Time Will Tell: Exploiting Timing Leaks Using HTTP Response Headers

Abstract

To execute timing attacks, an attacker has to collect a large number of samples to overcome network jitter. Methods to reduce such jitter, which is a source of noise, increase the signal-to-noise ratio and thereby improve the attack performance. In this paper, we propose an attack technique that uses timing information exposed in HTTP responses by backend servers or services to reduce the jitter included in an attacker's samples. By first synchronizing the attacker clock to the target, sources of low-accuracy timing data can still be used to exploit timing leaks. We collect real-world data on network latencies and use this data in millions of simulations of the synchronizations and attacks. Our simulations indicate that the synchronization can happen with less than 300 samples for accuracies of 1 ms and works down to an accuracy of under 13 mu s. When comparing the performance of our novel synchronization-based timing attack to a classical timing attack which is simulated using the same dataset, our attack is able to reduce the exploitable difference in runtime by an order of magnitude to 1 mu s. For equal difference in runtime our attack reduces the required samples up to a factor of 20.