Timing Attacks for Recovering Private Entries From Database Engines presented at BlackHatDC 2007

by Ariel Waissbein, Pablo Damian Saura,

URL : https://www.blackhat.com/presentations/bh-usa-07/Waissbein_Futoransky_and_Saura/Presentation/bh-usa-07-waissbein_futoransky_and_saura.pdf

Summary : In todays threat landscape, data security breaches are mostly due to the exploitation of bugs in front-end web applications (e.g. via SQL injection) or to the abuse of misconfigured authorization and access control permissions. CoreLabs devised an attack that works without requiring the existence of implementation bugs or security misconfigurations in the database. The new attack relies solely on the inherent characteristics of the indexing algorithms used by most commercial database management systems.
During this talk, Damian Saura and Ariel Waissbein will present ongoing research work on this new type of attack against database-driven applications. Their work uses timing attacks, a common technique for breaking cipher system implementations, and applies them to database engines. The researchers will explain how this technique makes it possible to extract private data from a database by performing record insertion operations, which are typically available to all database users including anonymous users of front-end web applications.
The presentation will also review BTREE, the most popular database indexing algorithm and data structure. Saura and Wassbein will describe how they discovered BTREEs security weaknesses and demonstrate the attack against the MySQL database engine.