Specifically, we devise a timing attack against OpenSSL. The experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network.
Results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.
Full paper [url=http://crypto.stanford.edu/~dabo/papers/ssl-timing.ps]PS[/url] or [url=http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf]PDF[/url]. Here’s a local copy in PDF format:[url=https://deepquest.code511.com/blog/images/uploads/txt/ssl-timing.pdf]ssl-timing.pdf[/url]