Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

Design principles for low latency anonymous network systems secure against timing attacks

Abstract: Low latency anonymous network systems, such as Tor, were considered secure against timing attacks when the threat model does not include a global adversary. In this threat model the adversary can only see part of the links in the system. In a recent paper entitled Low-cost traffic analysis of Tor, it was shown that a variant of timing attack that does not require a global adversary can be applied to Tor. More importantly, authors claimed that their attack would work on any low latency anonymous network systems. The implication of the attack is that all low latency anonymous networks will be vulnerable to this attack even if there is no global adversary. In this paper, we investigate this claim against other low latency anonymous networks, including Tarzan and Morphmix. Our results show that in contrast to the claim of the aforementioned paper, the attack may not be applicable in all cases. Based on our analysis, we draw design principles for secure low latency anonymous network system (also secure against the above attack).

Pinpointing Cache Timing Attacks on AES

Abstract: The paper analyzes cache based timing attacks on optimized codes for Advanced Encryption Standard (AES). The work justifies that timing based cache attacks create hits in the first and second rounds of AES, in a manner that the timing variations leak information of the key. To the best of our knowledge, the paper justifies for the first time that these attacks are unable to force hits in the third round and concludes that a similar third round cache timing attack does not work. The paper experimentally verifies that protecting only the first two AES rounds thwarts cache based timing attacks.

Error Amplification in Code-based Cryptography

Abstract: Code-based cryptography is one of the main techniques enabling cryptographic primitives in a post-quantum scenario. In particular, the MDPC scheme is a basic scheme from which many other schemes have been derived. These schemes rely on iterative decoding in the decryption process and thus have a certain small probability p of having a decryption (decoding) error.In this paper we show a very fundamental and important property of code-based encryption schemes. Given one initial error pattern that fails to decode, the time needed to generate another message that fails to decode is strictly much less than 1/p. We show this by developing a method for fast generation of undecodable error patterns (error pattern chaining), which additionally proves that a measure of closeness in ciphertext space can be exploited through its strong linkage to the difficulty of decoding these messages. Furthermore, if side-channel information is also available (time to decode), then the initial error pattern no longer needs to be given since one can be easily generated in this case.These observations are fundamentally important because they show that a, say, 128- bit encryption scheme is not inherently safe from reaction attacks even if it employs a decoder with a failure rate of 2−128. In fact, unless explicit protective measures are taken, having a failure rate at all – of any magnitude – can pose a security problem because of the error amplification effect of our method.A key-recovery reaction attack was recently shown on the MDPC scheme as well as similar schemes, taking advantage of decoding errors in order to recover the secret key. It was also shown that knowing the number of iterations in the iterative decoding step, which could be received in a timing attack, would also enable and enhance such an attack. In this paper we apply our error pattern chaining method to show how to improve the performance of such reaction attacks in the CPA case. We show that after identifying a single decoding error (or a decoding step taking more time than expected in a timing attack), we can adaptively create new error patterns that have a much higher decoding error probability than for a random error. This leads to a significant improvement of the attack based on decoding errors in the CPA case and it also gives the strongest known attack on MDPC-like schemes, both with and without using side-channel information.

An Efficient Mitigation Method for Timing Side Channels on the Web

Abstract: Research has shown that timing side channels exist in web applications [1, 3, 5]. An obvious, but problematic, mitigation for timing attacks is to delay the execution time to the worst case execution time, so that all requests have the same response time. On the upside, this prevents timing attacks as there are no differences in the response time any more. On the downside, this approach has a negative effect on performance, which may render the approach useless for many practical systems. In this extended abstract, we propose a new strategy to prevent timing attacks in web applications with little impact on performance. Our approach offers a provable security gain that can be freely traded for a performance decrease. We compare our approach to other strategies using two characteristics: firstly the added cost for an attacker to perform a side channel attack, and secondly the performance impact on the system. The rest of this paper is organised as follows: In section 2, we describe timing side channel attacks on the web and review existing research for timing side channel mitigation. Section 3 provides a formal system model for the timing side channels we aim to mitigate. Section 4 compares existing timing side channel mitigation strategies with our own approach.

Scriptless Timing Attacks on Web Browser Privacy

Abstract: The existing Web timing attack methods are heavily dependent on executing client-side scripts to measure the time. However, many techniques have been proposed to block the executions of suspicious scripts recently. This paper presents a novel timing attack method to sniff users' browsing histories without executing any scripts. Our method is based on the fact that when a resource is loaded from the local cache, its rendering process should begin earlier than when it is loaded from a remote website. We leverage some Cascading Style Sheets (CSS) features to indirectly monitor the rendering of the target resource. Three practical attack vectors are developed for different attack scenarios and applied to six popular desktop and mobile browsers. The evaluation shows that our method can effectively sniff users' browsing histories with very high precision. We believe that modern browsers protected by script-blocking techniques are still likely to suffer serious privacy leakage threats.