We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Timeless Timing Attacks

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
13
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Goethem, Tom Van Vanhoef, Mathy

Formal Metadata

Title
Timeless Timing Attacks
Title of Series
Number of Parts
84
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
25 years ago, the first timing attacks against well-known cryptosystems such as RSA and Diffie-Hellman were introduced. By carefully measuring the execution time of crypto operations, an attacker could infer the bits of the secret. Ever since, timing attacks have frequently resurfaced, leading to many vulnerabilities in various applications and cryptosystems that do not have constant-time execution. As networks became more stable and low-latency, it soon became possible to perform these timing attacks over an Internet connection, potentially putting millions of devices at risk. However, attackers still face the challenge of overcoming the jitter that is incurred on the network path, as it obfuscates the real timing values. Up until now, an adversary would have to collect thousands or millions of measurements to infer a single bit of information. In this presentation, we introduce a conceptually novel way of performing timing attacks that is completely resilient to network jitter. This means that remote timing attacks can now be executed with a performance and accuracy that is similar as if the attack was performed on the local system. With this technique, which leverages coalescing of network packets and request multiplexing, it is possible to detect timing differences as small as 100ns over any Internet connection. We will elaborate on how this technique can be launched against HTTP/2 webservers, Tor onion services, and EAP-pwd, a popular Wi-Fi authentication method. REFERENCES: See page 15 to 17 in our paper for a list of references: https://www.usenix.org/system/files/sec20-van_goethem.pdf
00:00
Server (computing)Dependent and independent variablesSet (mathematics)Mathematical analysisComputer networkLeakNumberMeasurementPoint cloudInternet service providerComputer networkWeb browserInformation securityComputing platformSoftwareWeb 2.0CryptographyWireless LANInformationGroup actionServer (computing)Run time (program lifecycle phase)Multiplication signDifferent (Kate Ryan album)Connected spaceBit rateSide channel attackResponse time (technology)Process (computing)LeakSet (mathematics)IterationNumberBitMaxima and minimaCASE <Informatik>Dependent and independent variablesExploit (computer security)Instance (computer science)Total S.A.Representation (politics)Data storage device2 (number)Order (biology)Universe (mathematics)AuthenticationStatisticsTime zoneWeb applicationStatistical hypothesis testingCloud computingCondition numberExtension (kinesiology)NeuroinformatikSoftware testingCodeLoop (music)Element (mathematics)WordGreatest elementSensitivity analysisMeasurementRight angleRemote procedure callInternetworkingPresentation of a groupComputer virusComputer animation
08:33
Dependent and independent variablesAbsolute valueExploit (computer security)Concurrency (computer science)Computer networkMeasurementSequenceServer (computing)Process (computing)TDMACommunications protocolVirtuelles privates NetzwerkComputer configurationEncapsulation (object-oriented programming)Cellular automatonEmailException handlingOperations researchCryptographyParallel portTransport Layer SecurityNumberTimestampInternetworkingLocal area networkLocal ringRemote procedure callMultiplication signOrder (biology)Single-precision floating-point formatDependent and independent variablesSoftware maintenanceCommunications protocolEncapsulation (object-oriented programming)Connected spaceServer (computing)MultiplicationCartesian coordinate systemAbsolute time and spaceArithmetic meanDifferent (Kate Ryan album)Cellular automatonCASE <Informatik>Run time (program lifecycle phase)BitLeakCarry (arithmetic)SoftwareSequenceResultantConcurrency (computer science)Surjective functionTimestampNumberMeasurementMereologyInternetworkingParallel portException handlingOperator (mathematics)Sound effectField (computer science)Slide ruleComputer animation
16:32
InternetworkingLocal area networkLocal ringSequenceAuthenticationDirected setWebsiteHTTP cookieLeakDependent and independent variablesVideoconferencingServer (computing)InformationReal numberFunction (mathematics)Computer networkWeb browserControl flowÜberlastkontrolleClient (computing)Kernel (computing)LeakContrast (vision)Multiplication signCross-site scriptingSet (mathematics)Different (Kate Ryan album)ÜberlastkontrolleAuthenticationServer (computing)Order of magnitudeClient (computing)Single-precision floating-point formatDirection (geometry)InformationSoftwareInternetworkingNumberGame controllerKernel (computing)Web browserWebsiteHTTP cookieDependent and independent variablesLine (geometry)Uniform resource locatorQueue (abstract data type)CodeLocal ring2 (number)Square numberCodeLocal area networkTraffic reportingMechanism designOrder (biology)CASE <Informatik>Functional (mathematics)VideoconferencingKey (cryptography)Computer animation
24:20
Directed setWebsiteAuthenticationPasswordPublic key certificateServer (computing)Client (computing)Message passingCommunications protocolTransport Layer SecurityTelecommunicationLeakPoint (geometry)Dependent and independent variablesFrame problemData bufferRadiusIterationCore dumpFlock (web browser)Point cloudMeasurementInformationNumberClient (computing)Identity managementPasswordRadiusFreewareDependent and independent variablesServer (computing)Multiplication signMultiplicationAlgorithmPoint (geometry)Communications protocolCombinational logicRight angleLeakEnterprise architectureTelecommunicationRun time (program lifecycle phase)Connected spaceMessage passingPublic key certificateComputer networkAuthenticationInformationMeasurementProcess (computing)Order (biology)CASE <Informatik>Cross-site scriptingForcing (mathematics)Cartesian coordinate systemWordSingle-precision floating-point formatFrame problemRow (database)2 (number)Buffer solutionDirection (geometry)PhysicalismMereologyCore dumpPoint cloudComputer animation
31:24
GradientBit rateMultiplication signInformation managementLevel (video gaming)Wage labourElectronic meeting systemRight angleString (computer science)Information securityLevel (video gaming)Cartesian coordinate systemContent (media)Order (biology)Functional (mathematics)Military rankResultantPassword
33:25
Thresholding (image processing)PasswordIntermediate value theoremDependent and independent variablesWeb 2.0PasswordDatabaseQuery languageMatching (graph theory)Link (knot theory)Multiplication signEqualiser (mathematics)LeakOrder (biology)Level (video gaming)Information securityLibrary (computing)Functional (mathematics)Arithmetic meanResultantServer (computing)Content (media)Thresholding (image processing)Set (mathematics)Mereology
37:29
Demo (music)Computer clusterMusical ensembleBitOrder (biology)Dependent and independent variablesPasswordSet (mathematics)Demo (music)Entire functionRandomizationLine (geometry)Reverse engineeringReal numberComputer animation
40:16
Physical systemEncapsulation (object-oriented programming)Communications protocolComputer networkSimilarity (geometry)Source codeDemo (music)Remote procedure callSource codePhysical systemAuthenticationMultiplication signOrder (biology)TwitterLink (knot theory)Library (computing)SoftwareCommunications protocolEncapsulation (object-oriented programming)Demo (music)AdditionServer (computing)Computer animation
Transcript: English(auto-generated)