New hacking technique overcomes 'network jitter' problem that can affect the success of side-channel attacks
A new technique developed by researchers at the University of Leuven (Belgium) and New York University in Abu Dhabi showed that attackers can use the features of network protocols to leak confidential information.
This technique is called , demonstrated at this year's Usenix conference, takes advantage of how network protocols handle concurrent requests to solve one of the problems of remote side-channel timing attacks.
Problems of remote timing attacks
Timing attacks measure differences in the execution time of different commands in an attempt to bypass the protection provided by encryption and obtain data on sensitive information, such as encryption keys, private conversations, and user behavior when surfing the web.
But for timing attacks to be successful, an attacker needs to know exactly how long it takes the attacked application to process a request.
This becomes a problem when attacking remote systems such as web servers because network latency (jitter) causes response time to scatter, making it difficult to calculate processing time.
During remote timing attacks, attackers typically send each command multiple times and perform a statistical analysis of the response time to reduce the impact of network jitter. But this method is only useful to a certain extent.
“The smaller the time difference, the more requests are required, and at a certain stage the calculation becomes impossible,” Tom Van Goetem, a researcher in data protection systems and the main author of an article on a new type of attack, tells us.
"Timeless" time attack
The technique developed by Goetem and his colleagues performs remote timing attacks in such a way that they negate the influence of network jitter.
The principle behind the timeless timing attack is simple: you need to make sure that requests hit the server at exactly the same time, and not transmitted sequentially.
Simultaneity ensures that all requests are under the same network conditions and that their processing is not affected by the path between the attacker and the server. The order in which the responses are received will give the attacker all the information they need to compare execution times.
“The main benefit of timeless timing attacks is that they are much more precise, so fewer queries are required. This allows an attacker to recognize runtime differences down to 100ns,” Van Goetem says.
The minimum time difference observed by researchers during a traditional Internet time attack was 10 µs, i.e. 100 times greater than during a simultaneous request attack.
How is simultaneity ensured?
“We achieve concurrency by putting both requests in the same network packet,” Van Goetem explains. "In practice, the implementation mostly depends on the network protocol."
To send simultaneous requests, researchers use the capabilities of different network protocols.
For example, HTTP/2, which is rapidly becoming the de facto standard for web servers, supports "request multiplexing," a feature that allows a client to send multiple requests in parallel over a single TCP connection.
"In the case of HTTP/2, we just need to make sure that both requests are put in the same packet (for example, by writing both to the socket at the same time)." However, this technique has its own subtleties. For example, in most content delivery networks such as Cloudflare, which provides content for most of the web, the connection between the edge servers and the site is over HTTP/1.1, which does not support request multiplexing.
Although this reduces the effectiveness of timeless attacks, they are still more accurate than classic remote timing attacks because they eliminate jitter between the attacking and edge CDN server.
In the case of protocols that do not support request multiplexing, attackers can use an intermediate network protocol that encapsulates the requests.
Researchers have shown how a timeless timing attack works on the Tor network. In this case, the attacker encapsulates multiple requests in a Tor cell, an encrypted packet transmitted between the nodes of the Tor network in single TCP packets.
“Because the Tor chain for onion services goes all the way to the server, we can guarantee that requests will arrive at the same time,” Van Goetem says.
Timeless attacks in practice
In their paper, the researchers studied timeless attacks in three different situations.
RџSЂRё direct time attacks the attacker connects directly to the server and tries to leak secret information related to the application.
“Because most web applications do not take into account that timing attacks can be very practical and precise, we believe that many websites are vulnerable to such attacks,” says Van Goeten.
RџSЂRё time-based cross-site attacks the attacker makes requests to other websites from the victim's browser and makes guesses about the content of sensitive information by observing the sequence of responses.
The attackers used this scheme to exploit a vulnerability in the HackerOne bug bounty program and extracted information such as keywords used in confidential reports of unpatched vulnerabilities.
“I was looking for cases where a timing attack had previously been reported but was not considered effective. The HackerOne bug has already been reported at least three times (bug IDs: , и ), but it was not removed because it was believed that this attack could not be used. Then I created a simple internal research project with timeless time attacks.
At the time, it was still very unoptimized because we kept going into the details of the attack, but it turned out to be pretty accurate nonetheless (I was able to get very accurate results on my home WiFi connection).”
The researchers also tried to timeless attacks on WPA3 WiFi protocol.
One of the co-authors of the article, Mati Vanhof, had previously discovered . But the timing was either too short to be used on high-end devices, or it couldn't be used against servers.
“Using a new kind of timeless timing attack, we have demonstrated that it is actually possible to use authentication handshake (EAP-pwd) against servers, even if they are running powerful hardware,” Van Goetem explains.
perfect moment
In their article, the researchers provided recommendations for protecting servers from timeless attacks, such as limiting the execution to a constant time and adding a random delay. Further research is required to implement practical defenses against direct timing attacks that have little impact on network performance.
“We believe this area of research is in a very early stage of development and needs to be explored much more in depth,” Van Goetem says.
Future research will explore other techniques that attackers could use to perform simultaneous timing attacks, other protocols and intermediate network layers that can be attacked, and assess the vulnerability of popular websites that allow such research under the terms of the program. search for bugs.
The name "timeless" was chosen "because we didn't use any (absolute) time information in these attacks," Van Goetem explains.
“Also, they can be considered ‘timeless’ because (remote) timing attacks have been used for a long time, and, judging by our research, the situation will only get worse.”
The full text of the report from Usenix is located .
As advertising
with DDoS protection and the latest hardware. All this is about our epic servers. The maximum configuration is 128 CPU cores, 512 GB RAM, 4000 GB NVMe.
Source: habr.com