Achtung:

Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Info-Icon This content is not available in English
Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft Show image information

Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft

In-depth analysis of timing attacks

Timing attacks exploit tiny timing differences in the behavior of an application. This tiny difference, also called a side channel, can lead to severe consequences and allow an attacker to retrieve confidential information, extract user data or even cryptographic keys. In the recent years, we have observed many timing side channels in the scientific literature.

Once a timing side channel in an implementation is found, it does not directly mean it is exploitable. The practical exploitability depends on many properties given by the scenario, attack type, etc. The attacker needs to answer many questions to assess the exploitability, for example: What is the measurable timing difference? How many requests does he need to send? Unfortunately, there are not that many practical tools that provide reliable automatic statistical methods to answer these questions.

The goal of this thesis is to:

  • Analyze well-known timing side-channel attacks.
  • Develop a tool for assessing practical exploitation of timinig side channels based on statistical tests.

References:

Requirements:

  • Interest in network security and statistical tests
  • Basic cryptographic know-how
Further information:

The University for the Information Society