Remote Timing Attacks Are Practical

Timing attacks are usually used to attack weak computing devices such as smartcards. The authors show that timing attacks apply to general software systems. Specifically, they devise a timing attack against OpenSSL. The experiments show that they can extract private keys from an OpenSSL-based web server running on a machine in the local network. The results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.

Provided by: Stanford University Topic: Security Date Added: Jan 2011 Format: PDF

Find By Topic