Professional Documents
Culture Documents
邏輯優化的灰色面 針對網頁應用的時序攻擊 (Timing Attacks on Web)
邏輯優化的灰色面 針對網頁應用的時序攻擊 (Timing Attacks on Web)
針對網頁應用的時序攻擊
( Timing Attacks on Web )
Ant
ant@chroot.org / yftzeng@gmail.com
2018-03-13
Introduction
2/74
Thank @mathias for inspiring me
3/74
4/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
5/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
6/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
1000 µs
1000 µs
100 µs
200 µs
7/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
8/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
A000000
B000000
…
E000000
EA00000
…
9/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
10/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
1000 µs
1000 µs
100 µs
200 µs
11/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
a little bit
12/74
PHP
13/74
14/74
DEMO #01
15/74
16/74
Those work on web ideally ?
17/74
localhost
18/74
19/74
Nttwoek jitte
100-150 ms
20/74
Attack Shift
21/74
Attack Shift
a l
Ide
Timing atack against sofwaet impltmtntaton
22/74
Attack Shift
a l
Ide
Timing atack against sofwaet impltmtntaton
it y
e al
R Timing atack against busintss logic
23/74
24/74
~2500 ms
25/74
~1500 ms
26/74
Login
100 ms
Admin User
2500 ms 1500 ms
27/74
Login
100 ms
Admin User
2500 ms 1500 ms
~1000 ms
28/74
Login Validate user
100 ms 100 ms
Admin User
2500 ms 1500 ms
~1000 ms
29/74
30/74
100 ms
31/74
100 ms
32/74
Which one is better ?
33/74
34/74
100 ms
35/74
100 ms
100 ms
36/74
100 ms
100 ms
100 ms
37/74
100 ms
100 ms
38/74
100 ms
100 ms
100 ms
39/74
Login Validate user
100 ms 100 ms
Admin User
2500 ms 1500 ms
40/74
~1000 ms
Welcome Ant !
41/74
~500 ms
42/74
old
43/74
~30 ms
44/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 (p52)
~15 ms
45/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 (p54)
46/74
Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 (p50)
Login Validate user
100 ms 100 ms
Admin User
2500 ms 1500 ms
47/74
~200 ms
404
Page not found
48/74
~80 ms
404
Page not found
49/74
50/74
Login Validate user
100 ms 100 ms
Admin User
2500 ms 1500 ms
51/74
52/74
53/74
54/74
55/74
56/74
57/74
DEMO Online
58/74
Nttwoek jitte
100-150 ms
59/74
LAN
IoT device
Router
60/74
Login Validate user
100 ms 100 ms
Admin User
2500 ms 1500 ms
61/74
SuperUser Backdoor
100 ms 400 ms
Admin User
2500 ms 1500 ms
62/74
63/74
DEMO #03
64/74
A000000
B000000
…
E000000
EA00000
…
65/74
最佳化就像迴旋鏢,何時不小心回來打到你,可能也不知道
~ Ant ~
66/74
Attack Modes
Pre-auth Post-auth
Passive attacks
Active attacks
67/74
Passive attacks
68/74
Active attacks
69/74
Attack Modes
Pre-auth Post-auth
Passive attacks
Active attacks
70/74
password hash function ?
71/74
password hash function ?
DEMO #04
72/74
安全就像洋蔥,一片一片地剝開,總有一片會讓人流淚
~ Ant ~
73/74
ant@chroot.org / yftzeng@gmail.com
https://www.facebook.com/yftzeng.tw
https://twitter.com/yftzeng
74/74