Skip to main content
Article thumbnail
Location of Repository

Opportunities and Limits of Remote Timing Attacks

By Scott A. Crosby, Dan S. Wallach, Rudolf H. Riedi and Rice Unversity

Abstract

Many algorithms can take a variable amount of time to complete depending on the data being processed. These timing differences can sometimes disclose confidential information. Indeed, researchers have been able to reconstruct an RSA private key purely by querying an SSL web server and timing the results. Our work analyzes the limits of attacks based on accurately measuring network response times and jitter over a local network and across the Internet. We present the design of filters to significantly reduce the effects of jitter, allowing an attacker to measure events with 15-100µs accuracy across the Internet, and as good as 100ns over a local network. Notably, security-related algorithms on web servers and other network servers need to be carefully engineered to avoid timing channel leaks at the accuracy demonstrated in this paper

Topics: Categories and Subject Descriptors, C.2.0 [Computer-Communication Networks, General—Security, C.2.5 [Computer-Communication Networks, Local and Wide-Area Networks—Internet General Terms, Security, Measurement Additional Key Words and Phrases, Information leakage, Jitter, Timing attacks
Year: 2010
OAI identifier: oai:CiteSeerX.psu:10.1.1.178.1789
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.cs.rice.edu/%7Escro... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.