"Hackers Build a Better Timing Attack to Crack Encryption Keys"

Mathy Vanhoef, a postdoctoral researcher at New York University Abu Dhabi, along with Tom Van Goethem of KU Leuven's imec-DistriNet research group, have developed a new type of timing attack that can crack encryption more efficiently. Timing attacks are a form of encryption cracking that is based on how CPUs process encoded data. An adversary could decode a victim's private encryption key by measuring the time it takes for a CPU to complete specific tasks. Timing attacks have been proven effective in theory, but they have been found to be difficult to perform in practice beyond local ethernet connections. The further away an attacker is from the victim, the harder it is for them to properly analyze timing due to latency and network traffic jitter. In order to overcome these limitations, Vanhoef and Van Goethem discarded the practice of timing CPU processing and instead analyzed the speed of packet arrival. Since modern servers and networks use concurrency, which is the processing of multiple packets simultaneously, the arrival of packets can replace the timing of processing tasks. Instead of trying to measure CPU timing, they decided to send the target a pair of packets. The packets were processed concurrently and returned to the source, and the timing of their return was then measured. This allowed the researchers to measure timing without worrying about distortion from network jitter, because they were both constrained to the same conditions. The timing was then measured and analyzed over multiple attempts to work out secret encryption keys. This article continues to discuss the demonstration and efficiency of the new technique for cracking encryption keys that can overcome the limitations of popular timing attacks. 

SearchSecurity reports "Hackers Build a Better Timing Attack to Crack Encryption Keys"