Racing Towards Practical Timing Attacks
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the practical implications of timing side-channel attacks in web applications through this 50-minute Black Hat conference talk. Delve into the detection and exploitability of timing vulnerabilities in common scenarios, including database queries, message authentication codes, web API keys, OAuth tokens, and login functions. Learn about the 'time trial' tool and gain insights into measuring timing differences remotely across various network environments. Understand the significance of these attacks for defensive security, penetration testing, and research roles. Examine experimental results demonstrating precise timing measurements and their distinguishability in modern web frameworks and servers. Gain a comprehensive update on the state-of-the-art in exploiting timing attacks and evaluate their severity and impact on web application security.
Syllabus
Intro
Side-Channel Attacks
Timing Side-Channels
Basic Timing Side-Channel
Prior Work!
Real Jitter
Statistical Methods
Why a tool for timing attacks?
Goals and Design
Optimizations
Timing Resolution: Loopback
Overview of Results
String comparison
Microbenchmarks (in nanoseconds)
Branching
Time-Based Padding Oracle
Future Plans
Taught by
Black Hat
Related Courses
Side-Channel AttacksTheIACR via YouTube TPM-FAIL - TPM Meetings Timing and Lattice Attacks
TheIACR via YouTube FPGA Glitching & Side Channel Attacks
Hackaday via YouTube Timeless Timing Attacks
Black Hat via YouTube How the Best Hackers Learn Their Craft
RSA Conference via YouTube