Timing Attack
Timing attacks measure how long a system takes to process inputs, using response time variations to deduce secrets like passwords or cryptographic keys character by character.
Timing attacks measure how long a system takes to process inputs, using response time variations to deduce secrets like passwords or cryptographic keys character by character.
Continue your mission
A timing attack is a specific type of side-channel attack where the attacker measures the time taken to execute cryptographic operations or authentication checks to infer secret information. Variations in processing time can reveal whether a submitted value partially matches the correct secret, allowing the attacker to reconstruct passwords, cryptographic keys, or authentication tokens one piece at a time.
The attacker sends carefully crafted inputs to a system and precisely measures the response time. In a classic string comparison timing attack, the system compares a submitted password character by character and returns failure at the first mismatch. The attacker notices that an incorrect first character returns faster than an incorrect second character, revealing that the first character was correct. By iterating through each position, the attacker reconstructs the entire secret. For cryptographic timing attacks, the attacker measures how long modular exponentiation or other operations take, correlating timing variations with specific key bits. High-resolution timers and statistical techniques can detect timing differences as small as nanoseconds, even across network connections.
Timing attacks are dangerous because they require no special access to the target system. They can be mounted remotely over networks and have been demonstrated against TLS implementations, API authentication, and password verification systems. Even small timing leaks can be amplified through repeated measurements and statistical analysis. Developers must use constant-time comparison functions for all secret-dependent operations, implement fixed-time cryptographic routines, and add artificial delays or jitter to prevent timing-based information leakage in authentication and authorization systems.
CDA Theater missions that address topics covered in this article.
Rogue access point detection identifies unauthorized wireless APs on the network using WIPS sensors, wired-side monitoring, and signal triangulation to prevent network bypass.
LLM security risks include data leakage, prompt injection, model supply chain attacks, and unauthorized tool execution, requiring organizations to treat AI models as high-privilege components.
Written by CDA Editorial
Found an issue? Help improve this article.