TID-330: Cryptographic Timing Side-Channel
Threat Description
Algorithms or code implementations of cryptographic processes will sometimes leak information by ending operations early or late based on, and correlated with, the input/key.
If a threat actor is able to execute code on a processor performing a cryptographic operation, they may be able to infer the resulting key from that operation by measuring the timing it takes to perform the various functions.
For example, if a function like memcpy (which performs byte-by byte comparison) is used to check an HMAC value, by measuring the time it takes for the function to execute, the length of time needed to brute force guess a key can be significantly reduced.
Threat Maturity and Evidence
Known Exploitable Weakness
XBOX 360 HMAC Comparison
“A memcmp function is used to check the CB-auth HMAC-hash value. The value is 16-bytes long and is done byte-by-byte wise. By changing one byte at a time it’s possible to determine if a byte is the valid (true) by measuring the time to compare a false and a true value. Measuring each byte will in the end reveal the correct hash and the boot process can continue.
The time differences for a valid and false value is about 2200 microseconds.
Possibilities: 16 bytes * 256 different possibility for each byte, total 4096 tries. Statistically only half has to be tried, 2048 tries.”
CWE
CWE-208: Observable Timing Discrepancy (Base)
“Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.”
CWE-1254: Incorrect Comparison Logic Granularity (Base)
“The product’s comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.”