Remote Timing Attacks Are Practical

Date Added: Jan 2011
Format: PDF

Timing attacks are usually used to attack weak computing devices such as smartcards. The authors show that timing attacks apply to general software systems. Specifically, they devise a timing attack against OpenSSL. The experiments show that they can extract private keys from an OpenSSL-based web server running on a machine in the local network. The results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.