Speaker Deck

Toorcon 16 (2014) - Time Trial - Racing Towards Practical Timing Attacks

by Daniel A. Mayer

Published October 25, 2014 in Technology

Attacks on software become increasingly sophisticated over time and while the community has a good understanding of many classes of vulnerabilities that are commonly exploited, the practical relevance of side-channel attacks is much less understood.

One common side-channel vulnerability that is present in many web applications today are timing side-channels that allow an attacker to extract information based on different response times. These side-channel vulnerabilities are easily introduced wherever sensitive values such as credentials are compared to an attacker-controlled value before responding to a client. Subtle timing side-channels can also exist when an attacker is able to influence logical branching that leads to different response times. Even though there is basic awareness of timing side-channel attacks in the community, they often go unnoticed or are flagged during code audits without a true understanding of their exploitability in practice.

In this talk, we provide both a tool ‘time trial’ and guidance on the detection and exploitability of timing side-channel vulnerabilities in common web application scenarios. Specifically, the focus of our presentation is on remote timing attacks, which are performed over a LAN, in a cloud environment, or on the Internet. To illustrate this, we first present detailed empirical timing results that demonstrate which timing differences can be distinguished remotely using our tool. Second, we compare our results with timing differences that are typically encountered in modern web frameworks and servers for both comparison-based and branching-based vulnerabilities. The discussed attack scenarios include database queries, message authentication codes, API keys, OAuth tokens, login functions, and cryptographic implementations. We cover scenarios where these attacks are practical, and also present negative results that show the limitations of these attacks against modern systems.

Our presentation has significance for a wide spectrum of the conference audience. Attendees in defensive security roles will gain a better understanding of the threat timing side-channel vulnerabilities pose and, based on the demonstrated attacks, will be better able to evaluate the severity and impact of a successful side-channel attack. Attendees in a penetration testing role will learn how to distinguish theoretical timing side-channels from legitimately exploitable flaws by using our tool ‘time trial’ and understand the challenges in performing these attacks in practice. Finally, attendees focused on research implications will receive a comprehensive update on the state-of-the-art in exploiting timing attacks in practice.