Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

Timing Attacks against the Syndrome Inversionin Code-based Cryptosystems.

Abstract: In this work we present the first practical key-aimed timing attack against code-based cryptosystems. It arises from vulnerabilities that are present in the inversion of the error syndrome through the Extended Euclidean Algorithm that is part of the decryption operation of these schemes. Three types of timing vulnerabilities are combined to a successful attack. Each is used to gain information about the secret support, which is part of code-based decryption keys: The first allows recovery of the zero-element, the second is a refinement of a previously described vulnerability yielding linear equations, and the third enables to retrieve cubic equations.

An Efficient Indexing Technique for AES Lookup Table to Prevent Side-Channel Cache Timing Attack

Abstract: In the era of virtualization, co-residency with unknown neighbours is a necessary evil and leakage of information through side-channels is an inevitable fact. Preventing this leakage of information through sidechannels, while maintaining high efficiency, has become one of the most challenging parts of any implementation of the Advanced Encryption Standard (AES) that is based on the Rijndael Cipher. Exploiting the associative nature of the cache and susceptible memory access pattern, AES is proved to be vulnerable to side-channel cache-timing attacks. The reason of this vulnerability is primarily ascribed to the existence of correlation between the index Bytes of the State matrix and corresponding accessed memory blocks. In this paper, we idealized the model of cache-timing attack and proposed a way of breaking this correlation through the implementation of a Random Address Translator (RAT). The simplicity of the design architecture of RAT can make itself a good choice as a way of indexing the lookup tables for the implementers of the AES seeking resistance against side-channel cachetiming attacks.

Clock computing Machines

Abstract: A new computational machine is invented, called a clock machine, that is a novel alternative to computing machines (digital computers) based on logic gates. In an embodiment, computation is performed with one or more clock machines that use time. In an embodiment, a cryptographic cipher is implemented with random clock machines, constructed from a non-deterministic process, wherein the compiled set of instructions (i.e., the implementation of the cryptographic procedure) is distinct on each device or chip that executes the cryptographic cipher. In an embodiment, by using a different set of clock machines to execute two different instances of the same cryptographic procedure, each execution of a procedure looks different to malware that may try to infect and subvert the cryptographic procedure. This cryptographic process also makes timing attacks more challenging. In an embodiment, a detailed implementation of the Midori cipher with random clock machines is described.

ATAVE: A framework for automatic timing attack vulnerability evaluation

Abstract: Timing leakage can be exploited to break a cryptographic system. Even though timing attacks have been well-researched for the past decade, recent system implementations remain highly vulnerable to these attacks. There is a critical need to develop a framework for automatic evaluation of vulnerability of a design against these attacks, so that integrated circuit designers can understand the vulnerability and take appropriate actions to counter them. In this paper, we proposed a novel CAD tool framework for automatic timing attack vulnerability evaluation, referred to as ATAVE, with associated algorithms and metrics. RSA implementation using Montgomery multiplication with square-and-multiply algorithm is efficiently analyzed using ATAVE.

Robust security framework with bit-flipping attack and timing attack for key derivation functions

Abstract: A Key Derivation Function (KDF) derives cryptographic keys from private string and public information. The security property for the cryptographic keys is indistinguishable from the random strings of equal length. The security analysis of KDFs has received increasing attention. The practice important of KDFs is reflected in the adoption of industry standards such as NIST800-135 and PKCS5. This study proposes a robust security framework that takes into consideration the side-channel attacks. The robust security framework consists of the proposed security model and existing security models. The proposed security model is known as Adaptive Chosen All Inputs Model (CAM), which analyses the security of KDFs in terms of the bit-flipping attack and timing attack. The existing security model is the Adaptive Chosen Public Inputs Model (CPM). This research shows the implication of relationship and the non-implication relationship between CAM and CPM. The simulation of security models is according to the indistinguishable game played between a challenger and an adversary. These security models are used to evaluate existing KDFs. The result shows that none of the existing KDFs are secure in CAM for both the bit-flipping attack and timing attack. Hence, this research introduces an alternative KDF that is proven secure in CAM.