Crosby, Scott A.Riedi, Rudolf H.Wallach, Dan S.2017-08-022017-08-022007-05-26Crosby, Scott A., Riedi, Rudolf H. and Wallach, Dan S.. "Opportunities and Limits of Remote Timing Attacks." (2007) https://hdl.handle.net/1911/96356.https://hdl.handle.net/1911/96356Many algorithms can take a variable amount of time to complete depending on the data being processed. These timing differences can sometimes disclose confidential information. Indeed, researchers have been able to reconstruct an RSA private key purely by querying an SSL web server and timing the results. Our work analyzes the limits of attacks based on accurately measuring network response times and jitter over a local network and across the Internet. We present the design of filters to significantly reduce the effects of jitter, allowing an attacker to measure events with 15-100μs accuracy across the Internet, and as good as 100ns over a local network. Notably, security-related algorithms on web servers and other network servers need to be carefully engineered to avoid timing channel leaks at the accuracy demonstrated in this paper.36 ppengYou are granted permission for the noncommercial reproduction, distribution, display, and performance of this technical report in any format, but this permission is only for a period of forty-five (45) days from the most recent time that you verified that this technical report is still available from the Computer Science Department of Rice University under terms that include this permission. All other rights are reserved by the author(s).Technical reportTR07-03