Solved

What is a timing leak? (in plain english)

Posted on 2016-09-28
7
44 Views
Last Modified: 2016-09-28
Even though I am new to programming, I want to try do things as securely as possible as I learn to do basic things. I am getting to cookie security and came across a really great security website. Some of it is over my head though such as preventing timing leaks. The first part seems simple enough which is to generate a unique token when users check the “remember me” checkbox.
function generateToken($length = 20)
{
    return bin2hex(random_bytes($length));
}

Open in new window


I don’t want to post the entire article here unless that is okay with everyone (please let me know if I can) otherwise here is a link to the article.
They basically say, “Even if you're using a cryptographically secure random number generator, but your cookie looks like rememberme=WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn and you're storing these tokens in a database table that looks like this:

CREATE TABLE `auth_tokens` ( `id` integer(11) not null UNSIGNED AUTO_INCREMENT, `token` char(33), `userid` integer(11) not null UNSIGNED, `expires` integer(11), -- or datetime PRIMARY KEY (`id`) );
(And a look-up query might look something like this...)
SELECT * FROM auth_tokens WHERE token = 'WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn';

Open in new window


Watch out, an esoteric and nontrivial attack still exists."

Then it goes on about timing leaks.
If anyone would be prepared to take the time to explain this in plain English I would be really grateful. I really want to implement this but want to know what I am doing and why I am doing it.

https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
0
Comment
Question by:Black Sulfur
  • 4
  • 2
7 Comments
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 250 total points
ID: 41819494
I think it's suggesting an attacker could keep trying different tokens and measure the response time in order to build a valid token.

I suppose it may even take 100 or 1000 or more requests using one particular token to get an accurate response time, but if there's no throttling or limiting of number of attempts then it can be tried.

Each time a token response time is recorded accurately, another token (one character different) could be submitted, and the response time compared. If the response is longer, then that might be because the first character of the token was correct, and the database took longer to figure out that the remainder of the token wasn't correct. Keep doing this, and a valid token may be able to be constructed without having to try every single possible combination of characters.

Does that make sense?

This kind of attack could probably be defeated by limiting the number of attempts from any given IP address, delaying the response etc.
0
 
LVL 52

Accepted Solution

by:
Julian Hansen earned 250 total points
ID: 41819522
The attack uses the fact that comparison techniques tend to be time efficient in that as soon as they encounter an incorrect match the comparison terminates.
Comparing say
abc and adc

Will take quicker than
abc and abd

Simply because in the second instance there are two consecutive correct matches whereas in the first the process terminates after the first - making it run in approximately half the time.

By trial and error one can guess the target string by measuring the time.

The solution is to use functions that take constant time - in other words the check takes the same amount of time irrespective of incorrect matches
so comparing afd to abc will take the same amount of time to complete as comparing abc to abc.
By making functions constant time the potential for timing attacks is diminished.
0
 
LVL 52

Expert Comment

by:Julian Hansen
ID: 41819525
Another solution (which can be used in parallel or separately) is to use a time limit on requests - only a certain number of requests can be made within a specific time period - this limits the hacker by slowing down the process enough that a brute force attack takes exponentially longer - on probability beyond the lifespan of the session.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Black Sulfur
ID: 41819529
Thanks so much. It is starting to make sense. I just still don't understand the prevention method using the database?

"Our proposed strategy deviates from the above simple token-based automatic login system in one crucial way: Instead of only storing a random token in a cookie, we store selector:validator.

selector is a unique ID to facilitate database look-ups, while preventing the unavoidable timing information from impacting security. (This is preferable to simply using the database id field, which leaks the number of active users on the application.)"

CREATE TABLE `auth_tokens` (
    `id` integer(11) not null UNSIGNED AUTO_INCREMENT,
    `selector` char(12),
    `token` char(64),
    `userid` integer(11) not null UNSIGNED,
    `expires` datetime,
    PRIMARY KEY (`id`)
);

Open in new window


On the database side of things, the validator is not stored wholesale; instead, the SHA-256 hash of validator is stored in the database, while the plaintext is stored (with the selector) in the user's cookie. With this fail-safe in place, if somehow the auth_tokens table is leaked, immediate widespread user impersonation is prevented.

The automatic login algorithm looks something like:

Separate selector from validator.
Grab the row in auth_tokens for the given selector. If none is found, abort.
Hash the validator provided by the user's cookie with SHA-256.
Compare the SHA-256 hash we generated with the hash stored in the database, using hash_equals().
If step 4 passes, associate the current session with the appropriate user ID."

Being new to all of this, I haven't heard of using a database with a cookie. I thought you just set a cookie, gave it an expiry date and off you go.
0
 
LVL 52

Expert Comment

by:Julian Hansen
ID: 41819562
The cookie is used to store a key into a database table where you usually store session information. It is fairly common practice

I think their approach is to remove  validator - which can be guessed with the timing attack - from the retrieval of the session data. By making the lookup on some other value (the id) - the validator check is then done with another process after the database record has been found. They imply that hash_equals is a constant time function which then removes the timing from the comparison of the validator with the stored value.
0
 

Author Comment

by:Black Sulfur
ID: 41819848
There must be some pretty bored people out there if they are going to try timing with this:

WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn

Is this a serious threat and should I worry about it for small applications or would I be okay just generating random strings and using that for my remember me cookie like:

rememberme=WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn ?
0
 
LVL 52

Expert Comment

by:Julian Hansen
ID: 41820207
It comes down to how valuable your data / app is. If the benefit is not worth the effort required then there is reduced incentive. There is always the chance someone wants to break in - but for the most part it is reward for effort that governs whether someone will try.

For small sites though I would not worry about it.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now