We present new attacks against a user workstation's trusted path mechanism. These timing attacks can cause a user's password to leak bits. The timing attacks can then be combined with network authentication protocol brute force attacks against the remainder of the key space to obtain the user's password. We present several countermeasures against this attack. We also define a property of user systems (workstations) called Trojan horse non-persistence. Workstations that fail to have this property are more vulnerable to the timing attack and other Trojan horse attacks.
展开▼