Timing Attack on Key Handles
Description
Timing Attack on Key HandlesCWE
CVE
Attack Surfaces
Cryptographic Algorithm Implementation (MITRE EMB3D PID-11)
private key (MITRE EMB3D PID-12)
Authenticated Services (MITRE EMB3D PID-332)
Attack Vectors
Timing Side-Channel (MITRE EMB3D TID-330)
Defenses
Reduce Time Difference between Checking Random and Target Key Handles, Choose a Non-Time-Sensitive Key Derivation Function, Use Resident Keys
Change Client's Implementation of AllowCredential Parameter, Deduplication of Allow Credential List, Randomly Delay Errors, Limit AllowCredential List Size