Shulou(Shulou.com)06/01 Report--

What is timing attack and how to defend in Spring Boot, for this problem, this article details the corresponding analysis and solution, hoping to help more small partners who want to solve this problem find a simpler and easier way.

Many people complain that Spring Security is heavier than Shiro. This heavyweight does not come out of thin air. The advantage of weight is that it provides more powerful protection.

For example, Brother Song recently saw a piece of code:

protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { prepareTimingAttackProtection(); try { UserDetails loadedUser = this.getUserDetailsService().loadUserByUsername(username); if (loadedUser == null) { throw new InternalAuthenticationServiceException( "UserDetailsService returned null, which is an interface contract violation"); } return loadedUser; } catch (UsernameNotFoundException ex) { mitigateAgainstTimingAttack(authentication); throw ex; } catch (InternalAuthenticationServiceException ex) { throw ex; } catch (Exception ex) { throw new InternalAuthenticationServiceException(ex.getMessage(), ex); } }

This code is located in the DaoAuthenticationProvider class. For your convenience, let me briefly describe the context of this code.

After the user submits the username and password to log in, Spring Security needs to query the user in the database according to the username submitted by the user.

After finding the user object, compare the difference between the user password found in the database and the password submitted by the user.

The above code is Spring Security queries the user in the database according to the user name passed in when the user logs in, and returns the user found. There is also an authentication parameter in the method, which stores the username/password information passed in when the user logs in.

So what's so magical about this code?

Let's go line by line.

Source code combing

1. First of all, the method calls the prepareTimingAttackProtection method. As can be seen from the name of the method, this is to prepare for the defense of the timed attack, so what is the timed attack? Relax, brother song will explain later. Let's go first and finish the process. The implementation of the prepareTimingAttackProtection method is simple, as follows:

private void prepareTimingAttackProtection() { if (this.userNotFoundEncodedPassword == null) { this.userNotFoundEncodedPassword = this.passwordEncoder.encode(USER_NOT_FOUND_PASSWORD); } }

This method is to encode the constant USER_NOT_FOUND_PASSWORD with passwordEncoder (if you don't know passwordEncoder, you can refer to the two postures of password encryption in Spring Boot!) Assign the encoding result to the userNotFoundEncodedPassword variable.

2. Next, call the UserloadByUsername method to query the user in the database according to the user name passed in by the login user. If it is found, the found object will be returned.

3. If UsernameNotFoundException is thrown during the query process, it is reasonable to throw an exception directly, and the following password comparison is unnecessary, because no user is found according to the user name. This login must be a failure, and there is no need to perform password comparison!

But notice that the mitigateAgainstTimingAttack method is called before the exception is thrown. The name suggests that this method mitigates timed attacks.

Let's look at the implementation of this method:

private void mitigateAgainstTimingAttack(UsernamePasswordAuthenticationToken authentication) { if (authentication.getCredentials() != null) { String presentedPassword = authentication.getCredentials().toString(); this.passwordEncoder.matches(presentedPassword, this.userNotFoundEncodedPassword); } }

As you can see, here we first get the password passed in by the login user, that is, presentedPassword, and then call the passwordEncoder.matches method to perform password comparison operation. Originally, the second parameter of this method is the user password queried from the database. Now, the user is not found in the database, so the second parameter is replaced by userNotFoundEncodedPassword. UserNotFoundEncodedPassword is the variable assigned when we call the prepareTimingAttackProtection method at the beginning. This password comparison was destined to fail from the beginning, so why compare it?

timing attack

And that brings us to our theme for today--timed attacks.

Timing attack is a kind of bypass attack. In cryptography, bypass attack is also called side-channel attack or side-channel attack.

This attack does not exploit theoretical weaknesses in encryption algorithms, nor is it brute force, but rather information obtained from the physical implementation of cryptographic systems. Additional sources of information, such as time information, power consumption, electromagnetic leakage, etc., can be used to further crack the system.

There are many different categories of bypass attacks:

Cache Side-Channel Attacks: By gaining access to the cache, some sensitive information in the cache is obtained. For example, the attacker obtains access to the physical host of the cloud host and obtains access to the memory.

Timing attack: Inferring the operation used from the time taken by the device operation, or estimating which storage device the data is located in by comparing the time of the operation, or stealing data by using the time difference of communication.

The bypass attack based on power consumption monitoring, the operation power consumption of different hardware circuit units of the same device is also different, so the power consumption of a program running will vary with which hardware circuit unit the program uses, and thus infer which hardware unit the data output is located in, and then steal data.

Electromagnetic attack, equipment operation will leak electromagnetic radiation, after proper analysis of the words can be resolved out of these leaked electromagnetic radiation contained in the information (such as text, sound, images, etc.), this attack method in addition to cryptographic attacks are also used for non-cryptographic attacks and other eavesdropping behavior, such as TEMPEST attack.

Acoustic cryptanalysis captures information (similar to power analysis) by capturing acoustic signals that leak from devices during operations.

Differential error analysis, where hidden data is discovered when an error occurs and an error message is output.

Data remanence, which allows sensitive data to be read when it should be deleted (e.g. cold start attack).

Software initialization error attacks are relatively rare today, and Row hammer attacks are an example of this type of attack, in which memory space next to a memory location that is forbidden to access risks loss of state retention if frequently accessed.

Optically, the hidden data is captured by some visual optical instruments (such as high definition cameras, high definition cameras, etc.).

All types of attacks exploit encryption/decryption systems that perform encryption/decryption operations with undetected flaws in the algorithmic logic, but provide useful additional information (hence the term "bypass") through physical effects that often contain secret data such as keys, passwords, ciphertext, etc.

The code in Spring Security above is designed to prevent timed attacks.

How do you do it? Assuming Spring Security throws an exception directly without finding user information from the database and does not execute the mitigateAgainstTimingAttack method, then after a lot of testing and statistical analysis, hackers will find that some login verification takes significantly less time than other logins, and then infer that the login verification time is shorter for users who do not exist, while the login takes longer for users who exist in the database.

Now in Spring Security, by implementing the mitigateAgainstTimingAttack method, the login verification time does not significantly differ whether the user is present or not, thus avoiding timing attacks.

Some friends may say, how much time does the passwordEncoder.matches method take to execute? Depending on how you measure time, the smaller the unit of time, the more significant the difference: milliseconds (ms), microseconds (µs), nanoseconds (ns), picoseconds (ps), femtoseconds (fs), attoseconds (as), zs.

In addition, Spring Security for security, passwordEncoder introduced a concept called adaptive one-way function, this function is deliberately slow to execute and consume a lot of system resources, so it is necessary to carry out timing attack defense.

About what is a timed attack and how to defend the Spring Boot in the answer to the question shared here, I hope the above content can be of some help to everyone, if you still have a lot of doubts not solved, you can pay attention to the industry information channel to learn more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.