Title :
Timing attacks against trusted path
Author :
Trostle, Jonathan T.
Abstract :
Presents new attacks against a user workstation´s trusted path mechanism. These timing attacks can cause a user´s password to leak bits. The timing attacks can then be combined with network authentication protocol brute-force attacks against the remainder of the key space to obtain the user´s password. We present several countermeasures against this attack. We also define a property of user systems (workstations) called Trojan horse non-persistence. Workstations that fail to have this properly are more vulnerable to the timing attack and other Trojan horse attacks
Keywords :
authorisation; computer viruses; message authentication; timing; workstations; Trojan horse nonpersistence; bit leaking; countermeasures; key space; network authentication protocol brute-force attacks; timing attacks; trusted path mechanism; user password; user systems; user workstation; Access control; Authentication; Cryptographic protocols; Horses; Invasive software; Java; Timing; Web pages; Workstations; World Wide Web;
Conference_Titel :
Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-8386-4
DOI :
10.1109/SECPRI.1998.674829
