Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure

Adi Kaufman, Moshik Hershcovitch, Adam Morrison

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Key-value stores typically leave access control to the systems for which they act as storage engines. Unfortunately, attackers may circumvent such read access controls via timing attacks on the key-value store, which use differences in query response times to glean information about stored data. To date, key-value store timing attacks have aimed to disclose stored values and have exploited external mechanisms that can be disabled for protection. In this paper, we point out that key disclosure is also a security threat—and demonstrate key disclosure timing attacks that exploit mechanisms of the key-value store itself. We target LSM-tree based key-value stores utilizing range filters, which have been recently proposed to optimize LSM-tree range queries. We analyze the impact of the range filters SuRF and prefix Bloom filter on LSM-trees through a security lens, and show that they enable a key disclosure timing attack, which we call prefix siphoning. Prefix siphoning successfully leverages benign queries for non-present keys to identify prefixes of actual keys—and in some cases, full keys—in scenarios where brute force searching for keys (via exhaustive enumeration or random guesses) is infeasible.

Original languageEnglish
Title of host publicationProceedings of the 2023 USENIX Annual Technical Conference, ATC 2023
PublisherUSENIX Association
Pages719-733
Number of pages15
ISBN (Electronic)9781939133359
StatePublished - 2023
Event2023 USENIX Annual Technical Conference, ATC 2023 - Boston, United States
Duration: 10 Jul 202312 Jul 2023

Publication series

NameProceedings of the 2023 USENIX Annual Technical Conference, ATC 2023

Conference

Conference2023 USENIX Annual Technical Conference, ATC 2023
Country/TerritoryUnited States
CityBoston
Period10/07/2312/07/23

Fingerprint

Dive into the research topics of 'Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure'. Together they form a unique fingerprint.

Cite this