Showing papers on "Timing attack published in 2014"

Power analysis attack: an approach based on machine learning

Abstract: In cryptography, a side-channel attack is any attack based on the analysis of measurements related to the physical implementation of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learning techniques, i.e., techniques able to extract information and patterns from large datasets. The use of statistical techniques for side-channel attacks is not new. Techniques like the template attack have shown their effectiveness in recent years. However, these techniques rely on parametric assumptions and are often limited to small dimensionality settings, which limit their range of application. This paper explores the use of machine learning techniques to relax such assumptions and to deal with high dimensional feature vectors.

A Statistics-based Fundamental Model for Side-channel Attack Analysis.

Abstract: Side-channel attacks (SCAs) exploit leakage from the physical implementation of cryptographic algorithms to recover the otherwise secret information. In the last decade, popular SCAs like differential power analysis (DPA) and correlation power analysis (CPA) have been invented and demonstrated to be realistic threats to many critical embedded systems. However, there is still no sound and provable theoretical model that illustrates precisely what the success of these attacks depends on and how. Based on the maximum likelihood estimation (MLE) theory, this paper proposes a general statistical model for side-channel attack analysis that takes characteristics of both the physical implementation and cryptographic algorithm into consideration. The model establishes analytical relations between the success rate of attacks and the cryptographic system. For power analysis attacks, the side-channel characteristic of the physical implementation is modeled as signal-to-noise ratio (SNR), which is the ratio between the single-bit unit power consumption and the standard deviation of power distribution. The side-channel property of the cryptographic algorithm is extracted by a novel algorithmic confusion analysis. Experimental results of DPA and CPA on both DES and AES verify this model with high accuracy and demonstrate effectiveness of the algorithmic confusion analysis and SNR extraction. We expect the model to be extendable to other SCAs, like timing attacks, and would provide valuable guidelines for truly SCA-resilient system design and implementation.

Scriptless Timing Attacks on Web Browser Privacy

Abstract: The existing Web timing attack methods are heavily dependent on executing client-side scripts to measure the time. However, many techniques have been proposed to block the executions of suspicious scripts recently. This paper presents a novel timing attack method to sniff users' browsing histories without executing any scripts. Our method is based on the fact that when a resource is loaded from the local cache, its rendering process should begin earlier than when it is loaded from a remote website. We leverage some Cascading Style Sheets (CSS) features to indirectly monitor the rendering of the target resource. Three practical attack vectors are developed for different attack scenarios and applied to six popular desktop and mobile browsers. The evaluation shows that our method can effectively sniff users' browsing histories with very high precision. We believe that modern browsers protected by script-blocking techniques are still likely to suffer serious privacy leakage threats.

Timing Channels in Cryptography: A Micro-Architectural Perspective

Abstract: This book deals with timing attacks on cryptographic ciphers. It describes and analyzes various unintended covert timing channels that are formed when ciphers are executed in microprocessors. The book considers modern superscalar microprocessors which are enabled with features such as multi-threaded, pipelined, parallel, speculative, and out-of order execution. Various timing attack algorithms are described and analyzed for both block ciphers as well as public-key ciphers. The interplay between the cipher implementation, the system architecture, and the attack's success is analyzed. Further hardware and software countermeasures are discussed with the aim of illustrating methods to build systems that can protect against these attacks.

On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems

Abstract: Virtualization has become one of the most important security enhancing techniques for embedded systems during the last years, both for mobile devices and cyber-physical system CPS. One of the major security threats in this context is posed by side channel attacks. In this work, Bernstein's time-driven cache-based attack against AES is revisited in a virtualization scenario based on an actual CPS using the PikeOS microkernel virtualization framework. The attack is conducted in the context of the implemented virtualization scenario using different scheduler configurations. We provide experimental results which show that using dedicated cores for crypto routines will have a high impact on the vulnerability of such systems. We also compare the results to previous work in that field and our visualization directly shows the differences between cache architectures of the ARM Cortex-A8 and Cortex-A9. Further, a non-invasive countermeasure against timing attacks based on the scheduler of PikeOS is devised, which in fact increases the system's security against cache timing attacks.

PandA: Pairings and Arithmetic

Abstract: This paper introduces PandA, a software framework for Pairings and Arithmetic. It is designed to bring together advances in the efficient computation of cryptographic pairings and the development and implementation of pairing-based protocols. The intention behind the PandA framework is to give protocol designers and implementors easy access to a toolbox of all functions needed for implementing pairing-based cryptographic protocols, while making it possible to use state-of-the-art algorithms for pairing computation and group arithmetic. PandA offers an API in the C programming language and all arithmetic operations run in constant time to protect against timing attacks. The framework also makes it easy to consistently test and benchmark the lower level functions used in pairing-based protocols. As an example of how easy it is to implement pairing-based protocols with PandA, we use Boneh-Lynn-Shacham BLS signatures. Our PandA-based implementation of BLS needs only 434640 cycles for signature generation and 5832584 cycles for signature verification on one core of an Intel i5-3210M CPU. This includes full protection against timing attacks and compression of public keys and signatures.

H ybrid cryptographic technique using rsa algorithm and scheduling concepts

Abstract: The RSA algorithm is one of the most commonly used efficient cryptographic algorithms. It provides the required amount of confidentiality, data integrity and privacy. Th is paper integrates the RSA Algorithm with round-robin priority scheduling scheme in order to extend the level of security and reduce the effectiveness of intrusion. It aims at obtaining minimal overhead, increased throughput and privacy. In this method the user uses the RSA algorithm and generates the encrypted messages that are sorted priority -wise and then sent. The receiver, on receiving the messages decrypts them using the RSA algorithm according to their priority. This method reduces the risk of man -in-middle attacks and timing attacks as the encrypted and decrypted messages are further jumbled based on their priority. It also reduces the power monitoring attack risk if a very small amount of information is exchanged. It raises the bar on the standards of information security, ensuring more efficiency.

High-order timing attacks

Abstract: The timing attack (TA) is a side-channel analysis (SCA) variant that exploits information leakage through the computation duration. Previously, leakages in timing have been exploited by comparison analysis, most often thanks to "correlation - collision" or pre-characterization on a clone device. Time bias can also be used to break a secret crypto-system by linear correlations in a non-profiled setting. There is direct parallel between the Correlation Power Attack (CPA) and TA, the distinguisher being the same, but the exploited data being either vertical or horizontal. The countermeasures against such attacks consist in making the algorithm run in either random or constant time. In this paper, we show that the former is prone to high-order attacks that analyse the higher moments of the time computation during code execution. We present successful second-order timing attacks (2O-TA) based on a correlation and compare it to the second-order power attack. All experiments have been conducted on an 8-bit processor running an AES-128.

Countermeasures against Bernstein's remote cache timing attack

Abstract: Cache timing attack is a type of side channel attack where the leaking timing information due to the cache behaviour of a crypto system is used by an attacker to break the system. Advanced Encryption Standard (AES) was considered a secure encryption standard until 2005 when Daniel Bernstein claimed that the software implementation of AES is vulnerable to cache timing attack. Bernstein demonstrated a remote cache timing attack on a software implementation of AES. The original AES implementation can methodically be altered to prevent the cache timing attack by hiding the natural cache-timing pattern during the encryption while preserving its semantics. The alternations while preventing the attack should not make the implementation very slow. In this paper, we report outcomes of our experiments on designing and implementing a number of possible countermeasures.

Software implementation level countermeasures against the cache timing attack on advanced encryption standard

Abstract: Advanced Encryption Standard (AES) is a symmetric key encryption algorithm which is extensively used in secure electronic data transmission. When introduced, although it was tested and declared as secure, in 2005, a researcher named Bernstein claimed that it is vulnerable to side channel attacks. The cache-based timing attack is the type of side channel attack demonstrated by Bernstein, which uses the timing variation in cache hits and misses. This kind of attacks can be prevented by masking the actual timing information from the attacker. Such masking can be performed by altering the original AES software implementation while preserving its semantics. This paper presents possible software implementation level countermeasures against Bernstein's cache timing attack. Two simple software based countermeasures based on the concept of "constant-encryption-time" were demonstrated against the remote cache timing attack with positive outcomes, in which we establish a secured environment for the AES encryption.

Further Research on N-1 Attack against Exponentiation Algorithms

Abstract: In 2005, Yen et al. firstly proposed the N − 1 attack against cryptosystems implemented based on BRIP and square-multiply-always algorithms. This attack uses the input message N − 1 to obtain relevant side-channel information from the attacked cryptosystem. In this paper we conduct an in-depth study on the N − 1 attack and find that two more special values taken as the input message also can be exploited by an attacker. According to this, we present our chosen-message attack against Boscher’s right-to-left exponentiation algorithm which is a side-channel resistant exponentiation algorithm. Furthermore, immunity of the Montgomery Powering Ladder against the N − 1 attack is investigated. The result is that the Montgomery Powering Ladder is subjected to the N − 1 attack. But a different approach to retrieve the key is used which derives from the relative doubling attack. To validate our ideas, we implement the two algorithms in hardware and carry out the attacks on them. The experiment results show that our attacks are powerful attacks against these two algorithms and can be easily implemented with one power consumption curve.

Exponent Blinding May Not Prevent Timing Attacks on RSA.

Abstract: The references [9, 3, 1] treat timing attacks on RSA with CRT and Montgomery’s multiplication algorithm in unprotected implementations. It has been widely believed that exponent blinding would prevent any timing attack on RSA. At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT, Montgomery’s multiplication algorithm and exponent blinding. Simulation experiments are conducted, which confirm the theoretical results. Effective countermeasures exist.

Attacking Random Keypads through Click Timing Analysis

Abstract: This paper introduces a new method for attacking Personal Identification Numbers (PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes. To identify these patterns, we use a series of Support Vector Machines (SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.

A Web Traffic Analysis Attack Using Only Timing Information

Abstract: We introduce an attack against encrypted web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defences. In addition, unlike existing approaches this timing-only attack does not require knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. In addition to being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defences and so to areas where it would be beneficial for VPN designers to focus further attention.

A Secure Genetic Algorithm for the Subset Cover Problem and Its Application to Privacy Protection

Abstract: We propose a method for applying genetic algorithms to confidential data. Genetic algorithms are a well-known tool for finding approximate solutions to various optimization and searching problems. More specifically, we present a secure solution for solving the subset cover problem which is formulated by a binary integer linear programming (BIP) problem (i.e. a linear programming problem, where the solution is expected to be a 0-1 vector). Our solution is based on secure multi-party computation. We give a privacy definition inspired from semantic security definitions and show how a secure computation system based on secret sharing satisfies this definition. Our solution also achieves security against timing attacks, as the execution of the secure algorithm on two different inputs is indistinguishable to the observer. We implement and benchmark our solution on the SHAREMIND secure computation system. Performance tests show that our privacy-preserving implementation achieves a 99.32% precision within 6.5 seconds on a BIP problem of moderate size. As an application of our algorithm, we consider the problem of securely outsourcing risk assessment of an end user computer environment.

Constant time encryption as a countermeasure against remote cache timing attacks

Abstract: Rijndael was standardized in 2001 by National Institute of Standard and Technology as the Advanced Encryption Standard (AES). AES is still being used to encrypt financial, military and even government confidential data. In 2005, Bernstein illustrated a remote cache timing attack on AES using the client-server architecture and therefore proved a side channel in its software implementation. Over the years, a number of countermeasures have been proposed against cache timing attacks both using hardware and software. Although the software based countermeasures are flexible and easy to deploy, most of such countermeasures are vulnerable to statistical analysis. In this paper, we propose a novel software based countermeasure against cache timing attacks, known as constant time encryption, which we believe is secure against statistical analysis. The countermeasure we proposed performs rescheduling of instructions such that the encryption rounds will consume constant time independent of the cache hits and misses. Through experiments, we prove that our countermeasure is secure against Bernstein's cache timing attack.

Prevention Techniques for syllabic time-relay attacks during implementation using public key cryptographic algorithms

Abstract: Syllabic-time relay attacks are most common hacker played attack which creates a untrusted and few spam reported messages performed by the hacker. Techniques for preventing the attacks for RSA and Diffie-Hellman are presented, but intelligence of hacker some cryptosystem breaking algorithms are used to get the original data packet details from the trusted third. So some cryptosystem will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks like manin-middle attacks, sniffer attack, and Compromised key attacks. In this paper we are introducing with public key cryptography concepts which can be used for preventing the attacks.

Attacker Profiling in Quantitative Security Assessment

Abstract: In the past decades of cyber warfare, cyber-attack has grown its complexity in attack patterns and impacted a vast geographical area, therefore attack trees are suitable to describe possible security threat of a system. An attack tree consists of root node that represents attacker’s goal and leaf nodes constituting as attack steps required to be executed by an attacker to achieve the successful state. Development of an attack tree for a system may begin with a simple tree, but later will allow to refine these attacks into more atomic steps. There are two types of refinements which commonly used nowadays – the conjunctive refinement and the disjunctive one. Quantitative analysis based on attack trees, utilizes bottom-up parameter propagation approach. Single-parameter propagation method was introduced in 1999 by Schneier [1], later on improved by Mauw et al. [2]. This method assigns single quantitative parameter for each leaf in an attack tree and propagates this parameter using bottom-up technique towards the root node. Furthermore, the final value of the root node as the result of the analysis is used to form conclusions. However, another method was introduced back in 2006 which suggests to assign many parameters for each leaf in an attack tree, to calculate attacker’s utilities in the leaf nodes and propagate it towards the root node. Buldas et al. called it multi-parameter approach [3]. We propose a new factor to be considered for the attack tree based quantitative analysis. “Attacker profile” is a formalized description of malicious actor’s resources and capabilities or skill levels. Reason for this proposal comes from difficulties in estimating parameters of leaves in an attack tree, which values depend on available resources and set of skills of malicious actors. In addition, we would like to highlight that application of “Attacker Profile” to an attack tree can invalidates some nodes and thus will eliminate several sub-trees of the overall attack tree. Therefore, the resulting tree describes possible attack steps of the particular attacker. Furthermore, we investigate and analyze if attacker profile is a useful concept for quantitative assessment of securitybased on attack tree methodology.

Cache-timing attack against aes crypto system - countermeasures review

Abstract: Side channel attacks are based on side channel information, which is information that is leaked from encryption systems. Implementing side channel attacks is possible if and only if an attacker has access to a cryptosystem (victim) or can interact with cryptosystem remotely to compute time statistics of information that collected from targeted system. Cache timing attack is a special type of side channel attack. Here, timing information caused by cache effect is collected and analyzed by an attacker to guess sensitive information such as encryption key or plaintext. Cache timing attack against AES was known theoretically until Bernstein carry out a real implementation of the attack. Fortunately, this attack can be a success only by exploiting bad implementation in software or hardware, not for algorithm structure weaknesses, and that means attack could be prevented if proper implementation has been used. For that reason, modification in software and hardware has been proposed as countermeasures. This paper reviews the technique applied in this attack, surveys the countermeasures against it, and evaluates the feasibility and usability of each countermeasure. We made comparison between these countermeasure based on certain aspect furthermore.

A Short-Normalized Attack Graph Based Approach for Network Attack Analysis

Abstract: Attack graphs are the graphs which describe attack scenarios, play important roles in analyzing network threats. These attack graphs are able to reveal such potential threats by evaluating the all possible sequences that an attacker can follow to compromise given critical resources or nodes. An Attack graph specifies an attack scenario that results in compromising network values. There are so many methods proposed to evaluate the network security in attack graphs. But no method specifies the overhead occurred due to the evaluation of network security at each and every node. This paper addresses the problem of overhead occurred due to the network security evaluation in Short-Normalizedattack graphs by evaluating a factor called network security risk. In this paper first the possible n valid attack paths are going to be calculated and then the security risk is going to be calculated for those n valid paths. This security risk denotes the amount of overhead occurred due to this evaluation.

Adversary Model: Adaptive Chosen Ciphertext Attack with Timing Attack.

Abstract: We have introduced a novel adversary model in Chosen-Ciphertext Attack with Timing Attack (CCA2-TA) and it was a practical model because the model incorporates the timing attack. This paper is an extended paper for 'A Secure TFTP Protocol with Security Proofs'. Keywords - Timing Attack, Random Oracle Model, Indistinguishabilit, Chosen Plaintext Attack, CPA, Chosen Ciphertext Attack, IND-CCA1, Adaptive Chosen Ciphertext Attack, IND-CCA2, Trivial File Transfer Protocol, TFTP, Security, Trust, Privacy, Trusted Computing, UBOOT, AES, IOT, Lightweight, Asymmetric, Symmetric, Raspberry Pi, ARM.

Analysis of Identity Forging Attack in MANETs

Abstract: In Mobile Ad-Hoc Networks (MANETs) source and destination generally needs multihops to transfer data packets. Hence the number of nodes from source to destination increases. This property has render it vulnerable to attacks. We use the identity forging property of Sybil attack to propose an attack named "Identity Forging". In this attack, an attacker impersonates fake identity to affect the performance of network by sending the control packets through the identity of fabricated node and itself remaining silent. This makes it immune to the basic detection techniques of Sybil attack where both the attacker and its fake identity work simultaneously and thus can be detected if heard together for long period. The attacker also keeps changing the fabricated identity every time the link fails. Two different variations of this attack has been presented with their analysis and their impact on the performance of MANETs. In the end a possible detection algorithm for the attack has been proposed.

Information theoretical evaluation of the bucketing technique to mitigate timing attacks

Abstract: Timing attack are regarded as serious threats to many practical security mechanisms. However, it is difficult to estimate the risk of attack because we cannot predict the ability and the behavior of attackers. To tackle this issue, Köpf et al. focus on the mutual information between a secret key and timing observations that an attacker acquires. Any attacker cannot learn more information than the mutual information, and the discussion of this approach gives a certain upperbound on the risk of timing attacks. Köpf et al. adopted this approach to evaluate the contribution of a bucketing technique that was proposed by themselves. However, the mathematical discussion therein needs more improvement. The purpose of this study is to refine the discussion of Köpf, and give more precise understanding of the contribution of the bucketing technique.

Improving Tor Security against Timing and Traffic Analysis Attacks with Fair Randomization

Abstract: The Tor network is probably one of the most popular online anonymity systems in the world. It has been built based on the volunteer relays from all around the world. It has a strong scientific basis which is structured very well to work in low latency mode that makes it suitable for tasks such as web browsing. Despite the advantages, the low latency also makes Tor insecure against timing and traffic analysis attacks, which are the most dominant attacks on Tor network in recent past years. In this paper, first all kinds of attacks on Tor network will be classified and then timing and traffic analysis attacks will be described in more details. Then we present a new circuit scheduling for Tor network in order to preserve two properties, fairness and randomness. Both properties are trying to make pattern and timing analysis attacks more difficult and even in some cases impractical. Our scheduler distorts timing patterns and size of packets in a random way (randomness) without imposing artificial delays or paddings (fairness). Finally, by using our new scheduler, one of the most powerful attacks in this area is debilitated, and by it is shown that analyzing traffic patterns and size of packets will be more difficult to manage.

Timing Attack on a Modified Dynamic S-box Implementation of the AES InvSubBytes Operation

Abstract: A custom software implementation of the AES128 decryption [Nat01] for a smart-card emulator (Fig. 1) has been developed and attacked successfully using a new timing attack. AES is widely used in today’s embedded applications and is considered to be secure against all cryptanalytic attacks known to this date. Despite its mathematical security, its implementations may be vulnerable to Side-channel Analysis (SCA) attacks [Koc96], which exploit the non-intended leakage of information during the physical operation of the cipher. The smart-card emulator decrypts arbitrary ciphertext using a secret key. The non-linear byte substiution InvSubBytes has been optimized to save 20% code size by direct calculation of the substitution values (i.e. no look-up table). But the execution time per decryption typically increases from 20 ms to 200 ms.

Improved Timing Attacks on ECDSA.

Abstract: We improve the timing attack on ECDSA in [1] by Brumley and Tuveri We use the Gaussian heuristic to analyse the length of error vectors in the lattice Close Vector Problem in order to determine the problems which are theoretically solvable Then we cost each solution using a strengthened lattice reduction algorithm and Schnorr-Euchner enumeration to determine which problems are practically solvable The original work by Brumley and Tuveri resulted in OpenSSL’s ECDSA being updated to remove the timing information they exploited, so that application is not vulnerable to our improvements However we publish this work as a general advance in side-channel recovery techniques which may be applicable in related scenarios

Multiple Look-Up Based AES Encryption and Pair-Based Authentication Technique

Abstract: The Advanced Encryption Standard (AES) and Authentication are using in a large scale of applications that need to protect their data and information. A normal implementation of AES may be vulnerable to a timing attack. To counter this attack and to increase processing efficiency at the cost of some storage we proposed a multiple lookup table (MLT) based AES implementation. Along with this we proposed a pair-Based authentication scheme which generates session password for every session and have resistance to various attacks.

Combined side-channel attacks on COMP128

Abstract: Authentication in GSM networks uses COMP128, which is vulnerable to side-channel attack called partitioning attack. On the device constrained in resources, such as SIM-card, table lookups are quite unreliable, so the attack can be carried out using up to 1000 queries. Proposed method — combined side-channel attack — can speed up key retrieving. Partitioning attack measures only power consumption, while it can be combined with timing attack, fault injection or probing attack. Study of combination with timing attack shows that it will be the least effective variant, because used in COMP128 operations are not vulnerable to timing attack. Probing attack gives way more opportunities as it is invasive attack. Increased number of rounds that can be monitored give 8-time speed gain. However, best combination of non-invasive execution and efficiency is fault injection attack. This combination gives the opportunity of power measurement on each round and reduces quantity of needed queries by 8 times as well. Despite the increased speed of the attack, defence against combined attacks comes down to defence against the weakest component.

Parallel Ranking Assist against Distributed Reflection Denial of Service Attack

Abstract: Distributed Reflection Denial of Service is the recent iteration in the series of Denial of Service attacks. It works similar to Distributed Denial of Service, in that it uses many sources to attack one victim and the attacker hides behind the zombies. In this paper, we concentrate on assisting the nodes of network during the DRDoS attack, by using detection algorithm to detect the attack whenever a suspicious flow is noticed and then by proper analysis of the network we can find the attack free path which can be used by the nodes in the network. We use Rank Correlation based Detection algorithm which helps to find whether the network is experiencing a channel failure or is under attack. Once the attack is detected, the attack path and source are multicast to all nodes, so that the nodes in the network can avoid any traffic from them, thus reducing the effect of DRDoS attack for a specified period of time.