Prof. Christina Pöpper
Short Biography
Christina Pöpper is a faculty of Computer Science at NYUAD with a focus on information and communication security. She is heading the Cyber Security & Privacy (CSP-) lab and is the director of research at the Center for Cyber Security at NYUAD. Her research goal is to better understand and enhance the security and privacy of current and future IT/communication systems. Specific interests are the security of wireless systems and applications, where she is working on topics like secure localization, mobile-, protocol- and system-level security as well as on aspects of privacy. With her group she is combining systems and security mechanisms in various application settings, thus addressing secure systems where cryptography alone is often not enough. She is teaching computer/IT security and general computer science classes.
Prior to joining NYUAD, Christina Pöpper was an assistant professor at Ruhr-University Bochum, Germany, where she headed the Information Security Group at the Electrical Engineering and Information Technology Department. In the past, she taught specialized courses on wireless security as well as on private and anonymous communication. She received her doctoral and graduate degrees in computer science from ETH Zurich, Switzerland, and worked at the European Space Agency (ESA). Space rocks.
Talk Title: Timeless Timing Attacks
Time and space as physical properties are fascinating but can be hard to protect from the security perspective. In this talk, I will focus on remote timing attacks that allow the leak of secrets over remote connections. Typically, to perform successful remote timing attacks, an adversary collects a series of network timing measurements and subsequently performs statistical analysis to reveal a difference in execution time on the server. Network jitter between the adversary and the targeted server practically protects from classical remote timing side-channels. This talk will discuss a new paradigm of timing attacks introduced at Usenix Security 2020 that leverages the coalescing of packets by network protocols and concurrent handling of requests by applications. These concurrency-based timing attacks infer a relative timing difference by analyzing the order in which responses are returned, and thus do not rely on absolute timing information – leading to a 100-fold improvement over typical timing attacks performed over the Internet and allowing for remote network timing attacks that were hardly possible before.