12th USENIX Security Symposium Abstract
Pp. 1-14 of the Proceedings
Remote Timing Attacks Are Practical
David Brumley and Dan Boneh, Stanford University
Timing attacks are usually used to attack weak computing devices such
as smartcards. We show that timing attacks apply to general software
systems. Specifically, we devise a timing attack against OpenSSL.
Our experiments show that we can extract private keys from an
OpenSSL-based web server running on a machine in the local network. Our
results demonstrate that timing attacks against network servers are
practical and therefore security systems should defend against
- View the full text of this paper in HTML or
The Proceedings are published as a collective work, © 2003 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.