DBREACH - Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics

Explore a groundbreaking presentation on database security vulnerabilities in this 36-minute Black Hat conference talk. Delve into the world of compression side-channel attacks on real-world databases, focusing on the DBREACH (Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics) technique. Learn how attackers can potentially extract encrypted content inserted by other users, exploiting the dangerous combination of encryption and compression in large databases. Discover the intricacies of InnoDB page compression, supported compression algorithms, and the threat model behind these attacks. Gain insights into the attack algorithm, compressibility scores, and character-by-character extraction methods. Explore challenges such as the substring/superstring problem and techniques for overcoming noise in the side channel. Examine the efficiency, speed, and accuracy of the attack, as well as its potential impact on other systems. Conclude with a discussion on prevention strategies and patching vulnerabilities to enhance database security.