Timeless Timing Attacks

The presentation discusses timeless timing attacks and their effectiveness in exploiting vulnerabilities in web applications.

• Timeless timing attacks exploit timing leaks in web applications to extract sensitive information
• These attacks can be performed remotely and are more effective than traditional timing attacks
• Direct timing attacks involve the attacker directly connecting to the target server, while cross-site timing attacks are launched when the victim lands on a malicious website
• An anecdote is given about a bug found in HackerOne that could be exploited using a cross-site timing attack

The presentation gives an example of a bug found in HackerOne that could be exploited using a cross-site timing attack. The bug allowed an attacker to use the search function to see if there were any results with a given search term, which would include information about private reports. This vulnerability was detected before using a regular timing attack, but it was not feasible to exploit. However, with timeless timing attacks, the timing leak was improved, and the vulnerability could be exploited.

25 years ago, the first timing attacks against well-known cryptosystems such as RSA and Diffie-Hellman were introduced. By carefully measuring the execution time of crypto operations, an attacker could infer the bits of the secret. Ever since, timing attacks have frequently resurfaced, leading to many vulnerabilities in various applications and cryptosystems that do not have constant-time execution. As networks became more stable and low-latency, it soon became possible to perform these timing attacks over an Internet connection, potentially putting millions of devices at risk. However, attackers still face the challenge of overcoming the jitter that is incurred on the network path, as it obfuscates the real timing values. Up until now, an adversary would have to collect thousands or millions of measurements to infer a single bit of information.In this presentation, we introduce a conceptually novel way of performing timing attacks that is completely resilient to network jitter. This means that remote timing attacks can now be executed with a performance and accuracy that is similar as if the attack was performed on the local system. With this technique, which leverages coalescing of network packets and request multiplexing, it is possible to detect timing differences as small as 100ns over any Internet connection. We will elaborate on how this technique can be launched against HTTP/2 webservers, Tor onion services, and EAP-pwd, a popular Wi-Fi authentication method.