freetype-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] Potential Timing Side-channel in Freetype Library


From: Behdad Esfahbod
Subject: Re: [ft-devel] Potential Timing Side-channel in Freetype Library
Date: Tue, 19 Feb 2019 14:06:45 -0500

On Tue, Feb 19, 2019 at 2:27 AM Werner LEMBERG <address@hidden> wrote:

> We're a group of researchers from University of California
> Riverside. We recently discovered that the outline processing (font
> translation/decomposition) subroutine in the Freetype version 2.9.1
> takes variable amount of time depending on which character is to be
> rendered.  As a result, an unprivileged attacker could potentially
> utilize flush+reload cache side-channel attack to measure the
> execution time of said subroutine to infer user input.  Although in
> most applications, this subroutine is performed only once for each
> character of the same font type, we found that for some applications
> this is enough for an attacker to extract sensitive information.
>
> For detailed information please refer to our paper in the link
> below. We would be very happy to work with you to address this
> issue. Please let us know what you think.
>
> https://www.cs.ucr.edu/~zhiyunq/pub/ndss19_cache_keystrokes.pdf

Thanks for bringing this to our attention.  Glyph rendering is a time
consuming process; making the rendering time of all glyphs equal is
definitely a no-go IMHO, since it would make FreeType far too slow.

What I could imagine, however, is to add some random fuzz so that the
rendering time varies by an additional value N (with N to be set by
the library user).  I can imagine that this would sufficiently reduce
the repeatability, making it much harder to execute the attack as
described in your paper.

I don't think that belongs in FreeType.
 
--
behdad
http://behdad.org/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]