DBreach ! Attack on Database
A new type of attack against databases has been presented at the Black Hat US 2021 hybrid event. This attack database Reconnaissance and Exfiltration via Adaptive Compression Heuristics could result in information disclosure and loss.
DBREACH is considered to be the first compression side-channel attack on a database system. Using this technique, an attacker can recover users’ encrypted data.
- This techniques similar to the Compression Ratio Info-leak Made Easy attack. This attack, revealed in 2013, targets Transport Layer Security (TLS).
- Several modern databases have data compression and encryption methods paired together to reduce costs. But this may expose the data for a new class of vulnerabilities known as side-channel attacks.
- The experts analyzed and applied their theory on the MariaDB open-source databases running with the InnoDB storage engine.
For a successful attack, an attacker requires the ability to insert/update a database table and estimate the size of a compressed table.
- The database table can be either updated or inserted using a web interface. In addition, the attacker can obtain the required permissions with only a partial-select ability.
- Even without update permissions, the attacker can still force an update by rolling back the table file and performing an insert operation.
- The size of the compressed table can be achieved by obtaining read access to the filesystem. With this, the attacker could read the size of the table.
Researchers claim that this threat model can result in real-world attacks. In order to mitigate the potential risks of the DBREACH attack, it is advisable for database administrators to avoid using column-level permission. Moreover, they can monitor the database usage patterns, such as DoS detection, and look for a single user with a sudden high number of updates.