A Covert Timing Channel via Algorithmic Complexity Attacks: Design and Analysis

Sun, Xiepeng; Cheng, Liang; Zhang, Yang

doi:10.1109/icc.2011.5962718

Cited by 2 publications

(1 citation statement)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In most of these works, weak non-cryptographic hash functions were responsible for the attacks. The general impact of these attacks was DoS [39] or the creation of covert channels [40]. Our work contributes to algorithmic complexity attacks in three aspects.…”

Section: Related Workmentioning

confidence: 99%

The Power of Evil Choices in Bloom Filters

Gerbet

Kumar

Lauradoux

2015

2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks

View full text Add to dashboard Cite

A Bloom filter is a probabilistic hash-based data structure extensively used in software products including online security applications. This paper raises the following important question: Are Bloom filters correctly designed in a security context ? The answer is no and the reasons are multiple: bad choices of parameters, lack of adversary models and misused hash functions. Indeed, developers truncate cryptographic digests without a second thought on the security implications. This work constructs adversary models for Bloom filters and illustrates attacks on three applications, namely Scrapy web spider, Bitly Dablooms spam filter and Squid cache proxy. Consequently, the adversary forces the filter to systematically exhibit worst-case behavior. One of the reasons being that Bloom filter parameters are always computed in the average case. We compute the worst-case parameters in adversarial settings, and show how to securely and efficiently use cryptographic hash functions. Finally, we propose several countermeasures to mitigate our attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

The Power of Evil Choices in Bloom Filters

Gerbet

Kumar

Lauradoux

2015

2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks

View full text Add to dashboard Cite

show abstract

SlowFuzz

Petsios

Zhao

Keromytis

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

118

View full text Add to dashboard Cite

Algorithmic complexity vulnerabilities occur when the worstcase time/space complexity of an application is signi cantly higher than the respective average case for particular usercontrolled inputs. When such conditions are met, an attacker can launch Denial-of-Service attacks against a vulnerable application by providing inputs that trigger the worst-case behavior. Such attacks have been known to have serious e ects on production systems, take down entire websites, or lead to bypasses of Web Application Firewalls.

show abstract

A Covert Timing Channel via Algorithmic Complexity Attacks: Design and Analysis

Cited by 2 publications

References 16 publications

The Power of Evil Choices in Bloom Filters

The Power of Evil Choices in Bloom Filters

SlowFuzz

Contact Info

Product

Resources

About