YoVDO

DBREACH - Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Encryption Courses Database Security Courses Compression Algorithms Courses

Course Description

Overview

Explore a groundbreaking presentation on database security vulnerabilities in this 36-minute Black Hat conference talk. Delve into the world of compression side-channel attacks on real-world databases, focusing on the DBREACH (Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics) technique. Learn how attackers can potentially extract encrypted content inserted by other users, exploiting the dangerous combination of encryption and compression in large databases. Discover the intricacies of InnoDB page compression, supported compression algorithms, and the threat model behind these attacks. Gain insights into the attack algorithm, compressibility scores, and character-by-character extraction methods. Explore challenges such as the substring/superstring problem and techniques for overcoming noise in the side channel. Examine the efficiency, speed, and accuracy of the attack, as well as its potential impact on other systems. Conclude with a discussion on prevention strategies and patching vulnerabilities to enhance database security.

Syllabus

Intro
Roadmap
Encryption Security
CRIME BREACH
MariaDB/InnoDB Encryption and Compression
InnoDB Page Compression
Supported Compression Algorithms
Threat Model
Attack Algorithm
Compressibility Scores
Decision Attack Is a guess in the table?
Character-by-Character Extraction
Substring/Superstring Problem
Addressing the Superstring Problem
Overcoming Noise in the Side Channel
Maximizing Efficiency
Efficiency & Speed
Accuracy
Vulnerability of Other Systems
Prevention
Patching the Vulnerability


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube