Skip to main content
banner image
venafi logo

What Are Timing Attacks and How Do They Threaten Encryption?

What Are Timing Attacks and How Do They Threaten Encryption?

what-are-timing-attacks-and-threat-to-encryption
January 10, 2022 | Anastasios Arampatzis

A timing attack is a sophisticated way to circumvent security mechanisms and discover vulnerabilities by studying how long it takes the system to respond to different inputs. In a timing attack, the attacker gains information that is indirectly leaked by the application. This information is then used for malicious purposes, such as guessing the password of a user. Timing attacks are part of a wider family of attacks, called side-channel attacks.

SSL/TLS Certificates and Their Prevalence on the Dark Web. Read the report.
What are side-channel attacks?

A side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm (e.g. cryptanalysis and software bugs). An attacker utilizes the data gained from monitoring patterns in physical parameters such as EMF radiation, power consumption, response times, and acoustic emissions during cryptographic operations performed by the system. The attacker can then break encryption by leveraging this information to discover the associated key. Surprisingly detailed sensitive information is being leaked out from a few high-profile, top-of-the-line web applications in healthcare, taxation, investment and web search despite HTTPS protection.

How do timing attacks work?

Timing characteristics of cryptographic operations vary depending on the encryption key. Different systems require different amounts of time to process different inputs. The variables that influence the timing characteristics include performance optimizations, branching and conditional statements, processor instructions, RAM and cache hits.

A timing attack looks at how long it takes a system to do something and uses statistical analysis to find the right decryption key and gain access. The only information needed by the attacker is the timing information that is revealed by the algorithms of the application. By supplying various inputs to the application, timing the processing and statistically analyzing the information, the attacker can guess the valid input.

How do timing attacks threaten encryption?

The canonical example of a timing attack was designed by cryptographer Paul Kocher. He was able to expose the private decryption keys used by RSA encryption without breaking RSA. In his paper, Kocher mentions:

By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements.

The general belief was that timing attacks were only applied in the context of hardware security tokens such as smartcards. The assumption was that timing attacks could not be used to attack general purpose servers, since decryption times are masked by many concurrent processes running on the system. However, research by David Brumley and Dan Boneh of Stanford University challenged this assumption. The two researchers demonstrated that they “can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.”

The most notable vulnerability involving timing attacks are Meltdown and Spectre, which were discovered in 2017 and affected most CPUs. In fact, Spectre is considered the most powerful timing attack in history. Further information about these vulnerabilities can be found on the website created by the researchers who discovered them.

How to protect against timing attacks

The basic idea behind counter timing attacks is to ensure that information related to the execution time doesn’t have a pattern that would enable the adversary to predict the key. As Kocher mentions in his paper: “The most obvious way to prevent timing attacks is to make all operations take exactly the same amount of time. Unfortunately, this is often difficult. Making software run in fixed time, especially in a platform-independent manner, is hard.

Brumley and Doneh offer three possible solutions to the problem: “The most widely accepted defense against timing attacks is to perform RSA blinding.” And they continue saying that “Two other possible defenses are suggested often but are a second choice to blinding. The first is to try and make all RSA decryptions not dependent upon the input ciphertext… Another alternative is to require all RSA computations to be quantized, i.e., always take a multiple of some pre-defined time quantum.” (See paper here.)

Conclusion

Timing attacks and other side-channel attacks are often overlooked while designing an algorithm. Poor implementations of these cryptographic algorithms can make them vulnerable to an adversary. They can leak vital information, disclose the encryption key and compromise the encryption mechanism. The root causes of such vulnerabilities are the efforts to reduce execution time and improve performance of cryptographic algorithms. The best way to mitigate these vulnerabilities is to pay attention during the implementation of the algorithms to make them resistant to these attacks, even if it comes at the cost of a reduction in overall performance. This is especially important where security is top of the priority list.

Related posts

Like this blog? We think you will love this.
image representing big data
Featured Blog

Le chiffrement homomorphe : Définition et utilisation

Qu'est-ce que le chiffrement homomorphe ? Le

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more