The Power of Evil Choices in Bloom Filters

Thomas Gerbet, Amrit Kumar, Cedric Lauradoux
2015 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks  
A Bloom filter is a probabilistic hash-based data structure extensively used in software including online security applications. This paper raises the following important question: Are Bloom filters correctly designed in a security context? The answer is no and the reasons are multiple: bad choices of parameters, lack of adversary models and misused hash functions. Indeed, developers truncate cryptographic digests without a second thought on the security implications. This work constructs
more » ... ary models for Bloom filters and illustrates attacks on three applications, namely SCRAPY web spider, BITLY DABLOOMS spam filter and SQUID cache proxy. As a general impact, filters are forced to systematically exhibit worst-case behavior. One of the reasons being that Bloom filter parameters are always computed in the average case. We compute the worst-case parameters in adversarial settings, show how to securely and efficiently use cryptographic hash functions and propose several other countermeasures to mitigate our attacks.
doi:10.1109/dsn.2015.21 dblp:conf/dsn/GerbetKL15 fatcat:suvydo7orndzpkmuzjrn6if5ky