Explore a groundbreaking security presentation from Black Hat EU 2013 that introduces the TIME (Timing Info-leak Made Easy) attack, an evolution of the CRIME (Compression Ratio Info-leak Made Easy) attack against SSL encryption. Delve into how the researchers address the limitations of CRIME by targeting HTTP responses and using timing information differential analysis. Learn about the simplified attack model that potentially allows any malicious site to launch a TIME attack against innocent visitors, breaking SSL encryption and Same Origin Policy. Discover the increased attack surface due to widespread use of HTTP response compression. Gain insights into the actual proof of concept, the relevance of compression ratio information leakage for HTTP responses, and suggested mitigation steps against the TIME attack.
Overview
Syllabus
Black Hat EU 2013 - A Perfect CRIME? Only TIME Will Tell
Taught by
Black Hat