Wallach, Dan S.2009-06-042009-06-042005Crosby, Scott A.. "Algorithmic attacks and timing leaks in distributed systems." (2005) Master’s Thesis, Rice University. <a href="https://hdl.handle.net/1911/17765">https://hdl.handle.net/1911/17765</a>.https://hdl.handle.net/1911/17765An important class of remotely applicable security attacks concerns time. You can attack somebody by making their algorithms run in their worst-case behavior rather than common-case behavior. Likewise, the processing time can disclose a secret. If an attacker can observe the time it takes for somebody to process a request, an attacker may learn something about the internal state. The first part of this thesis defines a new class of attacks that perform a remote denial of service by deliberately choosing inputs to make common algorithms slow. These attacks are widespread. We show that vulnerable hash tables are used by Perl and Squid and we illustrate an attack on the Bro IDS. This second part of this thesis analyzes the opportunities for determining a remote party's secret by analyzing processing time remotely over the Internet. Our measurements show that an attacker can potentially time a remote host to 300 nanoseconds over a local area network and less than 20 microseconds over the Internet.64 p.application/pdfengCopyright is held by the author, unless otherwise indicated. Permission to reuse, publish, or reproduce the work beyond the bounds of fair use or other exemptions to copyright law must be obtained from the copyright holder.Computer scienceThesisTHESIS COMP.SCI. 2005 CROSBY