posted on 2023-11-29, 18:25authored byMartin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael SchwarzMichael Schwarz, Daniel Gruss
Compression algorithms have side channels due to their data-dependent operations. So far only the compression-ratio side channel was exploited, e.g., the compressed data size. In this paper, we present Decomp+Time, the first memory compression attack exploiting a timing side channel in compression algorithms. While Decomp+Time affects a much broader set of applications than prior work, a key challenge is precisely crafting attacker-controlled compression payloads to enable the attack with sufficient resolution. We develop an evolutionary fuzzer, Comprezzor, to find effective Decomp+Time payloads that optimize latency differences and find payloads that are so effective that decompression timing can even be exploited in remote Decomp+Time attacks across the Internet. Decomp+Time has a capacity of 9.73 kB/s locally, and 10.72 bit/min across the internet (14 hops, > 700 miles). Using Comprezzor, we develop attacks that leak data byte-by-byte in four different case studies: First, we leak 1.50 bit/min from Memcached on a remote server running a PHP application. Second, we leak database records with 2.69 bit/min from PostgreSQL, managed by a Python-Flask application, over the internet. Third, we leak secrets with 49.14 bit/min locally from ZRAM-compressed pages on Linux. Fourth, we leak internal heap pointers from the V8 engine within the Google Chrome browser on a system using ZRAM. This highlights the importance of re-evaluating the use of compression on sensitive data even if the application is only reachable via a remote interface.
History
Preferred Citation
Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz and Daniel Gruss. Practical Timing Side-Channel Attacks on Memory Compression. In: IEEE Symposium on Security and Privacy (S&P). 2023.
Primary Research Area
Threat Detection and Defenses
Name of Conference
IEEE Symposium on Security and Privacy (S&P)
Legacy Posted Date
2022-11-30
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3886,
title = "Practical Timing Side-Channel Attacks on Memory Compression",
author = "Schwarzl, Martin and Borrello, Pietro and Saileshwar, Gururaj and Müller, Hanna and Schwarz, Michael and Gruss, Daniel",
booktitle="{IEEE Symposium on Security and Privacy (S&P)}",
year="2023",
}