[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Matt Blaze: Paul Kocher's timing attack

To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: Matt Blaze: Paul Kocher's timing attack
From: "Angelos D. Keromytis" <kermit@soscorp.com>
Date: Mon, 11 Dec 1995 10:39:26 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "Sun, 10 Dec 1995 23:40:46 EST." <199512110440.AA11632@interlock.ans.net>

In message <199512110440.AA11632@interlock.ans.net>, "Perry E. Metzger" writes:
>
>The attack in question is quite general and probably works for both
>Photuris and SKIP -- both should be changed around in the light of
>Kocher's attack.
>
Most certainly works for both.
One solution (in Photuris at least) is to always wait until the closest x
second multiple (i'd say x = 5) after the exponentation has finished. So, if
exponentation starts at time Y and finishes at Y + 7, the packet should be
transmitted no sooner than Y + 10. Essentially, packet transmission delay
(the time between receiving an EXCHANGE_RESPONSE and sending an IDENTIFICATION)
should be independent from the actual exponentation time. Note that the attack
only works on the exchange mentioned above.
-Angelos

PS. The paper implies that the same attack can be pulled on symetric
cryptosystems as well, but no analysis is done.

References:

Matt Blaze: Paul Kocher's timing attack

From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: Photuris meeting discussions
Next by Date: Paul Kocher's timing attack
Prev by thread: Matt Blaze: Paul Kocher's timing attack
Next by thread: Re: Matt Blaze: Paul Kocher's timing attack
Index(es):
- Main
- Thread