DBREACH: Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics

Presented at Black Hat USA 2021, Aug. 4, 2021, 3:20 p.m. (40 minutes)

Databases often store sensitive data such as personally identifiable information. For this reason, databases often provide a data-at-rest encryption feature. Large databases may also attempt to compress data to save storage space. However, combining encryption and compression can be dangerous and potentially leak the underlying plaintext. This class of vulnerabilities is known as a compression side-channel.

Compression side-channel attacks were most notably demonstrated during the CRIME (2012) and BREACH (2013) attacks to break SSL. In practice, compression side-channel attacks have so far been limited to a web security context. In this presentation, we demonstrate the first compression side-channel attacks on a real-world database. We show how an attacker is able to extract encrypted content that was inserted by another user.

We list the necessary preconditions for such an attack to take place, reveal the inner workings of the attack, and discuss possible mitigations.

Presenters:

• Yan Michalevsky - CTO and Co-Founder, Anjuna Security
  Yan Michalevsky is the CTO and co-founder of Anjuna, an enterprise security company that protects sensitive applications and data from insider threats. After serving at a technological unit of the Israeli intelligence corps, and working in the industry as a software developer and a tech-lead, he pursued his PhD in applied security and privacy from Stanford University, researching a range of problems from mobile security to applied cryptography. His research on mobile security and privacy was presented at top conferences and covered by popular media outlets such as BBC, Wired, Engadget, KQED TV, and more. Yan has previously presented at Black Hat Europe in 2014 and Black Hat Asia in 2017.
• Saba Eskandarian - Assistant Professor, UNC Chapel Hill
  <p>Saba Eskandarian is an assistant professor at UNC Chapel Hill. His research focuses broadly on security, privacy, and applied cryptography, and he is particularly interested in building practical privacy-preserving systems.</p>
• Mathew Hogan - M.S. Candidate, Computer Science , Stanford University
  Mathew Hogan is pursuing a B.S and M.S. in Computer Science at Stanford University, studying systems and computer and network security. He is conducting research in Stanford's Applied Cryptography Group, under the advisement of Dan Boneh. He is graduating with his B.S. in June 2021 and will earn his M.S. in March 2022. He has previously worked as a software engineering intern at AWS Redshift and is currently working on Apache Kafka as a summer intern at Confluent.

Links:

• https://www.blackhat.com/us-21/briefings/schedule/#dbreach-database-reconnaissance-and-exfiltration-via-adaptive-compression-heuristics-23758
• https://www.blackhat.com/us-21/briefings/schedule/#dbreach-database-reconnaissance-and-exfiltration-via-adaptive-compression-heuristics-237581625069299

Similar Presentations:

• DeepSec 2017 „Science First!“ / Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications
• Black Hat Europe 2016 / CTX: Eliminating BREACH with Context Hiding
• Black Hat USA 2018 / Compression Oracle Attacks on VPN Networks