Algorithmic Attacks and Timing Leaks in Distributed Systems

An important class of remotely applicable security attacks concerns time. You can attack somebody by making their algorithms run in their worst-case behavior rather than common-case behavior. Likewise, the processing time can disclose a secret. If an attacker can observe the time it takes for somebody to process a request, an attacker may learn something about the internal state. The first part of this thesis defines a new class of attacks that perform a remote denial of service by deliberately choosing inputs to make common algorithms slow. These attacks are widespread. We show that vulnerable hash tables are used by Perl and Squid and we illustrate an attack on the Bro IDS. This second part of this thesis analyzes the opportunities for determining a remote party’s secret by analyzing processing time remotely over the Internet. Our measurements show that an attacker can potentially time a remote host to 300 nanoseconds over a local area network and less than 20 microseconds over the Internet.