31.12.2006 19:31

Clock skews again

Wired reports another clock skew-based attack. In fact, it's just an addition to another attack presented in 2005. This time clock akew is affected by the system load (and temperature change).

I don't find this attack usable against servers with average (and higher) load or those running more services, as it'd be very hard to be sure what has changed the clock skew. On the other hand, as one of the methods, with more different tests, it may be fine.

It should be noted that there are more and more attack agains cryptographic systems (anonymity systems like Tor use cryptography heavily) that are indirect, like all timing or cache attacks. It's quite an interesting thing and it has a number of reasons: such attacks are easy to deploy, but hard to defend against. And, probably the most importat thing: they use features which are not taken into account when creating a cryptographic protocol.

I think there are more such attacks comming. Who knows which one, and using which feature, will be the easiest to use in practice.

Posted by Mara | Permalink | Categories: Security