Timing attacks to look out for when developing cryptosystems
Timing attacks became widespread after Paul Kocher's 1996 article
. Countering timing attacks is rather challenging – running time has to be independent of sensitive data, meaning that developers have to be highly competent and adhere to non-standard coding practices.
Since timing attacks are rather difficult to defend against, there are similar vulnerabilities found in almost every cryptographic library. According to the Common Vulnerabilities and Exposures (CVE) system, thirteen vulnerabilities rated Medium and four rated Low were found in OpenSSL, the most popular software library. Some of the attacks have already been described (Paper 1
and Paper 2