logo

Covert Timing Channel

Incomplete Base
Structure: Simple
Description

A covert timing channel is a security flaw where an attacker can deduce secret information by observing how long certain operations take to execute. Instead of directly reading data, they analyze timing variations in system behavior to infer protected details.

Extended Description

Attackers can exploit timing differences to learn secrets they shouldn't have access to. For instance, if a cryptographic function or a database query takes slightly longer under specific conditions, that delay can leak information about the internal state of the operation or the data being processed. Monitoring these subtle time variations allows an attacker to piece together sensitive information. This type of vulnerability is a classic example of a side-channel attack, specifically a timing channel. Common real-world signals include variations in a system's paging rate, the execution time of a transaction, or the delay in accessing a shared resource. Defending against these attacks requires ensuring that operations complete in constant time, regardless of the input or secret data involved.
Common Consequences 1
Scope: ConfidentialityOther

Impact: Read Application DataOther

Information exposure.
Potential Mitigations 3
Phase: Architecture and Design
Whenever possible, specify implementation strategies that do not introduce time variances in operations.
Phase: Implementation
Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker.
Phase: Implementation
It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application.
Demonstrative Examples 1

ID : DX-193

In this example, the attacker observes how long an authentication takes when the user types in the correct password.
When the attacker tries their own values, they can first try strings of various length. When they find a string of the right length, the computation will take a bit longer, because the for loop will run at least once. Additionally, with this code, the attacker can possibly learn one character of the password at a time, because when they guess the first character right, the computation will take longer than a wrong guesses. Such an attack can break even the most sophisticated password with a few hundred guesses.

Code Example:

Bad
Python
python
Note that in this example, the actual password must be handled in constant time as far as the attacker is concerned, even if the actual password is of an unusual length. This is one reason why it is good to use an algorithm that, among other things, stores a seeded cryptographic one-way hash of the password, then compare the hashes, which will always be of the same length.
References 2
The CLASP Application Security Process
Secure Software, Inc.
2005
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)
ID: REF-18
A Taxonomy of Computer Program Security Flaws, with Examples
Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi
19-11-1993
https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf(2024-11-17)
ID: REF-1431
Likelihood of Exploit

Medium

Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
Related Weaknesses
ChildOf: Covert Channel (CWE-514)
Taxonomy Mapping
  • Landwehr
  • CLASP
Notes
MaintenanceAs of CWE 4.9, members of the CWE Hardware SIG are working to improve CWE's coverage of transient execution weaknesses, which include issues related to Spectre, Meltdown, and other attacks that create or exploit covert channels. As a result of that work, this entry might change in CWE 4.10.