This whitepaper describes a timing attack vulnerability in OpenSSL’s ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.
You can download it from the following link: https://packetstormsecurity.com/files/download/101679/timing-attacks.pdf
Source: https://packetstormsecurity.com/files/101679/Remote-Timing-Attacks-Are-Still-Practical.html