Hackers build a better timing attack to crack encryption keys
A new technique for cracking encryption keys can overcome the limitations of popular timing attacks by analyzing network packets, according to researchers at Black Hat 2021.
Researchers have a developed a novel form of timing attack that can more efficiently crack encryption keys.
The duo of Mathy Vanhoef, postdoctoral researcher at New York University Abu Dhabi, and researcher Tom Van Goethem of KU Leuven's imec-DistriNet research group, took to the stage at Black Hat 2021 Wednesday to explain their technique of "timeless" attack operations that overcome current timing attack limitations.
Timing attacks are a form of encryption cracking based on analyzing the way CPUs process encoded data. By taking close measurements of the time taken by a CPU to complete specific tasks, it has been found that, over time, an adversary could decode a victim's private encryption key.
While effective in theory, timing attacks have proven extremely difficult to carry out in practice beyond local ethernet connections. As an attacker gets further away from the victim, latency and network traffic "jitter" make it harder to properly analyze the timing.
This means an attacker trying to reach a victim from the other side of the European Union (EU) region would need thousands of repeated data transmissions to successfully pull off the attack; extracting secrets from another continent is practically impossible.
To overcome these limitations, Vanhoef and Van Goethem decided to discard the practice of timing CPU processing and instead analyze the speed at which packets arrive. Because modern servers and networks use techniques such as concurrency -- processing multiple packets at the same time -- the arrival of packets can substitute the timing of processing tasks.
Rather than try to measure CPU timing, the researchers decided to simply send the target a pair of packets. Thanks to advanced CPUs and networking techniques, the packets get handled as a pair. They were processed concurrently and returned to the source. The timing of the return on those packets was then measured.
This allowed Vanhoef and Van Goethem to measure timing without having to worry about distortion from network jitter, as they were both subjected to the same conditions. The timing was then measured and, much like timing attacks, analyzed over multiple attempts to eventually work out secret encryption keys.
The technique proved remarkably efficient, according to the presentation. In lab tests, researchers in the EU were able to decode a secret key from a server anywhere in the world at a timing differential of 100 nanoseconds. Not only was processing at this timing difference not possible to do across continents with conventional timing attacks, but it was beyond the level conventional attacks could even decode at the localhost level.
"We find that these timeless timing attacks are not affected by jitter at all," Van Goethem said. "The attack is quite practical."