Remote timing attacks are practical
Authors: D. Boneh and D. Brumley
Abstract:
Timing attacks are usually used to attack weak computing devices such
as smartcards. We show that timing attacks apply to general software
systems. Specifically, we devise a timing attack against OpenSSL.
Our experiments show that we can extract private keys from an
OpenSSL-based web server running on a machine in the local network. Our
results demonstrate that timing attacks against network servers are
practical and therefore all security systems should defend against
them.
Reference:
In proceedings of the 12th Usenix Security Symposium, 2003
Full paper: pdf, ps [first posted 5/2003 ]