Remote Timing Attacks Are Practical
Authors:
David Brumley and Dan Boneh, Stanford University
Abstract:
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.
BibTeX
@inproceedings {270176,
author = {David Brumley and Dan Boneh},
title = {Remote Timing Attacks Are Practical},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/remote-timing-attacks-are-practical},
publisher = {USENIX Association},
month = aug
}
author = {David Brumley and Dan Boneh},
title = {Remote Timing Attacks Are Practical},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/remote-timing-attacks-are-practical},
publisher = {USENIX Association},
month = aug
}