Vik Vanderlinden (DistriNet, KU Leuven), Tom Van Goethem (DistriNet, KU Leuven), Mathy Vanhoef (DistriNet, KU Leuven)
One of the most well-known side-channel attacks is to infer secret information from the time it takes to perform a certain operation. Many systems have been shown to be vulnerable to such attacks, ranging from cryptographic algorithms, web applications, and even micro-architectural implementations. Exploiting these side-channel leaks over a networked connection is known to be challenging due to variations in the round-trip time, i.e., network jitter. Timing attacks have become especially challenging as processors become faster, resulting in smaller timing differences, systems become more complex, making it more difficult to collect consistent measurements, and networks become more congested, amplifying the network jitter.
In this work we introduce novel remote timing attack methods that are completely unaffected by the jitter on the network path, making them several times more efficient than timing attacks based on the round-trip time, and allow for smaller timing differences to be detected. More specifically, the execution time is inferred from the TCP timestamp values that are generated by the server upon acknowledging the request and sending the response. Furthermore, we show how sequential processing of incoming requests can be leveraged to inflate the time of the secret-dependent operation, resulting in a more accurate attack. Finally, through extensive measurements and a real-world case study we demonstrate that the techniques we introduce in this paper have various advantageous properties compared to other timing attack methods: few(er) prerequisites are required, any TCP-based protocol is subject to these attacks, and the attacks can be executed in a distributed manner.