Side-Channel Data Leaks and Software-as-a-Service

What can be inferred from this headline that an IT trade publication recently ran about a study conducted by Microsoft and Indiana University: “SaaS Apps May Leak Data Even When Encrypted, Study Says”?

19 May 2010

What can be inferred from this headline that an IT trade publication recently ran about a study conducted by Microsoft and Indiana University: “SaaS Apps May Leak Data Even When Encrypted, Study Says”?

1. There was a study conducted on SaaS apps leaking data.
2. The study stated that SaaS apps leak data.
3. The study says SaaS apps do not sufficiently protect data.
4. A combination of options one, two and three.
5. The study primarily pinpointed security threats to misconfigured Web applications depending on data they process.

The correct answer, according to most people, would naturally be option four. However, the answer would change if you actually read the recent research paper from Microsoft and Indiana University on side-channel data leaks. In this post, I will address the confusion that this paper may cause. It describes how all Web apps, when they operate on data with low entropy (or Shannon entropy, which quantifies the information contained in a message, usually in bits) may leak data despite information being encrypted.  A crude example of low entropy data is the selection of months on a Web page as there are only 12 pre-defined choices.

This particular paper starts: "With software-as-a-service becoming mainstream, more and more applications are delivered to the client through the Web." As this follows the headline at the top of the research, which refers to side-channel leaks in Web applications, it can easily lead to the conclusion that the issue is related to the SaaS model.

The paper, however, subsequently goes on to show that the issue is not specific to SaaS as a delivery mechanism. The following statement later on in the research makes that clear: "The root cause of the side-channel vulnerability in Web applications is actually some of their fundamental features, such as frequent small communications, diversity in the contents exchanged in state transitions, and stateful communications." Essentially, researchers use some advanced math to show that if you know what to expect from the Web server in response to user action on the browser, it is possible to infer the content of encrypted data flow.

The threat of side-channel leaks is real but I will comment on the assumptions of the research and leave room for conclusions to the reader. For starters, an attacker would need to have access to the HTTPS traffic, which is not trivial but is also certainly not impossible. Furthermore, an attacker would need to know or, at least be able to easily deduct, how a specific response would look on encrypted form.

Another generalization that, in my opinion, does not apply to most business-class Web applications, is the assumption of low entropy in data that those applications process. This assumption is particularly wrong for Intralinks since the critical data we process consists of file names and file content — hardly low entropy information. The threat of side-channel data leaks is inherent to Web application since both data flows and control flows are open to eavesdropping on public networks. In my opinion, it is, however, extremely unlikely to be exploited, given the level of familiarity required with the application under attack.

The answer to this threat was in the study itself, but for reasons unknown to me, the authors did not propose it. The problem, as they state it, is the predictability of the encrypted data when streaming ciphers are used in SSL communications. Configuring the SSL to support only block ciphers will address the issue without a single code change. Best of all, this solution is application-agnostic and can be applied overnight. So, if one is concerned with side-channel data leaks, they should disable support for streaming ciphers either in their user browser or on the web servers of the business applications they use to address the issue once and for all.

In conclusion, the answer to the question that I posed at the beginning of my blog is number five — the study primarily pinpointed security threats that some Web applications are susceptible to.  It is unfortunate that the upfront part of Microsoft and Indiana University’s research was misleading and could be construed as the SaaS model introducing a high security risk in leaking data even when encrypted communication channels are used. I believe that there is a minimal risk of side-channel data leaks in the Web applications, SaaS or not, when there is high entropy and properly configured SSL is used.

Mushegh Hakhinian

Mushegh Hakhinian

Mushegh Hakhinian represents Intralinks at the Cloud Security Alliance SME Council, is a certified information systems security professional, and is a frequent contributor to industry publications. Prior to joining Intralinks, Mr. Hakhinian lead security functions at a multi-tenant online banking service provider and an international bank.