Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

Fast elliptic-curve cryptography on the Cell Broadband Engine.

Abstract: This paper is the first to investigate the power of the Cell Broadband Engine for state-of-the-art public-key cryptography. We present a high-speed implementation of elliptic-curve Diffie-Hellman (ECDH) key exchange for this processor, which needs 697080 cycles on one Synergistic Processor Unit for a scalar multiplication on a 255-bit elliptic curve, including the costs for key verification and key compression. This cycle count is independent of inputs therefore protecting against timing attacks. This speed relies on a new representation of elements of the underlying finite field suited for the unconventional instruction set of this architecture. Furthermore we demonstrate that an implementation based on the multiprecision integer arithmetic functions provided by IBM’s multi-precision math (MPM) library would take at least 2227040 cycles. Comparison with implementations of the same function for other architectures shows that the Cell Broadband Engine is competitive in terms of cost-performance ratio to other recent processors such as the Intel Core 2 for public-key cryptography. Specifically, the state-of-the-art Galbraith-Lin-Scott ECDH software performs 27370 scalar multiplications per second using all four cores of a 2.5GHz Intel Core 2 Quad Q9300 inside a $296 computer, while the new software reported in this paper performs 27474 scalar multiplications per second on a Playstation 3 that costs just $221. Both of these speed reports are for high-security 256-bit elliptic-curve cryptography.

Side-channel Timing Attack of RSA on a GPU

Abstract: To increase computation throughput, general purpose Graphics Processing Units (GPUs) have been leveraged to accelerate computationally intensive workloads. GPUs have been used as cryptographic engines, improving encryption/decryption throughput and leveraging the GPU’s Single Instruction Multiple Thread (SIMT) model. RSA is a widely used public-key cipher and has been ported onto GPUs for signing and decrypting large files. Although performance has been significantly improved, the security of RSA on GPUs is vulnerable to side-channel timing attacks and is an exposure overlooked in previous studies. GPUs tend to be naturally resilient to side-channel attacks, given that they execute a large number of concurrent threads, performing many RSA operations on different data in parallel. Given the degree of parallel execution on a GPU, there will be a significant amount of noise introduced into the timing channel given the thousands of concurrent threads executing concurrently. In this work, we build a timing model to capture the parallel characteristics of an RSA public-key cipher implemented on a GPU. We consider optimizations that include using Montgomery multiplication and sliding-window exponentiation to implement cryptographic operations. Our timing model considers the challenges of parallel execution, complications that do not occur in single-threaded computing platforms. Based on our timing model, we launch successful timing attacks on RSA running on a GPU, extracting the private key of RSA. We also present an effective error detection and correction mechanism. Our results demonstrate that GPU acceleration of RSA is vulnerable to side-channel timing attacks. We propose several countermeasures to defend against this class of attacks.

Secure Elliptic Curve Crypto-Processor for Real-Time IoT Applications

Abstract: Cybersecurity is a critical issue for Real-Time IoT applications since high performance and low latencies are required, along with security requirements to protect the large number of attack surfaces to which IoT devices are exposed. Elliptic Curve Cryptography (ECC) is largely adopted in an IoT context to provide security services such as key-exchange and digital signature. For Real-Time IoT applications, hardware acceleration for ECC-based algorithms can be mandatory to meet low-latency and low-power/energy requirements. In this paper, we propose a fast and configurable hardware accelerator for NIST P-256/-521 elliptic curves, developed in the context of the European Processor Initiative. The proposed architecture supports the most used cryptography schemes based on ECC such as Elliptic Curve Digital Signature Algorithm (ECDSA), Elliptic Curve Integrated Encryption Scheme (ECIES), Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV). A modified version of Double-And-Add-Always algorithm for Point Multiplication has been proposed, which allows the execution of Point Addition and Doubling operations concurrently and implements countermeasures against power and timing attacks. A simulated approach to extract power traces has been used to assess the effectiveness of the proposed algorithm compared to classical algorithms for Point Multiplication. A constant-time version of the Shamir’s Trick has been adopted to speed-up the Double-Point Multiplication and modular inversion is executed using Fermat’s Little Theorem, reusing the internal modular multipliers. The accelerator has been verified on a Xilinx ZCU106 development board and synthesized on both 45 nm and 7 nm Standard-Cell technologies.

Securing NoCs against timing attacks with non-interference based adaptive routing

Abstract: Timing channel attacks use interference from contending application flows to cause information leakage, and thereby either covertly transmit secrets, or create Denial-of-Service (DoS) attacks to undermine the on-chip hardware security. Protecting against timing channel attacks is very challenging since unseen vulnerabilities emerge in newer technology that can be cleverly exploited by malicious applications by intentionally gaming resources to artificially induce interference. In this paper, we propose to secure Network-on-Chips (NoCs) against timing attacks with non-Interference based adaptive routing where we efficiently separate network traffic to not only improve application performance and prevent information leakage. In our performance analysis, we show that the proposed architecture maintains non-interference between security domains, prevents DoS, and improves performance by 2--20% over existing techniques with only a 1.84% power consumption penalty.

Remedial Pilot Main Protection Scheme for Transmission Line Independent of Data Synchronism

Abstract: For those protective relays highly dependent on common centralized timing synchronization, the threat of loss of data synchronism, e.g., due to cyber-attack, cannot be ignored. In this case, measurements could be falsely timestamped, leading to undesired mal-operation of protection or evident performance deterioration if countermeasures are lacking. In this paper, several different timing attack scenarios and impacts to protective relays on the transmission line are analyzed. To cope with the timing attack scene, a remedial pilot main protection scheme-based only on modulus information of measurements for a transmission line is proposed, independent of timing information. The proposed remedial scheme includes a modulus summation impedance relay, a mid-part relay, and an instantaneous over-current relay. The effectiveness of the proposed scheme has been validated by theoretical analysis and simulation tests.