Upgrade to Pro — share decks privately, control downloads, hide ads and more …

All in the Timing: Side-Channel Attacks in Python

Philip James
May 11, 2018
Programming
0
370

All in the Timing: Side-Channel Attacks in Python

Talk given at PyCon 2018

Philip James

May 11, 2018
Tweet

More Decks by Philip James

See All by Philip James
Frog and Toad Learn about Django Security - NBT6
phildini
0
19
The Elephant and the Serpent (PyLatam 2019)
phildini
0
42
Account Security for the Fashionable App Developer
phildini
1
59
All in the Timing: Side-Channel Attacks
phildini
0
48
Giving Thanks
phildini
0
39
API-Driven Django
phildini
1
320
Type uWSGI; Press Enter; What Happens?
phildini
0
93
Type uWSGI; Press Enter; What Happens?
phildini
1
73
Oops I Committed My Secret Key
phildini
0
370

Other Decks in Programming

See All in Programming
"config" ってなんだ? / What is "config"?
okashoi
0
240
Kotlin Multiplatform at Stable and Beyond (Android Makers 2024)
zsmb
0
250
Amazon SQSコンシューマー疎結合への旅 - 出張! #DevelopersIO IT技術ブログの中の人が語る勉強会 #3
quiver
0
270
What We Can Learn From OSS
inouehi
0
420
R言語の環境構築と基礎 Tokyo.R 112
bob3bob3
0
270
障害対応を起点としたもっといい開発と運用のサイクル作りのためにできること / Hatena Enginner Seminar #29
polamjag
0
170
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
670
FigmaとPHPで作る1ミリたりとも表示崩れしない最強の帳票印刷ソリューション
ttskch
43
19k
エンターテイメント業界で利用されるAWS
demuyan
0
210
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
330
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
210
Random\Randomizer クラスで日常のあれこれを解決しよう! / Random\Randomizer class solves familiar trouble
cocoeyes02
0
240

Featured

See All Featured
Building Adaptive Systems
keathley
31
1.9k
Embracing the Ebb and Flow
colly
80
4.1k
Agile that works and the tools we love
rasmusluckow
325
20k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
The Mythical Team-Month
searls
216
42k
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
GraphQLとの向き合い方2022年版
quramy
32
12k
Building Flexible Design Systems
yeseniaperezcruz
319
37k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Designing for humans not robots
tammielis
248
25k
Raft: Consensus for Rubyists
vanstee
132
6.3k
Making the Leap to Tech Lead
cromwellryan
124
8.5k

Transcript

  1. All in the Timing Asheesh Laroia & Philip James PyCon

    2018
  2. None

  3. •Explain >ming a?acks •Timing a?acks in Python soBware •Side channel

    a?acks in general

  4. https://example.com Username Password Submit

  5. 2,821,109,907,456 combinations = ~89 years p a s s w

    o r d _ _ _ _ _ _ _ _ 36 36 36 36 36 36 36 36

  6. https://example.com Username Password Submit

  7. m a s s w o r d p a

    s s 1 2 3 4 p a s s w o r d p a s s w o r d

  8. m a s s w o r d p a

    s s 1 2 3 4 p a s s w o r d p a s s w o r d

  9. m a s s w o r d p a

    s s 1 2 3 4 p a s s w o r d p a s s w o r d

  10. 144 tries 18 + 18 + 18 + 18 +

    18 + 18 + 18 + 18 = 144ms

  11. 0 1 2 3 4 5 6 7 8 9

    1 2 3 4 5 6

  12. In [1]: password = 'password' In [2]: %timeit 'massword'.encode('utf-8') ==

    password.encode('utf-8') 306 ns ± 3.65 ns per loop (…) In [3]: %timeit 'pass1234'.encode('utf-8') == password.encode('utf-8') 314 ns ± 4.5 ns per loop (…) In [4]: %timeit 'password'.encode('utf-8') == password.encode('utf-8') 325 ns ± 12.8 ns per loop (…) Data-dependent >me

  13. In [1]: from django.utils.crypto import constant_time_compare In [2]: %timeit constant_time_compare('massword',

    'password') 93.5 ms ± 426 µs per loop (...) In [3]: %timeit constant_time_compare('pass1234', 'password') 92.5 ms ± 550 µs per loop (...) In [4]: %timeit constant_time_compare('password', 'password') 93.3 ms ± 479 µs per loop (…) Constant >me

  14. VERIFICATION GENERATION

  15. HMAC/ KeyCzar

  16. def check(msg, maybe_sig): sig = hmac.Sign(msg) return sig == maybe_sig

  17. def check(msg, maybe_sig): sig = hmac.Sign(msg) return sig == maybe_sig

  18. if len(sig_bytes) != len(mac_bytes): return False result = 0 for

    x, y in zip(mac_bytes, sig_bytes): result |= ord(x) ^ ord(y) return result == 0 https://github.com/google/keyczar/blob/master/python/src/keyczar/keys.py#L582

  19. Timing A2acks Side-Channel A2acks

  20. GZip h?ps:/ /www.djangoproject.com/weblog/2013/aug/06/breach-and-django/

  21. Cross site request forgery protec>on

  22. Cross site request forgery protec>on http://example.com Username Password Submit

  23. Cross site request forgery protec>on http://example.com Username Password Submit <input

    type=”hidden” value=”abc123xyz” name=”csrf_token”>

  24. Cross site request forgery protec>on https://example.com Username Password Submit <input

    type=”hidden” value=”abc123xyz” name=”csrf_token”>

  25. Cross site request forgery protec>on https://example.com Username Password Submit 10Kb

    <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

  26. Cross site request forgery protec>on https://example.com Username Password Submit 3Kb

    GZipped! <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

  27. Cross site request forgery protec>on https://example.com 10Kb <input type=”hidden” value=”abc123xyz”

    name=”csrf_token”> </... </... </... </...

  28. Cross site request forgery protec>on https://example.com 3Kb GZipped! <input type=”hidden”

    value=”abc123xyz” name=”csrf_token”> </...

  29. Cross site request forgery protec>on https://example.com <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

    3Kb GZipped! “_________”

  30. Cross site request forgery protec>on https://example.com?q=cleveland <input type=”hidden” value=”abc123xyz” name=”csrf_token”>

    3Kb GZipped! “_________” You searched for: cleveland

  31. 0 1 2 3 4 5 6 7 8 9

    1 2 3 4 5 6

  32. Interlude: PYTHONHASHSEED

  33. None

  34. /search? q=bananas& page=3& country=us& coupon=yay request.GET = { 'q': 'bananas',

    'page': 3, 'country': 'us', 'coupon': 'yay', }

  35. Lists vs. Dicts

  36. 2s -> 6506s

  37. hash(data) hash(rand, data)

  38. PEP 456 (2012) Secure and interchangeable hash algorithm (SipHash)

  39. None

  40. 0 1 2 … 2^64

  41. 0 1 2 … 2^64

  42. 0 1 2 … 2^64 print(memory[2])

  43. 0 1 2 … 2^64 print(memory[2]) print(memory[2])

  44. 0 1 2 10 … 2^64 print(memory[1])

  45. data = memory[1] if data % 2 == 0: message

    = memory[10] else: message = memory[11] print message ¯\_(ツ)_/¯ 0 1 2 2^64

  46. •Explain >ming a?acks •Timing a?acks in Python soBware •Side channel

    a?acks in general Thanks! Asheesh Laroia @asheeshlaroia Philip James @phildini
  47. None