Vulnerable Login

Before jumping into a Timing Side-Channel Attack. Let us create a vulnerable login system that is prone to Timing Side-Channel Attack.

We will design the login system with two functions:

A comparison function that will compare the stored password and the input password.
A login function which will validate and return whether the provided password was correct or not.

Password Comparison

def comp_pass(vuln_pass, input_pass):
    if len(vuln_pass) != len(input_pass):
        return False
    for i in range(len(vuln_pass)):
        if vuln_pass[i]!=input_pass[i]:
            return False
    return True

This code defines a function comp_pass which compares two passwords character by character. It first checks if the lengths of the two passwords are the same. If they are not, it returns False immediately. Then, it iterates through each character of the passwords and compares them. If any character doesn't match, it returns False. If all characters match, it returns True, indicating that the passwords are equal.

Regarding side-channel vulnerabilities, this code is susceptible to timing attacks. In a timing attack, an attacker can measure the time taken by the function to execute and use this information to infer characteristics about the passwords being compared. For example, if the function returns False faster when the first character of the input password is incorrect, an attacker could iteratively guess characters until they find one that takes longer to return False, thus revealing the correct character.

def login(user_pass):
    pswd = 'password'
    if comp_pass(pswd, user_pass):
        return print('User Has Access')
    return print('User does not have access')

This code defines a function login that checks if a user-provided password matches a stored password. It first initializes a variable pswd with the stored password 'password'. Then, it calls the comp_pass function to compare the user-provided password with the stored password. If the comparison returns True, indicating a match, it prints 'User Has Access'. Otherwise, it prints 'User does not have access'.

def main():
    inp_pass=input("Enter Password: ")
    login(inp_pass)

main()

This code is vulnerable to a time-based side-channel attack due to the way the comp_pass function performs the password comparison. In a time-based side-channel attack, an attacker exploits variations in the execution time of the code to infer information about the passwords being compared.

The Attack

Here's a short algorithm for how the attack might proceed:

The attacker sends a series of requests with passwords of varying lengths.
For each request, the attacker measures the time taken for the server to respond.
The attacker focuses on requests where the response time is slightly longer.
By iteratively guessing characters of the password and observing changes in response time, the attacker deduces the correct password one character at a time.

PreviousTiming Side-Channel Attacks NextCloud Basics

Last updated 1 year ago