Remote algorithmic complexity attacks against randomized hash tables

Noa Bar-Yosef, Avishai Wool

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Many network devices, such as routers, firewalls, and intrusion detection systems, usually maintain per-connection state in a hash table. However, hash tables are susceptible to algorithmic complexity attacks, in which the attacker degenerates the hash into a simple linked list. A common counter-measure is to randomize the hash table by adding a secret value, known only to the device, as a parameter to the hash function. Our goal is to demonstrate how the attacker can defeat this protection: we demonstrate how to discover this secret value, and to do so remotely, using network traffic. We show that if the secret value is small enough, such an attack is possible. Our attack does not rely on any weakness of a particular hash function and can work against any hash - although a poorly chosen hash function, that produces many collisions, can make the attack more efficient. We present a mathematical modeling of the attack, simulate the attack on different network topologies and finally describe a real-life attack against a weakened version of the Linux Netfilter.

Original languageEnglish
Title of host publicationE-business and Telecommunications - 4th International Conference, ICETE 2007, Revised Selected Papers
PublisherSpringer Verlag
Pages162-174
Number of pages13
ISBN (Print)3540886524, 9783540886525, 9783540886525
DOIs
StatePublished - 2008

Publication series

NameCommunications in Computer and Information Science
Volume23 CCIS
ISSN (Print)1865-0929

Fingerprint

Dive into the research topics of 'Remote algorithmic complexity attacks against randomized hash tables'. Together they form a unique fingerprint.

Cite this