 2013)

Bozeman, Montana (PRWEB) February 06, 2013

In the paper "Lucky Thirteen: Breaking the TLS and DTLS Record Protocols" authors Nadhem AlFardan and Kenneth Paterson present a family of attacks that apply to CBC-mode for TLS (1.1 and 1.2) and DTLS (1.0 and 1.2). All of the attacks are based on a delicate timing analysis of the decryption processing needed in block mode. The various attacks are distinguishing, partial plaintext recovery, and full plaintext recovery in nature. All the attacks exploit the protocol when badly formatted padding is handled during processing. A MAC verification must still be performed on something to prevent existing timing attacks. The RFCs suggest using a zero-length pad which was thought to be safe, but these attacks show that it can be exploited.

There are a few ways to avoid the attack. Using stream ciphers is the simplest. Stream ciphers like ARC4, HC-128, and RABBIT are not vulnerable because they don't use block mode and padding. HC-128 and RABBIT are unique to wolfSSL and also have the benefit of being extremely fast. Another way is to use Authenticated Encryption like AES-GCM and AES-CCM instead of block mode with CBC. wolfSSL includes several cipher suites utilizing Authenticated Encryption algorithms. Lastly, wolfSSL implemented the countermeasures suggested in the paper in version 2.5.0 to avoid timing attacks.

Founded in 2004, wolfSSL offers open-source, embedded security solutions that are fast, small, portable and standard compliant including CyaSSL, the C-language SSL library for embedded and RTOS environments; wolfCrypto, an embedded crypto engine; yaSSL, the embedded C++ SSL library; and yaSSL Embedded Web Server, a fast, embeddable, secure web server. Dual licensed, wolfSSL caters to the security applications in industrial automation, smart energy, surveillance, medical, military, telecommunications markets and the open-source community. Distributed worldwide, wolfSSL is headquartered in Bozeman, Montana. Visit us at http://www.yassl.com.


Read the full story at http://www.prweb.com/releases/2013/2/prweb10386492.htm.


Page: 1


Related Keywords:computer crime, software, arts, culture and entertainment, entertainment (general), entertainment award, computer crime, Commonwealth Games, Winter Goodwill Games, Summer Asian Games, Winter Asian Games, Panamerican Games, African Games, Mediterranean Games, SouthEast Asiatic Games, PanPacific Games, SouthPacific Games, PanArabic Games, Summer Goodwill Games, World games, paralympic games, computer crime, security, social security, national security, security measures
Source:PRWEB.COM Newswire. All Rights Reserved
DMO TEXT LINKS
(Click here to place a textlink on this site)
Vegas Pro 10 Available Now
Professional HD Video, audio, and Blu-Ray creation.
CLICK HERE!!!
HOT THREADS on DMN Forums
Content-type: text/html  Rss  Add to Google Reader or Homepage    Add to My AOL  Add to Excite MIX  Subscribe in NewsGator Online 
Real-Time - what users are saying - Right Now!
Consumer Electronics Net - Tools and Toys for Your Digital Lifestyle
• Camcorders •Audio/Video Software • Digital Photography • Desktop Computers • Wireless Tech
• Personal DVD • Notebooks • Home Office • PDAs & Handhelds • Computer Add-Ons • Digital Audio • Games
 • Phones • Digital Toys • Home Theater • TVs • Music • Movies • Gadgets

@ Copyright, 2012 Digital Media Online, All Rights Reserved