Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

A Secure Genetic Algorithm for the Subset Cover Problem and Its Application to Privacy Protection

Abstract: We propose a method for applying genetic algorithms to confidential data. Genetic algorithms are a well-known tool for finding approximate solutions to various optimization and searching problems. More specifically, we present a secure solution for solving the subset cover problem which is formulated by a binary integer linear programming (BIP) problem (i.e. a linear programming problem, where the solution is expected to be a 0-1 vector). Our solution is based on secure multi-party computation. We give a privacy definition inspired from semantic security definitions and show how a secure computation system based on secret sharing satisfies this definition. Our solution also achieves security against timing attacks, as the execution of the secure algorithm on two different inputs is indistinguishable to the observer. We implement and benchmark our solution on the SHAREMIND secure computation system. Performance tests show that our privacy-preserving implementation achieves a 99.32% precision within 6.5 seconds on a BIP problem of moderate size. As an application of our algorithm, we consider the problem of securely outsourcing risk assessment of an end user computer environment.

Practical chosen-message CPA attack on message blinding exponentiation algorithm and its efficient countermeasure

Abstract: The chosen-message method is used to be employed in conducting Simple Power Analysis (SPA) attack by means of selecting special input messages. However, it is difficult to make distinction by visual observation i.e., SPA in practical IoT hardware environment. In this paper, we proposed a practical chosen-message correlation power analysis (CPA) attack which combines the chosen-message method with CPA for side channel attack. Then, we adopt other two practical chosen-messages, 1 and n + 1, to attack Boscher’s right-to-left binary exponentiation algorithm which is wildly considered as an efficient side channel resistant algorithm. Finally, this paper presents a countermeasure to resist the chosen-message CPA attack over Boscher’s algorithm without nullifying its countermeasure features to Differential Power Analysis (DPA) and Differential Fault Analysis (DFA). To validate the proposed attack method and countermeasure, a 1024-bit RSA coprocessor is constructed on the Xilinx Virtex-5 with the Side-channel Attack Standard Evaluation Board (SASEBO) to implement Boscher’s algorithm as well as our proposed algorithm and launched the proposed attack on it separately. The experiment results show that the proposed attack and countermeasure are feasible and efficient.

fast constant-time code-based cryptography

Abstract: This paper presents extremely fast algorithms for code-based public-key cryptography, including full protection against timing attacks. For example, at a 2 128 security level, this paper achieves a reciprocal de- cryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks.

Constant time encryption as a countermeasure against remote cache timing attacks

Abstract: Rijndael was standardized in 2001 by National Institute of Standard and Technology as the Advanced Encryption Standard (AES). AES is still being used to encrypt financial, military and even government confidential data. In 2005, Bernstein illustrated a remote cache timing attack on AES using the client-server architecture and therefore proved a side channel in its software implementation. Over the years, a number of countermeasures have been proposed against cache timing attacks both using hardware and software. Although the software based countermeasures are flexible and easy to deploy, most of such countermeasures are vulnerable to statistical analysis. In this paper, we propose a novel software based countermeasure against cache timing attacks, known as constant time encryption, which we believe is secure against statistical analysis. The countermeasure we proposed performs rescheduling of instructions such that the encryption rounds will consume constant time independent of the cache hits and misses. Through experiments, we prove that our countermeasure is secure against Bernstein's cache timing attack.

A new variant of time memory trade-off on the improvement of thing and ying's attack

Abstract: In this paper, we present a rigorous evaluation of Thing and Ying's attack (TY attack) [11] along with practical implementations. We find that the cryptanalysis time of their attack is too high to be practical. We also propose a more general time memory trade-off by combining the distinguished points strategy with TY attack. Both theoretical analysis and experimental results show that our new design can save about 53.7% cryptanalysis time compared to TY attack and can reduce about 35.2% storage requirement compared to the original rainbow attack.