Practical Timing Side-Channel Attacks on Memory Compression

Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz, Daniel Gruss

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Compression algorithms have side channels due to their data-dependent operations.
So far, only the compressionratio side channel was exploited, e.g., the compressed data size.

In this paper, we present Decomp+Time, the first memory compression attack exploiting a timing side channel in compression algorithms.
While Decomp+Time affects a much broader set of applications than prior work.
A key challenge is precisely crafting attacker-controlled compression payloads to enable the attack with sufficient resolution.
Our evolutionary fuzzer, Comprezzor, finds effective Decomp+Time payloads that optimize latency differences such that decompression timing can even be exploited in remote attacks.
Decomp+Time has a capacity of 9.73 kB/s locally, and 10.72 bit/min across the internet (14 hops).
Using Comprezzor, we develop attacks that leak data bytewise in four different case studies:
First, we leak 1.50 bit/min from Memcached on a remote PHP script.
Second, we leak database records with 2.69 bit/min, from PostgreSQL in a Python-Flask application, over the internet.
Third, we leak secrets with 49.14 bit/min locally from ZRAM-compressed pages on Linux.
Fourth, we leak internal heap pointers from the V8 engine within the Google Chrome browser on a system using ZRAM.
Thus, it is important to re-evaluate the use of compression on sensitive data even if the application is only reachable via a remote interface.
Original languageEnglish
Title of host publication43th IEEE Symposium on Security and Privacay: IEEE S&P 2023
Pages1186-1203
DOIs
Publication statusPublished - 2023
Event43th IEEE Symposium on Security and Privacay: IEEE S&P 2023 - San Francisco, United States
Duration: 22 May 202324 May 2023

Conference

Conference43th IEEE Symposium on Security and Privacay
Abbreviated titleIEEE S&P 2023
Country/TerritoryUnited States
CitySan Francisco
Period22/05/2324/05/23

Fingerprint

Dive into the research topics of 'Practical Timing Side-Channel Attacks on Memory Compression'. Together they form a unique fingerprint.

Cite this