Re: Remote Timing Techniques over TCP/IP

From: Syzop (syz@dds.nl)
Date: 04/19/02


Date: Fri, 19 Apr 2002 06:06:17 +0200
From: Syzop <syz@dds.nl>
To: Mauro Lacy <maurol@mail.com>, bugtraq@securityfocus.com

Hi,

Mauro Lacy wrote:

> This paper describes remote timing techniques based on TCP/IP intrinsic operation and options. The techniques are used for careful observation of the TCP/IP data stream to detect timing differences in the operation of the remote application and relate them to selected data and/or phenomena.

This reminds me of http://online.securityfocus.com/archive/82/185167 (+see the thread) which
also discusses something like this (timing techniques) and the "additional noise" such as
task switches, etc.

> I'll quote here a comment by Paul Kocher, who told me in a private communication
>
> "You might want to try some ... statistical attacks ...
> ... -- using them, even very tiny differences (<1 us) can
> be resolved even if there is quite a lot of measurement error
> (>1 ms)... . The general math required
> is quite simple - you'd want to look for the difference between
> the *average* time when [for example] n bytes of a password
> are correct and the average time when n+1 bytes of the password
> are correct."

I also remember this reply with another aproach to this problem:
(from http://online.securityfocus.com/archive/82/186161 )
Quote:
> Why noise-filtering? Since there seem to be no invalid low numbers,
> just take the minimum of a certain amount of tries (1000, 10000)
> and check whether those give you a clue -- i.e. try to find
> the ones with the lowest noise and compare them.

I didn't read this all yet (it's a bit late), but it looks very interresting...

    Bram Matthys.



Relevant Pages

  • Re: Down East Microwave
    ... They quote a NF of < 1 ... The external noise at 50MHz will be much ... noise level will rise. ... worth worrying about, probably more sensible to consider the strong ...
    (uk.radio.amateur)
  • Re: Down East Microwave
    ... They quote a NF of < 1 ... The external noise at 50MHz will be much ... noise level will rise. ... worth worrying about, probably more sensible to consider the strong ...
    (uk.radio.amateur)
  • Re: Dang bird!
    ... whatever makes the most noise to warn off other males and attract ... on things just to make noise and announce their presence. ... drum on trees or even metal objects to declare territory." ... quote: "Male and female Northern Flickers make a loud, evenly spaced, ...
    (rec.food.cooking)
  • Re: Poll of U.S. Reading Habits
    ... I have friends who are like that: come home, turn on TV "for noise" ... (their quote not mine.) ... I suspect they pay no attention to it most of ... Some people are the same way with the radio. ...
    (rec.arts.mystery)