scispace - formally typeset
Search or ask a question
Topic

Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.


Papers
More filters
Journal ArticleDOI
TL;DR: This paper addresses the problem of overhead occurred due to the network security evaluation in Short-Normalizedattack graphs by evaluating a factor called network security risk and calculates the security risk for those n valid paths.
Abstract: Attack graphs are the graphs which describe attack scenarios, play important roles in analyzing network threats. These attack graphs are able to reveal such potential threats by evaluating the all possible sequences that an attacker can follow to compromise given critical resources or nodes. An Attack graph specifies an attack scenario that results in compromising network values. There are so many methods proposed to evaluate the network security in attack graphs. But no method specifies the overhead occurred due to the evaluation of network security at each and every node. This paper addresses the problem of overhead occurred due to the network security evaluation in Short-Normalizedattack graphs by evaluating a factor called network security risk. In this paper first the possible n valid attack paths are going to be calculated and then the security risk is going to be calculated for those n valid paths. This security risk denotes the amount of overhead occurred due to this evaluation.

1 citations

Journal ArticleDOI
TL;DR: It is shown that bucketing is in general insufficient to ensure security, and two conditions that can be used to ensureSecurity of systems against adaptive timing-channel attacks are presented.
Abstract: This paper investigates the effect of bucketing in security against timing-channel attacks. Bucketing is a technique proposed to mitigate timing-channel attacks by restricting a system’s outputs to only occur at designated time intervals, and has the effect of reducing the possible timing-channel observations to a small number of possibilities. However, there is little formal analysis on when and to what degree bucketing is effective against timing-channel attacks. In this paper, we show that bucketing is in general insufficient to ensure security. Then, we present two conditions that can be used to ensure security of systems against adaptive timing-channel attacks. The first is a general condition that ensures that the security of a system decreases only by a limited degree by allowing timing-channel observations, whereas the second condition ensures that the system would satisfy the first condition when bucketing is applied and hence becomes secure against timing-channel attacks. A main benefit of the conditions is that they allow separation of concerns whereby the security of the regular channel can be proven independently of concerns of side-channel information leakage, and certain conditions are placed on the side channel to guarantee the security of the whole system. Further, we show that the bucketing technique can be applied compositionally in conjunction with the constant-time-implementation technique to increase their applicability. While we instantiate our contributions to timing channel and bucketing, many of the results are actually quite general and are applicable to any side channels and techniques that reduce the number of possible observations on the channel. It is interesting to note that our results make non-trivial (and somewhat unconventional) uses of ideas from information flow research such as channel capacity and refinement order relation.

1 citations

Book ChapterDOI
01 Jan 2019
TL;DR: A network model based on traditional onion routing model but engineered to make correlation attacks much more difficult is presented, which results in enhanced security and anonymization against an attacker using correlation to find communication partners.
Abstract: In this paper, we present a network model based on traditional onion routing model but engineered to make correlation attacks much more difficult. The design of the network makes traditional packet counting and volume attacks less feasible. We assume a passive attacker working with partial knowledge of the network traffic trying to use various vulnerabilities and attacks to find communication partners in an onion routing network circuit. Our approach uses a change in the design of the network model which results in enhanced security and anonymization against an attacker using correlation to find communication partners.

1 citations

Proceedings ArticleDOI
03 Nov 2012
TL;DR: Brier et al.'s attack to attack MIST algorithm and proposed corresponding countermeasure to protect RSA public elements is introduced.
Abstract: Fault attack is the very effective way to attack RSA cryptosystem, especially when it is implemented on embedded devices. Moreover, the fault attack methods become more and more advance, and there are some fault attacks on RSA public elements in recent years. Among publish attacks, Brier et al.'s attack make people to think that it is necessary to protect RSA public elements. In this paper, we introduce Brier et al.'s attack to attack MIST algorithm and propose corresponding countermeasure.

1 citations

Journal Article
TL;DR: This paper describes the basic concept, principles, and history of timing attack, and analyzes in detail the timing attack process, including the effectiveness of several timing attack preventive methods.
Abstract: Timing attack is a form of attack where the attacker tries to break a cryptosystem by analyzing the time taken to execute cryptographic algorithms. This paper describes the basic concept, principles, and history of timing attack, the readers can thus have a basic understanding of this area. Then taking the modular exponentiation encryption algorithm as an example, it analyzes in detail the timing attack process, including the effectiveness of several timing attack preventive methods. Although the current preventive method can effectively resist the simple timing attack, the preventive effectiveness against the new attack methods remains to be studied.

1 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
89% related
Public-key cryptography
27.2K papers, 547.7K citations
88% related
Encryption
98.3K papers, 1.4M citations
85% related
Authentication
74.7K papers, 867.1K citations
85% related
Key (cryptography)
60.1K papers, 659.3K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202312
202221
202120
202030
201956
201849