For a group research study in an Information System’s security class, we decided to research timing attacks. Timing attacks are a type of side-channel attack where timing the execution of a process allows you to learn something about that process. Timing attacks can be used to find passwords, message digests, or other information quickly on vulnerable systems. Timing attacks have the potential to be a critical security risk when programmers do not prevent them.
bool compareString(string lhs, string rhs) {
for (int x = 0; x < lhs.length(); lhs++) {
if (lhs[x] != rhs[x])
return false;
}
}
return true;
}
This algorithm is vulnerable because as soon as the two strings do not match, false is returned. The difference between the time it takes to compare one character rather than two characters may seem small, but over enough samples it is detectable. Timing attacks exploit this implementation quickly and efficiently.
bool compareString(string lhs, string rhs) {
bool equal = true;
for (int x = 0; x < lhs.length(); lhs++) {
if (lhs[x] != rhs[x])
equal = false;
}
}
return equal;
}
This algorithm is much more safe against timing attacks. Even if a character is wrong, the method will not short circuit but continue to compare all characters. This algorithm makes a timing attack practically impossible.
Our research team, comprised of Joe Russell, Evrhet Milam, and Aaron Fisher studied timing attacks and made an algorithm that could perform timing attacks. We were able to successfully attack vulnerable algorithms with our algorithm. Our team also found that several timing attacks have been performed successfully in the wild, including a successful attack against Google Keyczar. If you are implementing a program, please make sure that it is not vulnerable to timing attacks. Timing attacks are possible and are becoming used more often by malicious attackers. If you would like to read our full research paper, you may read it here.
Recent Comments