How does the new “time attack” work and what about protection?
/ CC BY / chuttersnap
What is the essence of the classical method
Before moving on to a new version of “time attacks”, let’s make a small digression and talk about how they work in general. They are based on the assumption that in the course of analyzing the computation time for certain requests, one can get an idea of the cryptosystem design, the type of processor and the algorithms used. Based on this data, an attacker can gradually recover information about the secret key.
Several years ago, experts from Stanford University proved the possibility of cracking OpenSSL using timing attack… However, to implement it quite difficultsince network jitter seriously affects the timing. But a team of engineers from Catholic University of Leuven in Belgium and New York University in Abu Dhabi have shown that this limitation can be circumvented.
At the conference USENIX they demonstrated a new way of “time attack” – timeless timing attackwhich is independent of network parameters.
How the new approach works
The engineers suggested sending requests to the server not one after another, but simultaneously (in one package). This can be done either directly or using cross-site scripting (page 5).
Fresh posts from our blog on Habré:
- Replacing TCP: a discussion of the QUIC protocol
- Most corporate networks can have traces of hackers and corresponding vulnerabilities
- MITM at the provider level: the European option
So, the error is introduced only by the parameters of the server responses, which reduces the effect of jitter in the network on the result. So, hacker can appreciate the operating time of cryptographic algorithms with an accuracy of 100 nanoseconds is one hundred times less than that of a classical attack. The engineers tested the exploit they wrote with the HTTP / 2 protocols and WPA3… In both cases timeless timing attack was successful.
How to protect yourself
The most obvious way is to implement a system in which all operations take the same amount of time. But it is practically impossible to do this in practice, as there will always be unforeseen deviations. Another option is to add random delays to all calculations. Such an approach would make measurements inaccurate and seriously complicate the hacker’s task.
/ CC BY / Erik Mclean
Another option to defend against Timeless Timing Attack is use HTTP / 1.1 protocol, which does not support multiplexing. In this case, an attacker will not be able to send several requests required to carry out an attack in one packet.
Engineers from Belgium and Abu Dhabi do not cite other methods that do not impose serious restrictions on the operation of networks. However, they plan to continue research in this direction.
What to read in our corporate blog: