Demonstration of a side-channel attack #66
Replies: 1 comment
-
I love it! It sounds like a very exciting level able to teach developers a lot! The only thing on my side is to start planning what we do next after releasing the 2nd season, which will be publicly announced in the upcoming weeks. I mean, it's possible of course to start preparing for a 3rd season (that needs 5 levels) and your level can be the part of that season, however we have to wait for more levels from open source contributors like yourself before we merge. This means that you are free to produce more levels if you so want to with the maximum number being 5 levels. Just take into account for this level (or more levels) that there should be an increase in the difficulty as the levels inside the season progress. Difficulties should be more or less as follows:
Please notice that in the next few weeks we will advertise in all official GitHub channels the arrival of Season 2, that I hope will bring more contributions for a 3rd season to approach the magic number 5, but as this is time consuming, it's fantastic that you can start contributing from now! 🚀 💪🏼 |
Beta Was this translation helpful? Give feedback.
-
Hi Guys!
I would like to propose a security game where an attacker would only succeed if there is an extra leakage of information via some side-channel; a concept known as side-channel attack. More specifically, the new game would illustrate the time-attack mechanism. This theme was not covered in any of the previous games and is an extremely important topic in security engineering.
Prerequisites
A learner should first finish the Season 2/Level 2 game to understand how to avoid basic design flaws.
Scenario
The problematic authenticator RESTful service will have an endpoint to return a security token based upon a user id (some number in the range [0, 10000]) and an 8 digit pin code. The list of users will be fixed, but unknown to external parties. Since the service will store pin codes in a hashed format, it will compute the hash of the input pin code with a slow hashing algorithm. The algorithm itself will be predefined and mandatory (not allowed to be changed by a student). If the input was correct, then the service will return a token. Otherwise, it will respond with the same error code irrespectively whether a user id, pin code or both were wrong.
Unfortunately, the service will only run the hashing algorithm when the user id was correctly given, otherwise it will immediately return with an error code. This difference in response times would create an opportunity for an attacker to leverage a time-attack. An attacker would win the game, if they can find the proper combination of user id/pin code pair in less than some maximum number of attempts (a conigurable parameter). Of course, a win for an attacker is a failure for a learner.
The task of a learner is to figure out what helps an attacker to achieve it's goal and find a solution.
The game would be implemented in Python using the Flask framework. The structure of the code base will be as follows:
Beta Was this translation helpful? Give feedback.
All reactions