Time Trial: Racing Towards Practical Timing Attacks

Presented at ToorCon San Diego 16 (2014), Oct. 25, 2014, 6 p.m. (50 minutes).

Attacks on software become increasingly sophisticated over time and while the community has a good understanding of many classes of vulnerabilities that are commonly exploited, the practical relevance of side-channel attacks is much less understood. One common side-channel vulnerability that is present in many web applications today are timing side-channels that allow an attacker to extract information based on different response times. These side-channel vulnerabilities are easily introduced wherever sensitive values such as credentials are compared to an attacker-controlled value before responding to a client. Subtle timing side-channels can also exist when an attacker is able to influence logical branching that leads to different response times. Even though there is basic awareness of timing side-channel attacks in the community, they often go unnoticed or are flagged during code audits without a true understanding of their exploitability in practice. In this talk, we provide both a tool ‘time trial’ and guidance on the detection and exploitability of timing side-channel vulnerabilities in common web application scenarios. Specifically, the focus of our presentation is on remote timing attacks, which are performed over a LAN, in a cloud environment, or on the Internet. To illustrate this, we first present detailed empirical timing results that demonstrate which timing differences can be distinguished remotely using our tool. Second, we compare our results with timing differences that are typically encountered in modern web frameworks and servers for both comparison-based and branching-based vulnerabilities. The discussed attack scenarios include database queries, message authentication codes, API keys, OAuth tokens, login functions, and cryptographic implementations. We cover scenarios where these attacks are practical, and also present negative results that show the limitations of these attacks against modern systems. Our presentation has significance for a wide spectrum of the conference audience. Attendees in defensive security roles will gain a better understanding of the threat timing side-channel vulnerabilities pose and, based on the demonstrated attacks, will be better able to evaluate the severity and impact of a successful side-channel attack. Attendees in a penetration testing role will learn how to distinguish theoretical timing side-channels from legitimately exploitable flaws by using our tool ‘time trial’ and understand the challenges in performing these attacks in practice. Finally, attendees focused on research implications will receive a comprehensive update on the state-of-the-art in exploiting timing attacks in practice.


Presenters:

  • Joel Sandin
    Joel Sandin is a Security Consultant at Matasano Security. At Matasano he performs security assessments on anything that is put in front of him. Before joining Matasano’s consulting team, he worked in the Network Safety and Network Security groups at Akamai Technologies, where he helped build and maintain distributed systems for security monitoring and defense.
  • Daniel Mayer
    Daniel is a Senior Consultant with Matasano Security. His experience includes penetration testing, mobile security, cryptographic protocol analysis and design, security research, and system and network administration. Prior to joining Matasano, Daniel was a researcher at the Stevens Institute of Technology working on applied cryptography and privacy. He presented his research at various security conferences including Blackhat, ShmooCon, SOURCE Boston, and several international academic venues. Daniel is the author of the popular iOS auditing tool “idb”. Daniel holds a PhD degree in Computer Science from Stevens and a MS degree in Physics from Rutgers.

Links:

Similar Presentations: