Showing papers on "Pre-play attack published in 1996"
18 Aug 1996
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Abstract: By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against, a valnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and Diffie-Hellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevenl timing attacks.
3,989 citations
01 Mar 1996
TL;DR: The timing attack as discussed by the authors is basically a way of deciphering a user's private key information by measuring the time it takes to carry out cryptographic operations, such as branching and conditional statements, RAM cache hits, processor instructions that run in nonfixed time, as well as performance optimizations to bypass unnecessary operations.
Abstract: Although most encryption algorithms are theoretically secure and remain impervious to even the most sophisticated cryptanalytic techniques, new attacks like the timing attack exploit the engineering side of network security. A timing attack is basically a way of deciphering a user's private key information by measuring the time it takes to carry out cryptographic operations. Factors such as branching and conditional statements, RAM cache hits, processor instructions that run in nonfixed time, as well as performance optimizations to bypass unnecessary operations, all contribute to predictability and therefore to the probability of key decryption.
21 citations
17 Jun 1996
TL;DR: The collected data indicates that the breaches during the standard attack phase are statistically equivalent, and the times between breaches seem to be exponentially distributed, which means that traditional methods for reliability modeling of component failures may be applicable.
Abstract: The paper describes a security model developed from empirical data collected from a realistic intrusion experiment in which a number of undergraduate students were invited to attack a distributed computer system. Relevant data with respect to their intrusion activities were recorded continuously. We have worked out a hypothesis on typical attacker behavior based on experiences from this and other similar experiments. The hypothesis suggests that the attacking process can be split into three phases: the learning phase, the standard attack phase and the innovative attack phase. The probability for successful attacks during the learning phase is expected to be small and, if a breach occurs, it is rather a result of pure luck than deliberate action. During the standard attack phase, this probability is considerably higher whereas it decreases again in the innovative attack phase. The collected data indicates that the breaches during the standard attack phase are statistically equivalent. Furthermore, the times between breaches seem to be exponentially distributed, which means that traditional methods for reliability modeling of component failures may be applicable.
11 citations