New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

timing side channel hacking

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.

Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network connection at any given point in time.

But since measuring the time taken to execute cryptographic algorithms is crucial to carrying out a timing attack and consequently leak information, the jitter on the network path from the attacker to the server can make it impractical to successfully exploit timing side-channels that rely on a small difference in execution time.

The new method, called Timeless Timing Attacks (TTAs) by researchers from DistriNet Research Group and New York University Abu Dhabi, instead leverages multiplexing of network protocols and concurrent execution by applications, thus making the attacks immune to network conditions.

“These concurrency-based timing attacks infer a relative timing difference by analyzing the order in which responses are returned, and thus do not…

http://feedproxy.google.com/~r/TheHackersNews/~3/5dvftYNf1vo/http2-timing-side-channel-attacks.html

Have a comment? Type it below!