Timing attacks exploit tiny timing differences in the behavior of an application. This tiny difference, also called a side channel, can lead to severe consequences and allow an attacker to retrieve confidential information, extract user data or even cryptographic keys. In the recent years, we have observed many timing side channels in the scientific literature.
Once a timing side channel in an implementation is found, it does not directly mean it is exploitable. The practical exploitability depends on many properties given by the scenario, attack type, etc. The attacker needs to answer many questions to assess the exploitability, for example: What is the measurable timing difference? How many requests does he need to send? Unfortunately, there are not that many practical tools that provide reliable automatic statistical methods to answer these questions.
The goal of this thesis is to:
- Analyze well-known timing side-channel attacks.
- Develop a tool for assessing practical exploitation of timinig side channels based on statistical tests.
- Interest in network security and statistical tests
- Basic cryptographic know-how