Browsing by Author "Crosby, Scott A."

Now showing 1 - 5 of 5
  • Thumbnail Image
    Item
    Algorithmic attacks and timing leaks in distributed systems
    (2005) Crosby, Scott A.; Wallach, Dan S.
    An important class of remotely applicable security attacks concerns time. You can attack somebody by making their algorithms run in their worst-case behavior rather than common-case behavior. Likewise, the processing time can disclose a secret. If an attacker can observe the time it takes for somebody to process a request, an attacker may learn something about the internal state. The first part of this thesis defines a new class of attacks that perform a remote denial of service by deliberately choosing inputs to make common algorithms slow. These attacks are widespread. We show that vulnerable hash tables are used by Perl and Squid and we illustrate an attack on the Bro IDS. This second part of this thesis analyzes the opportunities for determining a remote party's secret by analyzing processing time remotely over the Internet. Our measurements show that an attacker can potentially time a remote host to 300 nanoseconds over a local area network and less than 20 microseconds over the Internet.
  • Thumbnail Image
    Item
    An Analysis of BitTorrent’s Two Kademlia-Based DHTs
    (2007-05-26) Crosby, Scott A.; Wallach, Dan S.
    Despite interest in structured peer-to-peer overlays and their scalability to millions of nodes, few, if any, overlays operate at that scale. This paper considers the distributed hash table extensions supported by modern BitTorrent clients, which implement a Kademlia-style structured overlay network among millions of BitTorrent users. As there are two disjoint Kademlia-based DHTs in use, we collected two weeks of traces from each DHT. We examine churn, reachability, latency, and liveness of nodes in these overlays, and identify a variety of problems, such as median lookup times of over a minute. We show that Kademlia’s choice of iterative routing and its lack of a preferential refresh of its local neighborhood cause correctness problems and poor performance. We also identify implementation bugs, design issues, and security concerns that limit the effectiveness of these DHTs and we offer possible solutions for their improvement.
  • Thumbnail Image
    ItemUnknown
    Denial of Service via Algorithmic Complexity Attacks
    (2003-02-12) Crosby, Scott A.; Wallach, Dan S.
    We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures. Frequently used data structures have "average-case'' expected running time that's far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU.
  • Thumbnail Image
    ItemUnknown
    Finding the Evidence in Tamper-Evident Logs
    (2008-01-23) Sandler, Daniel; Derr, Kyle; Crosby, Scott A.; Wallach, Dan S.
    Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, the problem of how to automatically detect violations remains open. Low-level inconsistencies, such as gaps in the hash chain, are detectable without knowledge about the application, but existing research stops short of extracting or verifying application-specific log properties. In this paper we contribute the design and implementation of a system for discovering this kind of evidence. We first propose a logical language for applications to express concisely the constraints that apply to their logs and the evidence that can be extracted from them. We offer several algorithms for efficiently and incrementally evaluating these rules. Finally, we present QUERIFIER, a log analysis package that implements our proposed techniques. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Given validity rules and available log data, it presents evidence of correctness and offers counterexamples if desired. We describe QUERIFIER's implementation and offer early performance results: for a rule set developed for a distributed voting application, we observed that our system could incrementally verify a realistic election-day log at 50 events per second.
  • Thumbnail Image
    ItemUnknown
    Opportunities and Limits of Remote Timing Attacks
    (2007-05-26) Crosby, Scott A.; Riedi, Rudolf H.; Wallach, Dan S.
    Many algorithms can take a variable amount of time to complete depending on the data being processed. These timing differences can sometimes disclose confidential information. Indeed, researchers have been able to reconstruct an RSA private key purely by querying an SSL web server and timing the results. Our work analyzes the limits of attacks based on accurately measuring network response times and jitter over a local network and across the Internet. We present the design of filters to significantly reduce the effects of jitter, allowing an attacker to measure events with 15-100μs accuracy across the Internet, and as good as 100ns over a local network. Notably, security-related algorithms on web servers and other network servers need to be carefully engineered to avoid timing channel leaks at the accuracy demonstrated in this paper.