/ CC BY / chuttersnap
What is the essence of the classical method
Before moving on to the new version of "time attacks", let's make a small digression and talk about how they work in general. They are based on the assumption that in the course of analyzing the computation time for certain requests, one can get an idea of ββthe cryptosystem design, the type of processor and the algorithms used. Based on this data, an attacker can gradually recover the secret key information.
Several years ago, experts from Stanford University proved the possibility of cracking OpenSSL using a timing attack . However, it is quite difficult to implement itsince network jitter seriously affects the timing. But a team of engineers from Catholic University of Leuven in Belgium and New York University in Abu Dhabi have shown that this limitation can be circumvented.
At the USENIX conference, they demonstrated a new method of " timing attack " - a timeless timing attack , which does not depend on network parameters.
How the new approach works
The engineers suggested sending requests to the server not one after another, but simultaneously (in one package). You can do this either directly or using cross-site scripting ( page 5 ).
Fresh posts from our blog on HabrΓ©:
So, the error is introduced only by the parameters of the server responses, which reduces the effect of jitter in the network on the result. Thus, a hacker can estimate the running time of cryptographic algorithms with an accuracy of 100 nanoseconds - this is a hundred times less than that of a classic attack. The engineers tested the exploit they wrote with the HTTP / 2 and WPA3 protocols . In both cases, the timeless timing attack was successful.
How to protect yourself
The most obvious way is to implement a system in which all operations take the same amount of time. But it is practically impossible to do this in practice, as there will always be unforeseen deviations. Another option is to add random delays to all calculations. Such an approach would make measurements inaccurate and seriously complicate the hacker's task.
/ CC BY / Erik Mclean
Another option to protect against Timeless Timing Attack is to use the HTTP / 1.1 protocol, which does not support multiplexing. In this case, an attacker will not be able to send several requests required to carry out an attack in one packet.
Engineers from Belgium and Abu Dhabi do not present other methods that do not impose serious restrictions on the operation of networks. However, they plan to continue research in this direction.
What to read in our corporate blog: