Topic
Timing attack
About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.
Papers published on a yearly basis
Papers
More filters
Journal Article•
TL;DR: It is demonstrated that the expected goal of preventing timing measurement and power attack is reached and it comes to the conclusion that one needs not compromise the computational efficiency on modular exponentiation in order to thwart side channel attack.
Abstract: A main problem in current countermeasures of side channel attack on PKC is the cost of compromising computational efficiency. Against the problem,a cryptographic implementation for modular exponentiation over finite field by coding with equivalent power consumption is presented for the goal of thwarting side channel attacks by erasing the difference of power consumption among the operational components. It is demonstrated that the expected goal of preventing timing measurement and power attack is reached to. Finally,it comes to the conclusion that one needs not compromise the computational efficiency on modular exponentiation in order to thwart side channel attack.
3 citations
Posted Content•
TL;DR: The rank-metric code-based cryptosystem LIGA as discussed by the authors is based on the hardness of list decoding and interleaved decoding of Gabidulin codes, which is an improved variant of the Faure-Loidreau (FL) system, which was broken by Gaborit, Otmani, and Tal\'e Kalachi (GOT, 2018).
Abstract: We propose the new rank-metric code-based cryptosystem LIGA which is based on the hardness of list decoding and interleaved decoding of Gabidulin codes. LIGA is an improved variant of the Faure-Loidreau (FL) system, which was broken in a structural attack by Gaborit, Otmani, and Tal\'e Kalachi (GOT, 2018). We keep the FL encryption and decryption algorithms, but modify the insecure key generation algorithm. Our crucial observation is that the GOT attack is equivalent to decoding an interleaved Gabidulin code. The new key generation algorithm constructs public keys for which all polynomial-time interleaved decoders fail---hence LIGA resists the GOT attack. We also prove that the public-key encryption version of LIGA is IND-CPA secure in the standard model and the KEM version is IND-CCA2 secure in the random oracle model, both under hardness assumptions of formally defined problems related to list decoding and interleaved decoding of Gabidulin codes. We propose and analyze various exponential-time attacks on these problems, calculate their work factors, and compare the resulting parameters to NIST proposals. The strengths of LIGA are short ciphertext sizes and (relatively) small key sizes. Further, LIGA guarantees correct decryption and has no decryption failure rate. It is not based on hiding the structure of a code. Since there are efficient and constant-time algorithms for encoding and decoding Gabidulin codes, timing attacks on the encryption and decryption algorithms can be easily prevented.
3 citations
13 Oct 2014
TL;DR: This paper introduces a new method for attacking Personal Identification Numbers through analysis of time delay between clicks, which exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes.
Abstract: This paper introduces a new method for attacking Personal Identification Numbers (PINs) through analysis of time delay between clicks. While click timing attacks are not new, they previously relied on known spacings between keys. In our method, we do not focus on flaws or weaknesses in the system itself, but on the flaws inherent in the human aspect of the system. Our attack exploits unconscious patterns in PIN input that are a side-effect of the human memorization process to narrow the PIN down to a specific class, such as date, greatly reducing the possible set of pass codes. To identify these patterns, we use a series of Support Vector Machines (SVM) as a multi-class classifier. Through analysis of our collected data set we demonstrate that this attack is very effective.
3 citations
Journal Article•
TL;DR: A side channel attack against RSA-CRT implementation, relative to MRED, could reduce the number of needed power traces and raise the attack efficiency.
Abstract: As a fast RSA implementation,RSA-CRT is widely applied to computing-limited devices,such as smart cards.This paper describes a side channel attack against RSA-CRT implementation.By properly choosing input data,the power consumption of the intermediate value after the modular reduction is analyzed.This attack first determines the size of one of the primes,then based on it,takes another DPA attack and gets the byte-by-byte prime.The simulation experiment shows that this attack is effective,and relative to MRED,could reduce the number of needed power traces and raise the attack efficiency.
3 citations
Posted Content•
TL;DR: In this paper, the authors introduce an attack against encrypted web traffic that makes use only of packet timing information on the uplink, which is impervious to existing packet padding defences.
Abstract: We introduce an attack against encrypted web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defences. In addition, unlike existing approaches this timing-only attack does not require knowledge of the start/end of web fetches and so is effective against traffic streams. We demonstrate the effectiveness of the attack against both wired and wireless traffic, achieving mean success rates in excess of 90%. In addition to being of interest in its own right, this timing-only attack serves to highlight deficiencies in existing defences and so to areas where it would be beneficial for VPN designers to focus further attention.
3 citations