Network security under siege: the timing attack

Abstract

Sophisticated new methods designed to break cryptographic systems have unsettled the industry's sense of security. Although most encryption algorithms are theoretically secure and remain impervious to even the most sophisticated cryptanalytic techniques, new attackslike the timing attack exploit the engineering side of network security. Factors such as branching and conditional statements, RAM cache hits, and processor instructions that run in nonfixed time all contribute to predictability and therefore to the probability of key decryption. his article discusses the implications of Paul Kocher's recent timing attack against the Diffie-Hellman key exchange protocol and Goldberg and Wagner's breach of the Netscape SSL protocol for secure transactions.