Update: Fixed in 1.1 Background Solution Workarounds
MatrixSSL does not currently support RSA Blinding, a technique used to combat a specific timing attack against the RSA math operations. Information on the RSA timing attack is available in this PDF. The attack works by sending millions of specific handshake messages to an SSL server and measuring the response times. If network latency variations are low, the time taken to do the RSA operation on each handshake can be used to statistically determine the RSA private key.
The most well regarded solution for this issue is to "blind" the operation by including a calculation based on random data for each RSA operation. This will make it impossible to guess the keys based on timing the operation. We are looking to provide this solution on a future MatrixSSL release.
In the short term, a workaround that is suitable for many embedded devices is to throttle the number of SSL connections per second to limit the number of attack messages that can be sent. Alternately, forcing the response time for the handshake message to, for example, 100ms can provide blinding as well.
Update: Fixed in 1.1
Subscribe via RSS.