CISPA
Browse

Practical Timing Side-Channel Attacks on Memory Compression

Download (420.74 kB)
conference contribution
posted on 2023-11-29, 18:25 authored by Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael SchwarzMichael Schwarz, Daniel Gruss
Compression algorithms have side channels due to their data-dependent operations. So far only the compression-ratio side channel was exploited, e.g., the compressed data size. In this paper, we present Decomp+Time, the first memory compression attack exploiting a timing side channel in compression algorithms. While Decomp+Time affects a much broader set of applications than prior work, a key challenge is precisely crafting attacker-controlled compression payloads to enable the attack with sufficient resolution. We develop an evolutionary fuzzer, Comprezzor, to find effective Decomp+Time payloads that optimize latency differences and find payloads that are so effective that decompression timing can even be exploited in remote Decomp+Time attacks across the Internet. Decomp+Time has a capacity of 9.73 kB/s locally, and 10.72 bit/min across the internet (14 hops, > 700 miles). Using Comprezzor, we develop attacks that leak data byte-by-byte in four different case studies: First, we leak 1.50 bit/min from Memcached on a remote server running a PHP application. Second, we leak database records with 2.69 bit/min from PostgreSQL, managed by a Python-Flask application, over the internet. Third, we leak secrets with 49.14 bit/min locally from ZRAM-compressed pages on Linux. Fourth, we leak internal heap pointers from the V8 engine within the Google Chrome browser on a system using ZRAM. This highlights the importance of re-evaluating the use of compression on sensitive data even if the application is only reachable via a remote interface.

History

Preferred Citation

Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz and Daniel Gruss. Practical Timing Side-Channel Attacks on Memory Compression. In: IEEE Symposium on Security and Privacy (S&P). 2023.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

IEEE Symposium on Security and Privacy (S&P)

Legacy Posted Date

2022-11-30

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3886, title = "Practical Timing Side-Channel Attacks on Memory Compression", author = "Schwarzl, Martin and Borrello, Pietro and Saileshwar, Gururaj and Müller, Hanna and Schwarz, Michael and Gruss, Daniel", booktitle="{IEEE Symposium on Security and Privacy (S&P)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC