Details

About the talk

Remote timing attacks have been often researched in the past. They have been applied to breaking cryptographic algorithms, inferring web server secrets and even in recent cache timing attacks.

Research has shown the feasibility of inferring time differences down to 1us in remote scenarios and down to 100ns in LAN environments. Although very small, such timescales do not allow for remote inference of instruction-level decisions on fast CPUs from network response times only. Not, at least, within practical timeframes and with a manageable number of requests. For instance, remote password guessing of memcmp() comparisons on fast remote servers, is still regarded mostly impractical with network-access only. On the other hand, timing attacks remain largely feasible and applicable at larger timescales (i.e. SQL injections).

Nonetheless, the opportunities provided by IoT devices, where fast Internet connections may meet slower CPUs, are still mostly unexplored. In this talk we adventure into such rarely visited boundaries showing that attacks otherwise considered infeasible for PCs, may remain fully applicable to IoT devices.

During the talk, we provide an overview of state-of-the art research on remote timing attacks, methodically discussing techniques for measurement, acquisition and analysis. We discuss the challenges of robustly inferring real-world arbitrary passwords from byte-level distinguishers. A sometimes underestimated aspect of real-world timing attacks. We also provide a snapshot of our research (current stage named “OverTime”), where several time-sources are discussed in light of attack effectiveness, by means of experimentally collected data.

Finally, we demonstrate how current results and state-of-the art techniques already allow for practical attacks against some IoT platforms. We demonstrate a fully automated attack against a password comparison on a commonly available IoT platform, where a 8-digit pin, checked in a few CPU instructions, is remotely extracted within minutes.

This talk shows that timing attacks may be applicable wherever (time-leaking) security features are implemented on existing network-connected devices with slower clocks. This may be the case for ICS devices and critical infrastructures environments.

Further stages of the ongoing research are expected to improve precision, analysis robustness and extend applicable use cases.

Cristofaro Mune
  • Facebook
  • Twitter
  • Hacker News
  • Gmail
  • LinkedIn

Cristofaro Mune

Product Security Consultant

Cristofaro Mune is a Product Security consultant, providing support for the design and development of secure products. He also performs device-level security testing with advanced SW and HW techniques. He has more than 17 years of experience in (SW & HW) security assessment of highly secure products, as well as several years in TEE security evaluation and testing. He has also contributed to the development of TEE security evaluation methodologies and has been a member of TEE security industry groups. Research on Fault Injection, TEE security, White-Box cryptography, IoT exploitation, and Mobile Security has been presented at renowned international conferences and in academic papers.