The Paper
Remote Timing Attacks are Practical
Paper Link
https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Format
We start at 6:10, don't be late!
The discussion lasts for about 1 to 1.5 hours, depending upon the paper.
- Read the paper (done before you arrive)
- Introductions (name, and background)
- First impressions (1-2 minutes this is what I thought)
- Structured review (we move through the paper in order, everyone gets a chance to ask questions, offer comments, and raise concerns)
- Free form discussion
- Nominate and vote on the next paper
Abstract
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.