Skip to content
/ sidedetect Public

Detect timing attacks, cache timing, and branch prediction vulnerabilities

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hallucinaut/sidedetect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
cmd/sidedetect
cmd/sidedetect
 
 
pkg/sidechannel
pkg/sidechannel
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
sidedetect_test.go
sidedetect_test.go
 
 

Repository files navigation

sidedetect - Side-Channel Vulnerability Scanner

Go License

Detect timing attacks, cache timing, and branch prediction vulnerabilities in source code.

Identify side-channel vulnerabilities in cryptographic implementations and security-critical code.

🚀 Features

  • Timing Attack Detection: Find non-constant-time comparisons and secret-dependent operations
  • Cache Timing Analysis: Detect table-based crypto operations vulnerable to cache attacks
  • Branch Prediction Analysis: Identify data-dependent branching patterns
  • Constant-Time Checks: Verify cryptographic implementations use constant-time operations
  • Risk Scoring: Calculate security risk scores based on vulnerability severity
  • Multi-Language Support: Analyze Go, C/C++, Rust, Java, Python, JavaScript, and more

📦 Installation

Build from Source

git clone https://github.com/hallucinaut/sidedetect.git
cd sidedetect
go build -o sidedetect ./cmd/sidedetect
sudo mv sidedetect /usr/local/bin/

Install via Go

go install github.com/hallucinaut/sidedetect/cmd/sidedetect@latest

🎯 Usage

Scan Project

# Scan entire project directory
sidedetect scan ./myproject

# Scan specific directory
sidedetect scan /path/to/src

Analyze File

# Analyze a specific file
sidedetect analyze crypto.go
sidedetect check auth.go

Check Constant-Time

# Verify constant-time implementation
sidedetect check encryption.go

Programmatic Usage

package main

import (
    "fmt"
    "github.com/hallucinaut/sidedetect/pkg/sidechannel"
)

func main() {
    scanner := sidechannel.NewScanner()
    
    // Analyze source code
    sourceCode := `if password == secret { return true }`
    vulns := scanner.AnalyzeCode(sourceCode)
    
    fmt.Printf("Found %d vulnerabilities\n", len(vulns))
    
    // Check constant-time
    isConstant := sidechannel.ConstantTimeCheck(sourceCode)
    fmt.Printf("Constant-time: %v\n", isConstant)
    
    // Calculate risk score
    riskScore := sidechannel.CalculateRiskScore(vulns)
    fmt.Printf("Risk Score: %.0f%%\n", riskScore)
}

🔍 Vulnerability Types Detected

Timing Attacks (TC)

ID Type Severity CVSS Description
TC-001 Password Comparison HIGH 7.5 Non-constant-time password comparison
TC-002 Secret Indexing HIGH 7.0 Direct array indexing with secret data
TC-003 Secret Branching MEDIUM 6.5 Conditional branching on secret values

Cache Timing Attacks (CA)

ID Type Severity CVSS Description
CA-001 Table Lookup HIGH 7.8 Table lookup with secret index

Branch Prediction Attacks (BP)

ID Type Severity CVSS Description
BP-001 Branch Prediction MEDIUM 6.0 Data-dependent branching

📊 Risk Score

Score Status Action
90-100 Excellent No issues detected
70-89 Good Address medium vulnerabilities
50-69 Fair Address high/critical issues
<50 Poor Immediate remediation required

🧪 Testing

# Run all tests
go test ./...

# Run with coverage
go test -cover ./...

# Run specific test
go test -v ./pkg/sidechannel -run TestCheckTimingAttacks

📋 Example Output

Scanning: ./myproject
Type: directory

Scan Complete
=============

Side-channel vulnerabilities found: 4
Risk Score: 75%

Vulnerabilities:

[1] HIGH - Timing Attack - Password Comparison
    Location: auth.go:15
    Description: Non-constant time comparison detected - vulnerable to timing attacks
    CVSS: 7.5
    Recommendation: Use constant-time comparison functions

[2] HIGH - Cache Timing Attack - Table Lookup
    Location: crypto.go:42
    Description: Table lookup with secret index - vulnerable to cache timing attacks
    CVSS: 7.8
    Recommendation: Use constant-time table access

[3] MEDIUM - Timing Attack - Secret Branching
    Location: verify.go:28
    Description: Conditional branching based on secret data - timing leakage possible
    CVSS: 6.5
    Recommendation: Use constant-time control flow

[4] MEDIUM - Branch Prediction Attack
    Location: sign.go:55
    Description: Data-dependent branching - vulnerable to branch prediction attacks
    CVSS: 6.0
    Recommendation: Use branchless implementations

🔒 Security Considerations

  • Side-channel attacks can bypass traditional security controls
  • Timing attacks require precise measurement but are increasingly practical
  • Cache attacks work across process boundaries in some scenarios
  • Always use constant-time implementations for cryptographic operations

🛡️ Best Practices

  1. Use constant-time comparison for secrets (passwords, keys, tokens)
  2. Avoid table lookups with secret indices in cryptographic operations
  3. Use branchless implementations when possible for secret-dependent logic
  4. Employ constant-time crypto libraries like libsodium, Botan
  5. Regular security audits of cryptographic implementations

🏗️ Architecture

sidedetect/
├── cmd/
│   └── sidedetect/
│       └── main.go          # CLI entry point
├── pkg/
│   └── sidechannel/
│       ├── sidechannel.go   # Side-channel analysis
│       └── sidechannel_test.go # Unit tests
└── README.md

📄 License

MIT License

🙏 Acknowledgments

  • Side-channel security research community
  • Constant-time crypto library authors
  • Security researchers sharing vulnerability patterns

🔗 Resources

Built with GPU by hallucinaut

About

Detect timing attacks, cache timing, and branch prediction vulnerabilities

Topics

security cryptography constant-time timing-attack side-channel branch-prediction vulnerability-scanning cache-timing

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages