Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

A new type of timing attack: Application to GPS

Abstract: We investigate side-channel attacks where the attacker only needs the Hamming weights of several secret exponents to guess a long-term secret. Such weights can often be recovered by SPA, EMA, or simply timing attack. We apply this principle to propose a timing attack on the CPS identification scheme. We consider implementations of CPS where the running time of the exponentiation (commitment phase) leaks the exponent's Hamming weight, which is typical of a square and multiply algorithm for example. We show that only 800 time measures allow the attacker to find the private key in a few seconds on a PC with a success probability of 80%. Besides its efficiency, two other interesting points in our attack are its resistance to some classical countermeasures against timing attacks, and the fact that it works whether the Chinese Remainder Technique is used or not.

Location Privacy with Road Network Mix-Zones

Abstract: Mix-zones are recognized as an alternative and complementary approach to spatial cloaking based approach to location privacy protection. Mix-zones break the continuity of location exposure by ensuring that users' movements cannot be traced while they reside in a mix-zone. In this paper we provide an overview of various known attacks that make mix-zones on road networks vulnerable and illustrate a set of counter measures to make road network mix-zones attack resilient. Concretely, we categorize the vulnerabilities of road network mix-zones into two classes: one due to the road network characteristics and user mobility, and the other due to the temporal, spatial and semantic correlations of location queries. For instance, the timing information of users' entry and exit into a mix-zone provides information to launch a timing attack. The non-uniformity in the transitions taken at the road intersection may lead to transition attack. An example query correlation attack is the basic continual query (CQ) attacks, which attempt to break the anonymity of road network aware mix-zones by performing query correlation based inference. The CQ-timing attacks carry out inference attacks based on both query correlation and timing correlation, and the CQ-transition attacks execute inference attacks based on both query correlation and transition correlation. We study the factors that impact on the effectiveness of each of these attacks and evaluate the efficiency of the counter measures, such as non-rectangle mix-zones and delay tolerant mix-zones, through extensive experiments on traces produced by GTMobiSim at different scales of geographic maps.

Attack Pattern Discovery in Forensic Investigation of Network Attacks

Abstract: We mine the logs of network traffic data to find the contexts of attacks; we call them attack patterns. We propose an iterative algorithm for discovering attack patterns via a feedback mechanism, with the degrees of belief for attack instances propagated to the next iteration to further refine the search. Our simulations verify that the algorithm achieves accuracy in discovering attack patterns. Our attack pattern discovery has the additional advantage of being an unsupervised algorithm, e.g., it does not require a priori user-defined thresholds.

Timing Attacks on Cognitive Authentication Schemes

Abstract: Classical password/PIN-based authentication methods have proven to be vulnerable to a broad range of observation attacks (such as key-logging, video-recording or shoulder surfing attacks). In order to mitigate these attacks, a number of solutions have been proposed, most of them being cognitive authentication schemes (challenge-response protocols that require users to perform some kind of cognitive operations). In this paper, we show successful passive side-channel timing attacks on two cognitive authentication schemes, a well-known Hopper–Blum (HB) protocol and a U.S. patent Mod10 method, previously believed to be secure against observation attacks. As we show, the main security weakness of these methods comes from detectable variations in the user’s cognitive load that results from cognitive operations during the authentication procedure. We carried out theoretical analysis of both Mod10 and HB methods, as well as an experimental user study of Mod10 method with 58 participants to validate the results of our timing attacks. We also propose security enhancements of these schemes aimed to mitigate the timing side-channel attacks. The proposed enhancements show the existence of a strong tradeoff between security and usability, indicating that the security of cognitive authentication schemes comes at a non-negligible usability cost (e.g., increased overall login time). For this reason, the designers of new cognitive authentication schemes should not ignore possible threats induced by side-channel timing attacks.

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA

Abstract: The references [1, 3, 9] treat timing attacks on RSA with CRT and Montgomery’s multiplication algorithm in unprotected implementations. It has been widely believed that exponent blinding would prevent any timing attack on RSA. At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT when Montgomery’s multiplication algorithm and exponent blinding are applied. Simulation experiments are conducted, which confirm the theoretical results. Effective countermeasures exist. In particular, the attack efficiency is higher than in the previous version [12] while large parts of both papers coincide.