Timing Side-Channel Attacks
A timing side-channel attack exploits variations in the execution time of cryptographic algorithms to infer sensitive information, such as encryption keys, by measuring these differences.
This essentially involves leveraging time to understand a cryptographic implementation and then exploiting it to recover the secret.
Let us look into an example of Comparing a Password β
This is a classic example where we can actually conduct a timing side-channel attack. The password is matched one letter at a time. If a letter matches, it proceeds to the next one. Thus, there is a difference in timing between matched and unmatched letters. Comparing these timings can yield significant results. This can be achieved by feeding various inputs into the 'does_it_match' function. We can try different inputs to observe if the execution time remains:
Constant with the same input multiple times
Different with different input multiple times
Last updated