Timeless Timing Attacks

Conference:  Defcon 29



The presentation discusses direct and cross-site timeless timing attacks and their potential to leak sensitive information from web servers.
  • Direct timing attacks involve an attacker directly connecting to a target server and observing the order of responses to exploit timing leaks.
  • Cross-site timeless timing attacks can be launched when a victim lands on a malicious website and their cookies are automatically included in the request, allowing the attacker to leak sensitive information.
  • The presentation provides examples of vulnerabilities found in applications such as a document vault and a search function in HackerOne.
  • Timeless timing attacks offer an order of magnitude improvement over traditional timing leaks and can be performed remotely over the internet.
  • The cost of performing a brute force attack using information obtained from a timing attack can be less than one dollar when performed on the cloud.
The presenter demonstrated how a document vault application was vulnerable to a timing attack. By searching for a specific string, the attacker could determine if there was at least one document that matched the search and exploit the timing leak to guess the password of the victim. This highlights the potential danger of timing attacks in leaking sensitive information.


25 years ago, the first timing attacks against well-known cryptosystems such as RSA and Diffie-Hellman were introduced. By carefully measuring the execution time of crypto operations, an attacker could infer the bits of the secret. Ever since, timing attacks have frequently resurfaced, leading to many vulnerabilities in various applications and cryptosystems that do not have constant-time execution. As networks became more stable and low-latency, it soon became possible to perform these timing attacks over an Internet connection, potentially putting millions of devices at risk. However, attackers still face the challenge of overcoming the jitter that is incurred on the network path, as it obfuscates the real timing values. Up until now, an adversary would have to collect thousands or millions of measurements to infer a single bit of information. In this presentation, we introduce a conceptually novel way of performing timing attacks that is completely resilient to network jitter. This means that remote timing attacks can now be executed with a performance and accuracy that is similar as if the attack was performed on the local system. With this technique, which leverages coalescing of network packets and request multiplexing, it is possible to detect timing differences as small as 100ns over any Internet connection. We will elaborate on how this technique can be launched against HTTP/2 webservers, Tor onion services, and EAP-pwd, a popular Wi-Fi authentication method. REFERENCES: See page 15 to 17 in our paper for a list of references: https://www.usenix.org/system/files/sec20-van_goethem.pdf