search

dj311 / remote-timing-attacks-are-practical

An attempt to replicate the attack in Brumley and Boneh's "Remote Timing Attacks are Practical" paper. I did not succeed.
GNU General Public License v3.0
8 stars 2 forks source link

Any time related Options to turn off? #2

Open Yutianrun opened 3 years ago

Yutianrun commented 3 years ago

Hello,Jone. Thanks for your practical code first. I've rebuild your work and plot the same graph like you did . However the results isn't too promising .Actually I've got the plotted curve quite different with yours . So I wonder whether I've measured the time in a wrong way.

Is there any time related options need to be turned off in an ubuntu os (or in BIOS)? It seems I can't get a stable curve and every time I measured ,the results are different. How do you suggest? Thanks agian.

dj311 commented 3 years ago

Thanks for taking a look at this.

Yes - you're 100% right. I haven't touched this code in a long time, but if I remember correctly, those graphs are mostly random noise. Sometimes a particular plot will look like it makes the right shape, but that's just luck.

It's possible some of the comments in the notebooks oversell this (because I thought at the time that I'd fixed an issue, and then later realised it wasn't fixed but forgot to update the text...). I couldn't get past this random noise issue and eventually gave up on the project.

Is there any time related options need to be turned off in an ubuntu os (or in BIOS)?

This is a good point and an avenue I partially followed. Here's what I've done so far in this direction.

This document has some information on tweaks they made on the client side to make measurements more accurate.

I implemented some of it's advice:

I also tried to vaguely follow Intel's guidance for making timing measurements (see https://github.com/dj311/remote-timing-attacks-are-practical/blob/master/client/timed_messenger.c#L3).

Good luck! I honestly don't know what is wrong with this repo, so I'd warn you against sinking too much time into getting it working. If you have any success please let me know.