PHDays video




Time is Not on Your Side: Exploiting Browser-Based Timing Attacks

Want to visit   +29

Author: Tom Van Goethem

This talk introduces a new threat: browser-based timing attacks that can be used to extract sensitive information from trusted websites. In a classic example of a timing attack, the attacker retrieves the secret key from a cryptosystem, such as RSA, by measuring the time that is required to encrypt several inputs. To investigate potential consequences, several popular web services were analyzed (email applications, social networks, financial websites) and the research revealed that these new attacks can be exploited in every service, posing an imminent threat to our online security and privacy. The speaker will demonstrate the harmful consequences by discussing several real-world scenarios.

  • Language
  • English

Tom Van Goethem is a PhD student at the University of Leuven (Belgium), where he has a (not so secret) love affair with research on security and privacy in the context of the Web. As a result of his security research, Tom exposed fundamental flaws in DDoS protection mechanisms, the security seal ecosystem, and several widely used services and web applications, such as WordPress.

Tom Van Goethem Tom Van Goethem

Back to the list