USENIX Conference Policies
Remote Timing Attacks Are Practical
David Brumley and Dan Boneh, Stanford University
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.
BibTeX
@inproceedings {270176,
author = {David Brumley and Dan Boneh},
title = {Remote Timing Attacks Are Practical},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/remote-timing-attacks-are-practical},
publisher = {USENIX Association},
month = aug
}
author = {David Brumley and Dan Boneh},
title = {Remote Timing Attacks Are Practical},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/remote-timing-attacks-are-practical},
publisher = {USENIX Association},
month = aug
}