在「Make Sure DSA Signing Exponentiations Really are Constant-Time」這篇文章裡面，直接透過 end-to-end 的 timing attack 打爆 (也就是透過 internet 觀察攻擊)，而不需要在同一台機器上對 cache 之類的區域攻擊：
A unique feature of our work is that we target common cryptographic protocols. Previous works that demonstrate cache-timing key-recovery attack only target the cryptographic primitives, ignoring potential cache noise from the protocol implementation. In contrast, we present end-to-end attacks on two common cryptographic protocols: SSH and TLS. We are, therefore, the first to demonstrate that cache-timing attacks are a threat not only when executing the cryptographic primitives but also in the presence of the cache activity of the whole protocol suite.
而且次數相當的少，就可以 key recovery：
260 SSH-2 handshakes to extract a 1024/160-bit DSA host key from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server.