Upgrade to Pro — share decks privately, control downloads, hide ads and more …

All in the Timing: Side-Channel Attacks in Python

Avatar for Philip James Philip James
May 11, 2018
Programming
0
410

All in the Timing: Side-Channel Attacks in Python

Talk given at PyCon 2018
Avatar for Philip James

Philip James

May 11, 2018
Tweet

More Decks by Philip James

See All by Philip James
Frog and Toad Learn about Django Security - NBT6
Avatar for Philip James phildini
0
26
The Elephant and the Serpent (PyLatam 2019)
Avatar for Philip James phildini
0
66
Account Security for the Fashionable App Developer
Avatar for Philip James phildini
1
66
All in the Timing: Side-Channel Attacks
Avatar for Philip James phildini
0
60
Giving Thanks
Avatar for Philip James phildini
0
45
API-Driven Django
Avatar for Philip James phildini
1
390
Type uWSGI; Press Enter; What Happens?
Avatar for Philip James phildini
0
95
Type uWSGI; Press Enter; What Happens?
Avatar for Philip James phildini
1
75
Oops I Committed My Secret Key
Avatar for Philip James phildini
0
410

Other Decks in Programming

See All in Programming
単体テストの始め方/作り方
Avatar for toms toms74209200
0
360
20250528 AWS Startupイベント登壇資料:AIコーディングの取り組み
Avatar for Hanse Kim procrustes5
0
150
Development of an App for Intuitive AI Learning - Blockly Summit 2025
Avatar for Teba_eleven teba_eleven
0
100
Using AI Tools Around Software Development
Avatar for inouehi inouehi
0
880
RubyKaigiで得られる10の価値 〜Ruby話を聞くことだけが RubyKaigiじゃない〜
Avatar for tomohiko.kuzuba tomohiko9090
0
130
TypeScript を活かしてデザインシステム MCP を作る / #tskaigi_after_night
Avatar for Masayuki Izumi izumin5210
4
510
ワンバイナリWebサービスのススメ
Avatar for mackee mackee
10
7.6k
PT AI без купюр
Avatar for Vladimir Kochetkov v0lka
0
210
型安全RESTで爆速プロトタイピング – Hono RPC実践
Avatar for tacke tacke_jp
0
110
つよそうにふるまい、つよい成果を出すのなら、つよいのかもしれない
Avatar for irof irof
0
220
ktr0731/go-mcpでMCPサーバー作ってみた
Avatar for kashiwa takak2166
0
120
JSAI2025 RecSysChallenge2024 優勝報告
Avatar for kami unonao
1
430

Featured

See All Featured
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
14
1.5k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
137
34k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
20
1.3k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.8k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.3k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
430
65k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
71
4.8k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
85
4.7k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
22
3.5k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k

Transcript

  1. All in the Timing Asheesh Laroia & Philip James PyCon

    2018
  2. None

  3. •Explain >ming a?acks •Timing a?acks in Python soBware •Side channel

    a?acks in general

  4. https://example.com Username Password Submit

  5. 2,821,109,907,456 combinations = ~89 years p a s s w

    o r d _ _ _ _ _ _ _ _ 36 36 36 36 36 36 36 36

  6. https://example.com Username Password Submit

  7. m a s s w o r d p a

    s s 1 2 3 4 p a s s w o r d p a s s w o r d

  8. m a s s w o r d p a

    s s 1 2 3 4 p a s s w o r d p a s s w o r d

  9. m a s s w o r d p a

    s s 1 2 3 4 p a s s w o r d p a s s w o r d

  10. 144 tries 18 + 18 + 18 + 18 +

    18 + 18 + 18 + 18 = 144ms

  11. 0 1 2 3 4 5 6 7 8 9

    1 2 3 4 5 6

  12. In [1]: password = 'password' In [2]: %timeit 'massword'.encode('utf-8') ==

    password.encode('utf-8') 306 ns ± 3.65 ns per loop (…) In [3]: %timeit 'pass1234'.encode('utf-8') == password.encode('utf-8') 314 ns ± 4.5 ns per loop (…) In [4]: %timeit 'password'.encode('utf-8') == password.encode('utf-8') 325 ns ± 12.8 ns per loop (…) Data-dependent >me

  13. In [1]: from django.utils.crypto import constant_time_compare In [2]: %timeit constant_time_compare('massword',

    'password') 93.5 ms ± 426 µs per loop (...) In [3]: %timeit constant_time_compare('pass1234', 'password') 92.5 ms ± 550 µs per loop (...) In [4]: %timeit constant_time_compare('password', 'password') 93.3 ms ± 479 µs per loop (…) Constant >me

  14. VERIFICATION GENERATION

  15. HMAC/ KeyCzar

  16. def check(msg, maybe_sig): sig = hmac.Sign(msg) return sig == maybe_sig

  17. def check(msg, maybe_sig): sig = hmac.Sign(msg) return sig == maybe_sig

  18. if len(sig_bytes) != len(mac_bytes): return False result = 0 for

    x, y in zip(mac_bytes, sig_bytes): result |= ord(x) ^ ord(y) return result == 0 https://github.com/google/keyczar/blob/master/python/src/keyczar/keys.py#L582

  19. Timing A2acks Side-Channel A2acks

  20. GZip h?ps:/ /www.djangoproject.com/weblog/2013/aug/06/breach-and-django/

  21. Cross site request forgery protec>on

  22. Cross site request forgery protec>on http://example.com Username Password Submit

  23. Cross site request forgery protec>on http://example.com Username Password Submit <input

    type=”hidden” value=”abc123xyz” name=”csrf_token”>

  24. Cross site request forgery protec>on https://example.com Username Password Submit <input

    type=”hidden” value=”abc123xyz” name=”csrf_token”>

  25. Cross site request forgery protec>on https://example.com Username Password Submit 10Kb

    <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

  26. Cross site request forgery protec>on https://example.com Username Password Submit 3Kb

    GZipped! <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

  27. Cross site request forgery protec>on https://example.com 10Kb <input type=”hidden” value=”abc123xyz”

    name=”csrf_token”> </... </... </... </...

  28. Cross site request forgery protec>on https://example.com 3Kb GZipped! <input type=”hidden”

    value=”abc123xyz” name=”csrf_token”> </...

  29. Cross site request forgery protec>on https://example.com <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

    3Kb GZipped! “_________”

  30. Cross site request forgery protec>on https://example.com?q=cleveland <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

    3Kb GZipped! “_________” You searched for: cleveland

  31. 0 1 2 3 4 5 6 7 8 9

    1 2 3 4 5 6

  32. Interlude: PYTHONHASHSEED

  33. None

  34. /search? q=bananas& page=3& country=us& coupon=yay request.GET = { 'q': 'bananas',

    'page': 3, 'country': 'us', 'coupon': 'yay', }

  35. Lists vs. Dicts

  36. 2s -> 6506s

  37. hash(data) hash(rand, data)

  38. PEP 456 (2012) Secure and interchangeable hash algorithm (SipHash)

  39. None

  40. 0 1 2 … 2^64

  41. 0 1 2 … 2^64

  42. 0 1 2 … 2^64 print(memory[2])

  43. 0 1 2 … 2^64 print(memory[2]) print(memory[2])

  44. 0 1 2 10 … 2^64 print(memory[1])

  45. data = memory[1] if data % 2 == 0: message

    = memory[10] else: message = memory[11] print message ¯\_(ツ)_/¯ 0 1 2 2^64

  46. •Explain >ming a?acks •Timing a?acks in Python soBware •Side channel

    a?acks in general Thanks! Asheesh Laroia @asheeshlaroia Philip James @phildini
  47. None