The Blackhat staff recently posted the video and slides from our talk on remote timing attacks. You can watch the talk via the playlist below. While there wasn’t enough time to go into detail in every aspect, I think this talk gives a good explanation why developers should take these attacks seriously.
Our conclusions can be summarized as:
- Surprisingly small timing differences are visible from remote (< 40 ns LAN, < 25 μs Internet in this talk). This is an improvement over previously published results.
- Many factors thought to prevent timing attacks, including geographical distance and competing server load, do not have as big an effect as tradition suggests.
- Many common crypto libraries have timing leaks and some are exploitable.
- If you deliver software as a product, you can’t make assumptions about your customer’s threat model for side channel leaks. They may just be on Slicehost or EC2 or use a slow embedded processor.
- Since some routines that leak timing information (such as “terminate early compare”) are easy to fix, it’s better to be conservative than hope your customer’s environment prevents exploitation.
Since giving this talk at Blackhat, we have an updated version with new results. I had hoped to post it now, but it turns out that perfect is still the enemy of “good enough”. We’ll have more on that soon. In the meantime, I hope this talk is helpful to you.
rdist 
Youtube? Is there no paper?
I found this one very interesting:
Click to access RemoteTiming.pdf
The slides are visible throughout the talk. Yes, the Crosby paper is one we cite heavily, and it is excellent.
There is no paper currently. We are working on revised and expanded slides that will summarize new findings and lay out questions for future work. I had intended to have those done by now, but in addition to paying work, ran into new questions when attempting to finalize answers to old ones. What we found is quite interesting and gives more nuance.
I hope to publish those here soon.