Protocol design flaws

Aside from the traditional vulnerability analysis in which we explore known attack vectors (e.g., buffer overflows, injection vulnerabilities) we are also interested in finding design flaws in protocols and systems deployed and in use. For example:


The ND2DB Attack exploits a timing side-channel introduced by design in database management systems which use the B-tree data structure for storing content in the HD and accessing it. Check the project's page for more information.

Vulnerability in MySQL's authentication algorithm

We discovered a vulnerability in the "MySQL Database Engine" (versions 3.2 up to 3,x). MySQL uses an authentication scheme designed to prevent the flow of plain text passwords over a network and the storage of the passwords in plain text. For that purpose, a challenge-response mechanism for authentication has been implemented on all versions of MySQL.

However, this authentication mechanism is not cryptographically strong. Each time a user executes this mechanism, information allowing an attacker to recover the user's password is leaked. Using an attack of CoreLabs design, which exploits geometric properties of the authentication mechanism, an eavesdropper is able to recover the user's password after witnessing a few executions of this protocol. An attacker is then able to authenticate himself to the database engine, impersonating a valid user.

Timing analysis of SSH keystrokes

We researched a /timing analysis of keystrokes in SSH/ which was independently discovered by other groups to SSH and Open SSH. In SSH's interactive mode, keystrokes are sent to the server as the user types. An attacker is then able to discern the delay between each keystroke. CoreLabs was able to determine how this information can help an attacker guess the complete flow of data typed by a client.

First, we gather information about the user's typing habits, i.e., a transcript of a text typed by the user and the delays between each keystroke. Then, by modeling the user's typing process as Hidden Markov Chains, we are able to use a k-Viterbi algorithm to evaluate the best-hidden process to produce the observed delays between keystrokes. We can then produce a list of the most probable transcripts for the observation.

In parallel to this project, (STW01) presents another attack that exploits this SSH vulnerability with reduced scope. The attack from (STW01) aims only at recovering user passwords and not at recovering complete transcripts of their SSH connections.

SSH insertion attack

We discovered /weak authentication and integrity mechanisms in "secure channel" protocols/. Several cryptographic protocols use block ciphers and simple integrity functions like checksum or CRC to preserve the privacy, integrity and authentication security of communication channels. We recently studied known protocols like Kerberos and SSH, which use or used these types of schemes, for weaknesses. Our analysis produced an efficient attack to the SSH1 protocol "SSH insertion attack" that permitted an attacker to insert arbitrary data in a connection without any previous knowledge.