(no)sql timing attacks for data retrieval

(no)SQL timing attacksPHDays IV, Moscow, 22/05/14

research

Timing attacks basics

time to execution ofFunction(UserData,PrivateData)depends from UserData and PrivateData

this time can be use to determine PrivateData by UserData

What isFunction(UserData,PrivateData)?

Basically - SELECT, but not only

no(SQL) timing attacks

Timing attacks intro

execution time of search operation depends on:● search string● data on which searches for

attack concept is determine data by timings on different search strings

Timing attacks intro

execution time of search operation depends on:● search string● data on which searches for

attack concept is determine data by timings on different search strings

● BH-USA-07 “Timing Attacks for Recovering Private Entries From Database Engines”

● Attacking page split on update operation

https://www.blackhat.com/presentations/bh-usa-07/Waissbein_Futoransky_and_Saura/Whitepaper/bh-usa-07-waissbein_futoransky_and_saura-WP.pdf

Related work

● Indexed data (CREATE INDEX …)● Non-indexed data (exhaustive search)

+ cache mechanism

SQL search basics

● Cache does not prevent

timing attacks

● Cache remove disk

operations noises

Non-indexed data

● Really rare● Full list iterations● Strings comparation

Data indexing mechanism● Hash● B-Tree (not binary tree) variations● GiST variations (GIN/GiST/SP-GIST)

+ cache mechanism

SQL search basics

Database INDEX algo Hash type Cache

MySQL B-Tree (all storage angines)/HASH (only for memory/heap and NDB)

Fowler/Noll/Vo hash

+

Postgres B-Tree/GiST/GIN and SP-GiST (9.2+), HASH

? +

SQLite B+-Tree - +

SQL databases index overview

Database INDEX algo Hash type Cache

memcache HASH Jenkins/murmur3 Really? )

redis HASH murmur2->SipHash -

mongodb HASH murmur3 +

noSQL databases index overview

Hash performance

http://blog.teamleadnet.com/2012/08/murmurhash3-ultra-fast-hash-algorithm.html

● Cache does not prevent

timing attacks

● Cache remove disk

operations noises

To cache or not to cache

● Data from disk to memory

● Memory size can not afford to

store all data

● Attacker can do cache

warmup anytime

Cache warmup

Cache warmup● Attacker can do cache

warmup anytime

Hash table reconstructions● What we measured

Hash table reconstructions● What we expected

Hash table reconstructions● What we measured

N 2N

Hash table reconstructions● 0x01020304

○ SESSION1

○ SESSION2

○ SESSION3

○ SESSION4

○ SESSION5

PoC● Simple tool that can demonstrate timing

anomaly● Just PoC, not a framework● Framework soon ;)

https://github.com/wallarm/researches/blob/master/no-and-sqli-timing/timing.c

Real case from a wild● Session entropy reduction● Formatted logins checks (user-<N>)● Passwords hash reduction. Fill the difference:

○ SELECT id,role,password FROM users WHERE login=...○ SELECT id,role FROM users WHERE login=... AND

password=...● ...

The endContacts:

@wallarm, @d0znpp

http://github.com/wallarm

research