How does the new "time attack" work and what about protection?

A team of engineers showed a method to circumvent the jitter limitations of a classic attack. We will tell you what this approach looks like and what is opposed to it.





/ CC BY / chuttersnap

What is the essence of the classical method

Before moving on to the new version of "time attacks", let's make a small digression and talk about how they work in general. They are based on the assumption that in the course of analyzing the computation time for certain requests, one can get an idea of ​​the cryptosystem design, the type of processor and the algorithms used. Based on this data, an attacker can gradually recover the secret key information.



Several years ago, experts from Stanford University proved the possibility of cracking OpenSSL using a timing attack . However, it is quite difficult to implement itsince network jitter seriously affects the timing. But a team of engineers from Catholic University of Leuven in Belgium and New York University in Abu Dhabi have shown that this limitation can be circumvented.



At the USENIX conference, they demonstrated a new method of " timing attack " - a timeless timing attack , which does not depend on network parameters.

How the new approach works

The engineers suggested sending requests to the server not one after another, but simultaneously (in one package). You can do this either directly or using cross-site scripting ( page 5 ).

Fresh posts from our blog on Habré:

• Replacing TCP: a discussion of the QUIC protocol
• Most corporate networks can have traces of hackers and corresponding vulnerabilities
• MITM at the provider level: the European option

So, the error is introduced only by the parameters of the server responses, which reduces the effect of jitter in the network on the result. Thus, a hacker can estimate the running time of cryptographic algorithms with an accuracy of 100 nanoseconds - this is a hundred times less than that of a classic attack. The engineers tested the exploit they wrote with the HTTP / 2 and WPA3 protocols . In both cases, the timeless timing attack was successful.

How to protect yourself

The most obvious way is to implement a system in which all operations take the same amount of time. But it is practically impossible to do this in practice, as there will always be unforeseen deviations. Another option is to add random delays to all calculations. Such an approach would make measurements inaccurate and seriously complicate the hacker's task.





/ CC BY / Erik Mclean



Another option to protect against Timeless Timing Attack is to use the HTTP / 1.1 protocol, which does not support multiplexing. In this case, an attacker will not be able to send several requests required to carry out an attack in one packet.



Engineers from Belgium and Abu Dhabi do not present other methods that do not impose serious restrictions on the operation of networks. However, they plan to continue research in this direction.

What to read in our corporate blog:

• P2P Dat protocol - how it works and by whom
• DNS over HTTPS - security or difficulty in work
• 5 reasons why the transition to IPv6 has taken so long