Abstract
Many algorithms can take a variable amount of time to complete depending on the data being processed. These timing differences can sometimes disclose confidential information. Indeed, researchers have been able to reconstruct an RSA private key purely by querying an SSL Web server and timing the results. Our work analyzes the limits of attacks based on accurately measuring network response times and jitter over a local network and across the Internet. We present the design of filters to significantly reduce the effects of jitter, allowing an attacker to measure events with 15-100
μ
s accuracy across the Internet, and as good as 100ns over a local network. Notably, security-related algorithms on Web servers and other network servers need to be carefully engineered to avoid timing channel leaks at the accuracy demonstrated in this article.
Funder
Division of Computer and Network Systems
National Science Foundation
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference45 articles.
1. Acharya A. and Saltz J. 1996. A study of Internet round-trip delay. Tech. rep. CS-TR-3736 Department of Computer Science University of Maryland. Acharya A. and Saltz J. 1996. A study of Internet round-trip delay. Tech. rep. CS-TR-3736 Department of Computer Science University of Maryland.
2. Improving Brumley and Boneh timing attack on unprotected SSL implementations
Cited by
34 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献