?
Solved

What is a timing leak? (in plain english)

Posted on 2016-09-28
7
Medium Priority
?
59 Views
Last Modified: 2016-09-28
Even though I am new to programming, I want to try do things as securely as possible as I learn to do basic things. I am getting to cookie security and came across a really great security website. Some of it is over my head though such as preventing timing leaks. The first part seems simple enough which is to generate a unique token when users check the “remember me” checkbox.
function generateToken($length = 20)
{
    return bin2hex(random_bytes($length));
}

Open in new window


I don’t want to post the entire article here unless that is okay with everyone (please let me know if I can) otherwise here is a link to the article.
They basically say, “Even if you're using a cryptographically secure random number generator, but your cookie looks like rememberme=WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn and you're storing these tokens in a database table that looks like this:

CREATE TABLE `auth_tokens` ( `id` integer(11) not null UNSIGNED AUTO_INCREMENT, `token` char(33), `userid` integer(11) not null UNSIGNED, `expires` integer(11), -- or datetime PRIMARY KEY (`id`) );
(And a look-up query might look something like this...)
SELECT * FROM auth_tokens WHERE token = 'WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn';

Open in new window


Watch out, an esoteric and nontrivial attack still exists."

Then it goes on about timing leaks.
If anyone would be prepared to take the time to explain this in plain English I would be really grateful. I really want to implement this but want to know what I am doing and why I am doing it.

https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
0
Comment
Question by:Black Sulfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 1000 total points
ID: 41819494
I think it's suggesting an attacker could keep trying different tokens and measure the response time in order to build a valid token.

I suppose it may even take 100 or 1000 or more requests using one particular token to get an accurate response time, but if there's no throttling or limiting of number of attempts then it can be tried.

Each time a token response time is recorded accurately, another token (one character different) could be submitted, and the response time compared. If the response is longer, then that might be because the first character of the token was correct, and the database took longer to figure out that the remainder of the token wasn't correct. Keep doing this, and a valid token may be able to be constructed without having to try every single possible combination of characters.

Does that make sense?

This kind of attack could probably be defeated by limiting the number of attempts from any given IP address, delaying the response etc.
0
 
LVL 58

Accepted Solution

by:
Julian Hansen earned 1000 total points
ID: 41819522
The attack uses the fact that comparison techniques tend to be time efficient in that as soon as they encounter an incorrect match the comparison terminates.
Comparing say
abc and adc

Will take quicker than
abc and abd

Simply because in the second instance there are two consecutive correct matches whereas in the first the process terminates after the first - making it run in approximately half the time.

By trial and error one can guess the target string by measuring the time.

The solution is to use functions that take constant time - in other words the check takes the same amount of time irrespective of incorrect matches
so comparing afd to abc will take the same amount of time to complete as comparing abc to abc.
By making functions constant time the potential for timing attacks is diminished.
0
 
LVL 58

Expert Comment

by:Julian Hansen
ID: 41819525
Another solution (which can be used in parallel or separately) is to use a time limit on requests - only a certain number of requests can be made within a specific time period - this limits the hacker by slowing down the process enough that a brute force attack takes exponentially longer - on probability beyond the lifespan of the session.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:Black Sulfur
ID: 41819529
Thanks so much. It is starting to make sense. I just still don't understand the prevention method using the database?

"Our proposed strategy deviates from the above simple token-based automatic login system in one crucial way: Instead of only storing a random token in a cookie, we store selector:validator.

selector is a unique ID to facilitate database look-ups, while preventing the unavoidable timing information from impacting security. (This is preferable to simply using the database id field, which leaks the number of active users on the application.)"

CREATE TABLE `auth_tokens` (
    `id` integer(11) not null UNSIGNED AUTO_INCREMENT,
    `selector` char(12),
    `token` char(64),
    `userid` integer(11) not null UNSIGNED,
    `expires` datetime,
    PRIMARY KEY (`id`)
);

Open in new window


On the database side of things, the validator is not stored wholesale; instead, the SHA-256 hash of validator is stored in the database, while the plaintext is stored (with the selector) in the user's cookie. With this fail-safe in place, if somehow the auth_tokens table is leaked, immediate widespread user impersonation is prevented.

The automatic login algorithm looks something like:

Separate selector from validator.
Grab the row in auth_tokens for the given selector. If none is found, abort.
Hash the validator provided by the user's cookie with SHA-256.
Compare the SHA-256 hash we generated with the hash stored in the database, using hash_equals().
If step 4 passes, associate the current session with the appropriate user ID."

Being new to all of this, I haven't heard of using a database with a cookie. I thought you just set a cookie, gave it an expiry date and off you go.
0
 
LVL 58

Expert Comment

by:Julian Hansen
ID: 41819562
The cookie is used to store a key into a database table where you usually store session information. It is fairly common practice

I think their approach is to remove  validator - which can be guessed with the timing attack - from the retrieval of the session data. By making the lookup on some other value (the id) - the validator check is then done with another process after the database record has been found. They imply that hash_equals is a constant time function which then removes the timing from the comparison of the validator with the stored value.
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41819848
There must be some pretty bored people out there if they are going to try timing with this:

WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn

Is this a serious threat and should I worry about it for small applications or would I be okay just generating random strings and using that for my remember me cookie like:

rememberme=WBWgm2oMFxsiGRGQNJ6n8gtN3gOuQ2wjN8ZRjZtU0Mn ?
0
 
LVL 58

Expert Comment

by:Julian Hansen
ID: 41820207
It comes down to how valuable your data / app is. If the benefit is not worth the effort required then there is reduced incentive. There is always the chance someone wants to break in - but for the most part it is reward for effort that governs whether someone will try.

For small sites though I would not worry about it.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question