Security researchers have discovered a "timing attack" that creates a possible mechanism for a hacker to extract the secret key of a TLS/SSL server that uses elliptic curve cryptography (ECC). Elliptic curve cryptography is a type of public-key algorithm that uses the maths of elliptic curves rather than integer factorisation …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 25th May 2011 12:49 GMT Robert Hill

Huh

Did anyone else find that whole article cryptic?

2 1
1. Wednesday 25th May 2011 13:10 GMT trarch
  
  Countermeasure
  
  The article makes sense to me. The one thing I don't understand is their countermeasure, specifically how it does anything other than increase the factors to consider when measuring the time taken.
  
  0 0
  1. Wednesday 25th May 2011 15:43 GMT Mad Chaz
    
    contermeasure
    
    presumably, it makes the time it takes to process more random, so it can't be used for timing attacks
    
    0 0
  2. Wednesday 25th May 2011 20:38 GMT Robert Hill
    
    Cryptic...get it?
    
    I understood the article just fine...I was making a wordplay on "cryptic"...perhaps the joke alert would have been a more appropriate icon.
    
    i understand the article so well that I wonder why they don't use a random delay in the algorithm, rather than a set time to compute. The random delay would be interesting, because attackers would not know if they were facing an encryption algorithm that was vulnerable to such attacks, or one that was smart enough to randomly delay. As such, they may waste time attempting timing attacks.
    
    0 0
    1. Thursday 26th May 2011 08:41 GMT Marcus Aurelius
      
      Random is not random
      
      Most random number generation is itself predictable, so a badly implemented random delays would probably give you an entry into the system.
      
      The only random delay that would work and prevent intrusion is adding a random amount onto a fixed delay which is guaranteed to be longer than the time to compute, thus completely hiding the compute time.
      
      0 0
Wednesday 25th May 2011 13:10 GMT A Non e-mouse

Again ?

Haven't there been timing attacks against SSL before ?

0 0
Wednesday 25th May 2011 13:15 GMT Rob 5

Billy Bob FTW

Another silly stereotype falsified!

0 1
Wednesday 25th May 2011 15:58 GMT Giles Jones

Seedy code

I guess this is due to some code using the current time of day as a way of seeding a random number generator?

0 1
1. Wednesday 25th May 2011 19:49 GMT Steven Knox
  
  Nope.
  
  No this is the result of a ladder function being directly sensitive to the length of the input. Probably done in an effort to make the ladder function as fast as possible, rather than as consistent as possible. (I.e, it's not timing as in when you make the request, but timing as in how long the request takes to process.)
  
  Their fix makes the ladder function consistent. Me, I'd fix it by adding a random delay adjusted for the input length, thereby teasing fuzzers with what initially looks like it might be a timing exploit candidate but leads to garbage. But I'm a jerk.
  
  1 0
2. Wednesday 25th May 2011 19:52 GMT Ef'd
  
  Not quite
  
  That's not the issue here. The problem is with knowing that certain functions take different amounts of time to perform for different inputs. These time differentials allows the attacker to make educated guessed as to the contents of the input.
  
  0 0
  1. This post has been deleted by its author
Wednesday 25th May 2011 19:50 GMT E 2

Maybe a fix is

for openssl to sleep() for a brief random period after doing the ECC thing, thus obscuring the time interval that the attack is trying to measure?

0 0
Wednesday 25th May 2011 19:52 GMT TonyK

Six years out of date

This attack, and a robust counter-measure to it, were published in 2005 in "Advances in Elliptic Curve Cryptography" (Blake, Seroussi, & Smart - editors). So you are wrong to say 'Security researchers have discovered a "timing attack"'. If you had taken the trouble to follow your own link and read the Abstract there, you would have seen that all the Secutiry Researchers have done is to take this hackneyed old idea and show that OpenSSL is still vulnerable to it.

0 0
Wednesday 25th May 2011 19:52 GMT Anonymous Coward

Six years out of date

This attack, and a robust counter-measure to it, were published in 2005 in "Advances in Elliptic Curve Cryptography" (Blake, Seroussi, & Smart - editors). So you are wrong to say 'Security researchers have discovered a "timing attack"'. If you had taken the trouble to follow your own link and read the Abstract there, you would have seen that all the Secutiry Researchers have done is to take this hackneyed old idea and show that OpenSSL is still vulnerable to it.

0 0
1. Wednesday 25th May 2011 21:28 GMT nyelvmark
  
  Not so anonymous
  
  Lol.
  
  2 0
2. Wednesday 25th May 2011 22:50 GMT leexgx
  
  a
  
  thats funny posted first time then Anonymous (you not want to post your name)
  
  still he still does have an point ()
  
  0 0
Wednesday 25th May 2011 20:42 GMT kissingthecarpet

Hardcore hacking

Clever stuff - not one for the script kiddies, judging by the research paper. I think the countermeasure idea is to amend the algorithm so that it takes a similar time to perform whatever the bit length of the input, but I could be wrong (as always :-)

0 0
Wednesday 25th May 2011 23:49 GMT Havin_it

Nice timing

OpenSSH just got through changing their default host-key format to ECDSA (cue much faffing around with my Linux boxen). Hope they can get "countermeasures" in place rather than reverting to DSA.

0 0