Improve Time Resolution Defense
|Reported by:||mikeperry||Owned by:||mikeperry|
|Cc:||gk, brade, mcs, lhansen, huseby||Actual Points:|
Hovav Shacham and Keaton Mowery saw #1517 and emailed to point out some papers from the virtualization literature that have tried to deal with timing-based side channels. It turns out that simply reducing the granularity of the clock can still allow an adversary to extrapolate the true time by running a busy loop with a predictable operation in it. They provided a simple test that I updated and posted here https://people.torproject.org/~mikeperry/transient/tests/timingtest.html. It is able to recover the original time value with ~1-5ms accuracy.
They linked to this paper https://cseweb.ucsd.edu/~hovav/dist/xentimers.pdf, and suggested that the best approach would be:
Pick some nominal granularity x. Then define a distribution (normal?) with mean at x. Clocks available to the program only ever show an exact multiple of x, with a clock-edge on transition. But they are lies: Immediately after a clock edge, the monitor draws some value t out of the distribution with mean x, and then sets a time-t timer; when that timer fires, the clock shown to the program is increased by x, and the monitor draws a new value t and continues.
In other words, we'd still report 100ms steps, but change when we bump that step by +/- 50ms or so, based on a random value.
While I'm at it, I should also see how well using window.requestAnimationFrame and setTimeout can reconstruct the clock.
Firefox 38 also added a bunch more time sources to window.Performance, and also added Performance API support to WebWorkers and SharedWorkers. There's also a new animation API (https://developer.mozilla.org/en-US/docs/Web/API/AnimationPlayer).
Change History (21)
comment:5 Changed 22 months ago by mikeperry
- Keywords MikePerry201506 added
- Status changed from new to assigned
comment:10 in reply to: ↑ 9 ; follow-up: ↓ 11 Changed 21 months ago by mcs
comment:13 Changed 21 months ago by mikeperry
- Keywords TorBrowserTeam201507 added; TorBrowserTeam201506 removed
comment:14 Changed 21 months ago by mikeperry
- Keywords MikePerry201507 added; MikePerry201506 removed
comment:15 Changed 20 months ago by mikeperry
- Keywords ff38-esr tbb-5.0a-highrisk TorBrowserTeam201507 MikePerry201507 removed
comment:19 Changed 6 months ago by mikeperry
- Cc huseby added
- Status changed from assigned to needs_review