Timeless Timing Attacks on HTTP/2 and WPA3…

[German]The new protocols HTTP/2 and WPA3 (WLAN) are currently being closely examined by security researchers. Timeless timing attacks can be used to extract sensitive information.


Advertising

The WPA2 protocol used to secure communication between routers and terminals in wireless networks is now around 20 years old. In October 2017 there was the information about security holes in WPA2 ( Information about the KRACK security hole in WPA2 can be found in my blog). The Wi-Fi Alliance, an industry association of device manufacturers such as Apple, Microsoft and Qualcomm, has announced the new next-generation wireless network security standard, WPA3, to replace the 'insecure' WPA2 in 2018. Implementations for specific devices (FRITZ!Box, or Windows 10) have been presented in the last weeks. 

Timeless Timing Attacks on HTTP/2 and WPA3…

I have just been informed via Twitter that security researchers are taking a closer look at HTTP/2 and WPA3. One carries out so-called Timeless Timing Attacks.

A new technique developed by researchers at the Belgian KU Leuven and New York University Abu Dhabi shows how malicious actors can exploit the special properties of network protocols to extract sensitive information. The technique, called "Timeless Timing Attacks", presented at this year's Usenix conference, exploits the way network protocols handle concurrent requests to solve one of the endemic challenges of remote timing side channel attacks. Details may be read within the linked document.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).