←back to thread

Listen to the whispers: web timing attacks that work

(portswigger.net)
176 points saikatsg | 2 comments | 21 Nov 24 18:08 UTC | HN request time: 0.422s | source
Show context
miki123211 ◴[21 Nov 24 20:08 UTC] No.42208092[source]
Timing attacks are such a pernicious idea.

You look at the code and see that there's an auth check in place, you test the code to verify that the auth check has no bugs, you make sure that information is never shared with people who don't have authorization to access it, and yet it turns out it can be accessed as if there was no auth check at all.

To make matters worse, everything can be fine for some time, and then some clever optimization in the CPU, the compiler, cache layer or the database engine introduces a completely unexpected side channel.

replies(2): >>42208294 #>>42214191 #
GoToRO ◴[21 Nov 24 20:29 UTC] No.42208294[source]
would adding random delays prevent this?
replies(5): >>42208493 #>>42208931 #>>42208951 #>>42208997 #>>42209530 #
pwagland ◴[21 Nov 24 22:53 UTC] No.42209530[source]
No, it only makes it take longer to get the underlying secret.

Timing attacks are already dealing with "noisy" data, task scheduling et al, so they all boil down to some level of statistical analysis on the response times. Adding noise to that slows you down, but the underlying bias on the timings is still there.

replies(2): >>42211601 #>>42212364 #
GoblinSlayer ◴[22 Nov 24 09:22 UTC] No.42212364[source]
So you need to compute this statistics and add just the right delay to even out the bias.
replies(1): >>42212411 #
saagarjha ◴[22 Nov 24 09:33 UTC] No.42212411[source]
At that point you’ve implemented a constant-time algorithm.
replies(2): >>42213531 #>>42214443 #
1. Alex-Programs ◴[22 Nov 24 13:08 UTC] No.42213531[source]
It works quite well in practice though. I wonder if you could make an ergonomic library for it.

Just add a macro to a function and it'll keep track of how long past executions took to execute and add artificial delays to ensure all subsequent executions are at least that long. If they're longer, extend the minimum time by 2x.

Perhaps apply an AIMD algorithm to it? Though there's still room for exploitation there, it'd just take a lot longer to find. Just letting the programmer specify the minimum time might be better in practice.

replies(1): >>42217803 #
2. endofreach ◴[22 Nov 24 22:16 UTC] No.42217803[source]
Good luck explaining CEO / PM you need slower response times.