Get lucky: The Virtues of Breaking Internet Security Thumbnail
‹ Back
Improving Technical Security 2 April 2014

Get lucky: The Virtues of Breaking Internet Security

Mat Ford
By Mat FordTechnology Program Manager

The first Applied Networking Research Prize for 2014 was awarded to Kenny Paterson for finding and documenting new attacks against key Internet security protocols. In their paper, “Lucky Thirteen: Breaking the TLS and DTLS Record Protocols” (Proc. IEEE Symposium on Security and Privacy, pp. 526-540, San Francisco, CA, USA, May 2013.), Kenny and his co-author Nadhem Al Fardan demonstrate practical attacks against Transport Layer Security, a fundamental security building block for much of today’s online activity.

Kenny’s presentation to the Internet Research Task Force open meeting in London gave a great insight into the techniques he and others have developed to leverage seemingly tiny differences in the timing of protocol operations to reveal plaintext and thereby break the security of the transaction. There is now a real need for constant-time, constant-memory access implementations to be confident that such potential implementation weaknesses have been completely eliminated (and see [https://www.imperialviolet.org/2013/02/04/luckythirteen.html] for a discussion of how hard that is to achieve in practice).

Kenny noted the importance of the virtuous cycle that sees widely used security protocols gaining a high profile in the research community, leading to more analysis and more development work to patch weaknesses as they are discovered, and ultimately stronger security protocols for everyone. Responsible disclosure practices and close collaboration with the IETF were key aspects in this instance.

Kenny’s slides are available and audio from the presentation is also available starting at 00:18:25.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...

Join the conversation with Internet Society members around the world