TIMING ATTACKS AND THE GAP BETWEEN RESEARCH AND PRACTICE

During the last 15 years, constant-time cryptographic software has transitioned from an academic construct to a concrete security requirement for real-world libraries. From the engineering perspective, we have quality sets of programming guidelines to avoid these pitfalls leading to security advisories and immense downstream effort to patch fielded systems. We even have automated tools to assist in the development and testing processes. Yet timing-related security advisories persist: Why? This talk covers over a decade of timing attacks and mitigations against OpenSSL, one of the most deployed and security-critical free and open source software libraries. The focus is on mitigation engineering challenges across a large, necessarily stable monolithic codebase over time, looking at why the cryptographer's mantra "just make it constant time" is often harder than it seems for established software projects.