Remote Timing Attacks. -Rashmi Kukanur. Agenda. Timing Attacks Case Study : David Brumley Dan Boneh Defenses. What is Timing Attack. Timing Attack : Extract secrets (private keys) in a security system by measuring the amount of time required to perform private key operations.
1.Select two large prime numbers p and q.
2.Let N= pq be the modulus.
3.Choose e relatively prime to (p-1)(q-1)
4.Find d s.t. ed = 1 mod (p-1)(q-1)
5.Public key (N,e)
6.Private Key d
Schindler’s observation :
Pr[Extra Reduction] = (g mod q) / 2R
0Timing Attack on Open SSL
guessing q: g try ghi to decide
(i.e 2log2N/2) and 2511(i.e 2log2N/2-1)
If i’th bit of q is 1 then g<ghi<q,
Using sample size of 7 and neighborhood of 400, 1433600 total queries. Attack time (on 1024-bit key) is about 2 hours.