Much has been written about timing attacks since they first appeared over 15 years ago. However, many developers still believe that they are only theoretically exploitable and don't make it a priority to fix them.
We have notified vendors who declined to fix timing attacks for this reason. Thus, they won't have any problem with us using their applications as a demo for how to effectively exploit timing attacks, right?
This talk will show how we exploited timing attacks in common frameworks (such as the Java crypto framework). We will provide experimental evidence on what filtering techniques work best for dealing with network and host jitter to decrease attack time.
Finally, we will show the current limits of exploitability and give predictions about whether attackers or defenders will benefit more from future technology advances such as multicore systems and virtualization.
Root Labs Nate Lawson, founder of Root Labs, assists companies with the design of embedded security and cryptography. At Cryptography Research, Nate co-developed the Blu-ray content protection layer known as BD+. He is also the original developer of IBM/ISS RealSecure. Previous talks include common developer crypto mistakes and security flaws in the Fastrak RFID toll system.