Web Timing Attacks Made Practical

Explore the practical applications of web timing attacks in this Black Hat conference talk. Delve into the complexities of obtaining accurate timing measurements and performing statistical analysis for identifying and exploiting vulnerabilities in cryptographic systems and web applications. Learn about improved data collection methods and statistical analysis techniques, including the implementation of an adaptive Kalman filter for greater accuracy in classifying timing differences. Discover how these advancements make timing attacks more feasible in congested networks and accelerate attacks under ideal conditions. Gain insights into TCP timestamps, paired sampling, time of day considerations, and network data analysis. Understand the use of Coleman filters, box tests, and Monte Carlo analysis in the context of web timing attacks. Benefit from the introduction of a new open-source timing attack tool suite released to the community as part of this research.

Introduction
What are Web Timing Attacks
Critical Operations
Background Research
Goals
Data Collection
TCP timestamps
Paired Sampling
Time of Day
Network Data
Coleman Filter
Box Test
Monte Carlo Analysis
Thanks Jason
NanOwn
Training Testing
Conclusion
Home Network