Nzira itsva yekubira inokunda dambudziko re "network jitter", iyo inogona kukanganisa kubudirira kwekurwiswa kwepadivi-chiteshi.
Nzira itsva yakagadziridzwa nevatsvakurudzi veYunivhesiti yeLeuven (Belgium) neNew York University muAbu Dhabi yakaratidza kuti vanorwisa vanogona kushandisa maitiro emitemo yetiweki kuburitsa ruzivo rwakavanzika.
Nzira iyi inonzi , yakaratidzwa pamusangano weUsenix wegore rino, inoshandisa nzira yetiweki protocol kubata zvikumbiro panguva imwe chete kugadzirisa rimwe rematambudziko ekure kure-based side-channel kurwisa.
Matambudziko nekurwiswa nenguva iri kure
Mukurwisa-kwakavakirwa-nguva, vanorwisa vanoyera misiyano munguva yekuuraya yemirairo yakasiyana mukuyedza kunzvenga encryption dziviriro uye kuwana data paruzivo rwakadzama, senge encryption kiyi, kutaurirana kwepachivande, uye mushandisi kusevha maitiro.
Asi kuti ubudirire kuita nguva-yakavakirwa kurwiswa, anorwisa anoda chaiyo ruzivo rwenguva inotora chikumbiro chiri kurwiswa kugadzirisa chikumbiro.
Iri rinova dambudziko kana uchirwisa masisitimu ari kure senge sevhavha yewebhu, nekuti network latency (jitter) inokonzeresa nguva dzekupindura dzakasiyana, zvichiita kuti zviome kuverenga nguva dzekugadzirisa.
Mukurwiswa kwenguva kure, vanorwisa vanowanzotumira murairo wega wega kakawanda uye vanoongorora nhamba dzenguva dzekupindura kuderedza kukanganiswa kwenetiweki jitter. Asi nzira iyi inobatsira chete kusvika pamwero wakati.
"Iyo diki mutsauko wenguva, mibvunzo yakawanda inodiwa, uye pane imwe nguva kuverenga kunenge kusingabviri," Tom Van Goethem, muongorori wekuchengetedza data uye munyori anotungamira webepa parudzi rutsva rwekurwisa, anotiudza.
"Timeless" nguva yekurwisa
Iyo tekinoroji yakagadziridzwa naGoethem nevamwe vake vanoita kurwisa kure nenzira yakarongeka inosiya kukanganisa kwe network jitter.
Nheyo yekuseri kwekurwiswa kwenguva isina nguva iri nyore: iwe unofanirwa kuve nechokwadi chekuti zvikumbiro zvinosvika kune sevha panguva imwe chete, pane kuendeswa sequentially.
Concurrency inova nechokwadi chekuti zvikumbiro zvese zviri pasi pemamiriro etiweki akafanana uye kuti kugadzirisa kwavo hakukanganiswe negwara riri pakati peanorwisa neseva. Kurongeka uko mhinduro dzinogamuchirwa ichapa anorwisa ruzivo rwese rwunodiwa kuenzanisa nguva dzekuurayiwa.
"Mukana mukuru wekurwiswa kusingagumi nderekuti iwo akanyatsojeka, saka mibvunzo mishoma inodiwa. Izvi zvinobvumira munhu anorwisa kuti aone misiyano yenguva yekuuraya kusvika ku100 ns, "anodaro Van Goethem.
Iyo yakaderera nguva mutsauko vaongorori vakaonekwa mune yechinyakare Internet nguva yekurwiswa yaive 10 mamicroseconds, ayo ari 100 nguva huru pane panguva imwe chete yekukumbira kurwisa.
Kufanana kunowanikwa sei?
"Isu tinoona nguva imwe chete nekuisa zvikumbiro zvese mune imwe network packet," anotsanangura kudaro Van Goethem. "Mukuita, kuita kunonyanya kuenderana netiweki protocol."
Kutumira zvikumbiro panguva imwe chete, vaongorori vanoshandisa kugona kweakasiyana network protocol.
Semuyenzaniso, HTTP/2, iyo iri kukurumidza kuita de facto chiyero chewebhu maseva, inotsigira "chikumbiro kuwanda," chimiro chinobvumira mutengi kutumira zvikumbiro zvakawanda mukuwirirana pane imwechete TCP kubatana.
"Panyaya yeHTTP/2, isu tinongoda kuve nechokwadi chekuti zvese zvikumbiro zvakaiswa mupaketi imwechete (semuenzaniso, nekunyora zvese kune socket panguva imwe chete)." Zvisinei, nzira iyi ine hunyengeri hwayo. Semuyenzaniso, mune dzakawanda zvemukati zvekutumira network senge Cloudflare, iyo inopa zvirimo kune yakawanda yewebhu, hukama pakati pemaseva ekumucheto uye saiti inoitwa uchishandisa HTTP/1.1 protocol, isingatsigire kukumbira kuwanda.
Kunyange izvi zvichideredza kushanda kwekurwiswa kusingagumi, ivo vachiri kwakaringana kupfuura kurwiswa kwekare kure nguva nekuti vanobvisa jitter pakati peanorwisa uye kumucheto CDN server.
Kune maprotocol asingatsigire kukumbira kuwanda, vanorwisa vanogona kushandisa yepakati network protocol inovhara zvikumbiro.
Vatsvagiri vakaratidza kuti kurwiswa kwenguva kusingagumi kunoshanda sei paTor network. Muchiitiko ichi, anorwisa anovhara zvikumbiro zvakawanda muTor cell, pakiti yakavharidzirwa inopfuudzwa pakati peTor network node mumapaketi eTCP imwechete.
"Nemhaka yekuti Tor chain yeonion masevhisi inoenda kuseva, tinogona kuvimbisa kuti zvikumbiro zvinosvika panguva imwe chete," anodaro Van Goethem.
Kurwiswa kusingagumi mukuita
Mune bepa ravo, vaongorori vakadzidza kurwiswa kusingagumi mumamiriro matatu akasiyana.
pa kurwisa nguva yakananga anorwisa anobatanidza zvakananga kune sevha uye anoedza kuburitsa ruzivo rwakavanzika rwune chekuita nekushandisa.
"Nemhaka yekuti mawebhusaiti mazhinji haafungi kuti nguva yekurwiswa inogona kuve inoshanda uye yakanyatsojeka, isu tinotenda kuti mawebhusaiti mazhinji ari panjodzi yekurwiswa kwakadaro," anodaro Van Goeten.
pa cross-saiti nguva kurwisa Anorwisa anoita zvikumbiro kune mamwe mawebhusaiti kubva kubrowser yemunhu akabatwa uye anoita fungidziro nezvezvirimo zveruzivo rwakadzama nekutarisa kutevedzana kwemhinduro.
Varwi vakashandisa chirongwa ichi kushandisa kusazvibata muHackerOne bug bounty chirongwa uye vakaburitsa ruzivo senge mazwi akakosha anoshandiswa mumishumo yakavanzika yekusagadzikana isina kunyorwa.
"Ini ndaitsvaga nyaya dzekuti kurwiswa kwenguva kwakambonyorwa asi hakuna kunzi kunoshanda. Iyo HackerOne bug yakatotaurwa kanokwana katatu (bug IDs: , ΠΈ ), asi haina kubviswa nekuti kurwiswa kwacho kwainzi kusingagoneki. Saka ndakagadzira purojekiti yakapfava yemukati nekurwiswa kwenguva isingachinji.
Yakanga ichiri isina kunyatsogadziriswa panguva iyoyo sezvataienderera mberi nekuongorora nezve kurwiswa, asi zvaive zvichiri chaizvo (ndakakwanisa kuwana mhinduro chaidzo pane yangu yeWiFi yekumba).
Vatsvakurudzi vakaedzawo Kurwiswa kusingagumi kweWPA3 WiFi protocol.
Mumwe wevanyori vanyori vechinyorwa, Mati Vanhof, akanga amboona . Asi nguva yacho ingave ipfupi kuti ishandiswe pamidziyo yepamusoro-yekupedzisira kana kuti yaisakwanisa kushandiswa kurwisa maseva.
"Tichishandisa rudzi rutsva rwekurwiswa kusingagumi, takaratidza kuti zvinogoneka kushandisa chokwadi chekubata ruoko (EAP-pwd) kurwisa maseva, kunyangwe iwo anomhanyisa hardware ine simba," Van Goethem anotsanangura.
Nguva yakakwana
Mune bepa ravo, vaongorori vakapa kurudziro yekudzivirira maseva kubva mukurwiswa kusingagumi, sekudzikamisa kuuraya kune imwe nguva uye kuwedzera kunonoka. Kumwe kutsvagurudza kunodiwa kuti uise dziviriro inoshanda kubva kune yakananga nguva yekurwiswa iyo ine zvishoma zvinokanganisa mashandiro etiweki.
"Tinotenda kuti nzvimbo iyi yetsvagurudzo iri padanho rekutanga rebudiriro uye inoda kudzidza kwakadzama," anodaro Van Goethem.
Tsvagiridzo yeramangwana inogona kuongorora dzimwe nzira dzingashandiswa nevanorwisa kuita nguva imwe chete-yakavakirwa kurwisa, mamwe maprotocol uye yepakati network layer inogona kurwiswa, uye kuongorora kusazvibata kwemawebhusaiti ane mukurumbira anobvumira kutsvagisa kwakadaro pasi pezvirongwa zvechirongwa. .
Zita rokuti "risina nguva" rakasarudzwa "nokuti hatina kushandisa chero (mhedziso) ruzivo rwenguva mukurwiswa uku," Van Goethem anotsanangura.
"Uyezve, vanogona kunzi 'vasina nguva' nekuti (kure) kurwiswa kwenguva kwakashandiswa kwenguva yakareba, uye, tichifunga nekutsvaga kwedu, mamiriro acho anotowedzera."
Iyo yakazara chinyorwa cheshumo kubva kuUsenix chiripo .
Pamusoro pekodzero dzekutsvaga
nedziviriro kubva kuDDoS kurwiswa uye yazvino hardware. Zvese izvi ndezvedu epic servers. Maximum configuration - 128 CPU cores, 512 GB RAM, 4000 GB NVMe.
Source: www.habr.com