Skiplist Timing Attack Vulnerability

Nussbaum, Eyal; Segal, Michael

doi:10.1007/978-3-030-31500-9_4

Eyal Nussbaum¹² &
Michael Segal¹²

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11737))

Included in the following conference series:

1725 Accesses

Abstract

In this paper we address the structure and behavior of the probabilistic Skiplist data structure and present an exploit in the form of a timing attack on the structure. In this exploit, we show how to map the presumably hidden structure of a Skiplist by timing the return time of search queries. This data can then be used to perform operations on the Skiplist which will cause a degradation in its subsequent performance. In addition, we describe another exploitation of this data to use the Skiplist as a means of creating a hidden channel between two attackers. Finally, we propose a new variant of Skiplist we call a Splay Skiplist, which retains the \(O(\log n)\) performance of Skiplist while defending against the stated exploit.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 69.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Aspnes, J., Shah, G.: Skip graphs. ACM Trans. Algorithms 3(4) (2007). https://doi.org/10.1145/1290672.1290674
Article MathSciNet Google Scholar
Bagchi, A., Buchsbaum, A.L., Goodrich, M.T.: Biased skip lists. Algorithmica 42(1), 31–48 (2005). https://doi.org/10.1007/s00453-004-1138-6
Article MathSciNet MATH Google Scholar
Bethea, D., Reiter, M.K.: Data structures with unpredictable timing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 456–471. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_28
Chapter Google Scholar
Chen, J., Jindel, S., Walzer, R., Sen, R., Jimsheleishvilli, N., Andrews, M.: The memSQL query optimizer: a modern optimizer for real-time analytics in a distributed database. Proc. VLDB Endow. 9(13), 1401–1412 (2016). https://doi.org/10.14778/3007263.3007277
Article Google Scholar
Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12, SSYM 2003, p. 3. USENIX Association, Berkeley (2003). http://dl.acm.org/citation.cfm?id=1251353.1251356
Ergun, F., Cenk Şahinalp, S., Sharp, J., Sinha, R.K.: Biased skip lists for highly skewed access patterns. In: Buchsbaum, A.L., Snoeyink, J. (eds.) ALENEX 2001. LNCS, vol. 2153, pp. 216–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44808-X_18
Chapter Google Scholar
Futoransky, A., Saura, D., Waissbein, A.: Timing attacks for recovering private entries from database engines, January 2008
Google Scholar
Goodrich, M.T., Tamassia, R., Schwerin, A.: Implementation of an authenticated dictionary with skip lists and commutative hashing. In: Proceedings DARPA Information Survivability Conference and Exposition II, DISCEX 2001, vol. 2, pp. 68–82, June 2001. https://doi.org/10.1109/DISCEX.2001.932160
Goodrich, M.T., Kornaropoulos, E.M., Mitzenmacher, M., Tamassia, R.: More practical and secure history-independent hash tables. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 20–38. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_2
Chapter Google Scholar
Messeguer, X.: Skip trees, an alternative data structure to skip lists in a concurrent approach. ITA 31, 251–269 (1997)
MathSciNet MATH Google Scholar
Pugh, W.: Skip lists: a probabilistic alternative to balanced trees. Commun. ACM 33(6), 668–676 (1990)
Article Google Scholar
Sleator, D.D., Tarjan, R.E.: Self-adjusting binary search trees. J. ACM 32(3), 652–686 (1985). https://doi.org/10.1145/3828.3835
Article MathSciNet MATH Google Scholar
Solis, J., Tsudik, G.: Simple and flexible revocation checking with privacy. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 351–367. Springer, Heidelberg (2006). https://doi.org/10.1007/11957454_20
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

School of Electrical and Computer Engineering, Communication Systems Engineering Department, Ben-Gurion University, 84105, Beer-Sheva, Israel
Eyal Nussbaum & Michael Segal

Authors

Eyal Nussbaum
View author publications
You can also search for this author in PubMed Google Scholar
Michael Segal
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eyal Nussbaum .

Editor information

Editors and Affiliations

Universitat Oberta de Catalunya, Barcelona, Spain
Cristina Pérez-Solà
Universitat Autonoma de Barcelona, Bellaterra, Spain
Guillermo Navarro-Arribas
University of Luxembourg, Esch-sur-Alzette, Luxembourg
Alex Biryukov
Institut Mines-Télécom, Evry, France
Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Nussbaum, E., Segal, M. (2019). Skiplist Timing Attack Vulnerability. In: Pérez-Solà, C., Navarro-Arribas, G., Biryukov, A., Garcia-Alfaro, J. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2019 2019. Lecture Notes in Computer Science(), vol 11737. Springer, Cham. https://doi.org/10.1007/978-3-030-31500-9_4

Download citation

DOI: https://doi.org/10.1007/978-3-030-31500-9_4
Published: 20 September 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31499-6
Online ISBN: 978-3-030-31500-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics