Abstract
Compression algorithms have side channels due to their data-dependent operations.
So far, only the compressionratio side channel was exploited, e.g., the compressed data size.
In this paper, we present Decomp+Time, the first memory compression attack exploiting a timing side channel in compression algorithms.
While Decomp+Time affects a much broader set of applications than prior work.
A key challenge is precisely crafting attacker-controlled compression payloads to enable the attack with sufficient resolution.
Our evolutionary fuzzer, Comprezzor, finds effective Decomp+Time payloads that optimize latency differences such that decompression timing can even be exploited in remote attacks.
Decomp+Time has a capacity of 9.73 kB/s locally, and 10.72 bit/min across the internet (14 hops).
Using Comprezzor, we develop attacks that leak data bytewise in four different case studies:
First, we leak 1.50 bit/min from Memcached on a remote PHP script.
Second, we leak database records with 2.69 bit/min, from PostgreSQL in a Python-Flask application, over the internet.
Third, we leak secrets with 49.14 bit/min locally from ZRAM-compressed pages on Linux.
Fourth, we leak internal heap pointers from the V8 engine within the Google Chrome browser on a system using ZRAM.
Thus, it is important to re-evaluate the use of compression on sensitive data even if the application is only reachable via a remote interface.
So far, only the compressionratio side channel was exploited, e.g., the compressed data size.
In this paper, we present Decomp+Time, the first memory compression attack exploiting a timing side channel in compression algorithms.
While Decomp+Time affects a much broader set of applications than prior work.
A key challenge is precisely crafting attacker-controlled compression payloads to enable the attack with sufficient resolution.
Our evolutionary fuzzer, Comprezzor, finds effective Decomp+Time payloads that optimize latency differences such that decompression timing can even be exploited in remote attacks.
Decomp+Time has a capacity of 9.73 kB/s locally, and 10.72 bit/min across the internet (14 hops).
Using Comprezzor, we develop attacks that leak data bytewise in four different case studies:
First, we leak 1.50 bit/min from Memcached on a remote PHP script.
Second, we leak database records with 2.69 bit/min, from PostgreSQL in a Python-Flask application, over the internet.
Third, we leak secrets with 49.14 bit/min locally from ZRAM-compressed pages on Linux.
Fourth, we leak internal heap pointers from the V8 engine within the Google Chrome browser on a system using ZRAM.
Thus, it is important to re-evaluate the use of compression on sensitive data even if the application is only reachable via a remote interface.
| Original language | English |
|---|---|
| Title of host publication | 43th IEEE Symposium on Security and Privacay: IEEE S&P 2023 |
| Pages | 1186-1203 |
| DOIs | |
| Publication status | Published - 2023 |
| Event | 43th IEEE Symposium on Security and Privacay: IEEE S&P 2023 - San Francisco, United States Duration: 22 May 2023 → 24 May 2023 |
Conference
| Conference | 43th IEEE Symposium on Security and Privacay |
|---|---|
| Abbreviated title | IEEE S&P 2023 |
| Country/Territory | United States |
| City | San Francisco |
| Period | 22/05/23 → 24/05/23 |