timing attack

A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by studying how long it takes the system to respond to different inputs.

Timing characteristics will vary depending upon on the encryption key because different systems take slightly different amounts of time to process different inputs. Variables include performance optimizations, branching and conditional statements, processor instructions, RAM and cache hits. A timing attack looks at how long it takes a system to do something and uses statistical analysis to find the right decryption key and gain access.

The canonical example of a timing attack was designed by cryptographer Paul Kocher. He was able to expose the private decryption keys used by RSA encryption without breaking RSA. Timing attacks are also used to target devices such as smartcards and web servers that use OpenSSL. Web servers were believed to be less vulnerable to timing attacks because network conditions could mask differences in timing; recent research has challenged that assumption.

This was last updated in July 2016

Continue Reading About timing attack

Dig Deeper on Hacker tools and techniques: Underground hacking sites



Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What does your organization do to prevent timing attacks?


File Extensions and File Formats

Powered by: