Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

An Advanced Timing Attack Scheme on RSA

Abstract: This paper describes an advanced timing attack scheme on cryptographic algorithms. An attacker can use our method to break a cryptographic algorithm by reconstructing the secret key. The paper contains a detailed explanation of our novel algorithm, furthermore, a practical example for its use. As a proof-of-concept, the method is shown on a specific implementation of the RSA algorithm revealing a 128-bit secret key. Timing attacks assume that the attacker has partial or full knowledge of the internal structure of the attacked algorithm and have gathered time-specific information on a number of known messages, that were encrypted or decrypted with the specific key. In our simplified proof-of-concept example, the attacker knows the total number of extra-reduction steps of the Montgomery multiplication in the RSA for a number of known messages. We demonstrate in practice how this information can be used to achieve complete and fast key recovery with statistical tools, i.e. analysis of variance (ANOVA) and t-test. Similar timing attacks have already been presented by others, however to our knowledge, none of them applied these statistical tools in their methods with such efficiency, and showed the complete recovery in practice by attacking the Montgomery multiplication. However, this is not the main contribution of the paper. The main contribution is, that we have introduced the new concept of key trees and goodness values, which lets the recovery algorithm examine only a very small key space, even if the decision criteria for guessing the key bits are highly biased. This concept can be extended to any other timing attack.

Game-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs (Extended Abstract)

Abstract: In network security hardening a network administrator may need to use limited resources (such as honeypots) to harden a network against possible attacks. Attack graphs are a common formal model used to represent possible attacks. However, most existing works on attack graphs do not consider the reactions of attackers to dierent defender strategies. We introduce a game-theoretic model of the joint problem where attacker’s strategies are represented using attack graphs, and defender’s strategies are represented as modications of the attack graph. The attack graphs we use allow for sequential attack actions with associated costs and probabilities of success/failure. We present an algorithm for an computing attack policy that maximizes attacker’s expected reward and empirical results demonstrating our methods on a case study network.

Random cache line refill

Abstract: A microprocessor including random cache line refill ordering to lessen side channel leakage in a cache line and thus thwart cryptanalysis attacks such as timing attacks, power analysis attacks, and probe attacks. A random sequence generator is used to randomize the order in which memory locations are read when filling a cache line.

Attacking right-to-left modular exponentiation with timely random faults

Abstract: We show that timely induction of random failures can potentially be used to mount very cost effective attacks against smartcards deploying cryptographic schemes based on (right-to-left) modular exponentiation We introduce a model where an external perturbation, or glitch, may cause a single modular multiplication to produce a truly random result Based on this assumption, we present a probabilistic attack against the implemented cryptosystem Under reasonable assumptions, we prove that using a single faulty signature the attack recovers a target bit of the secret exponent with an error probability bounded by $\frac 3 7$ We show the attack is effective even in the presence of message blinding

High-order timing attacks

Abstract: The timing attack (TA) is a side-channel analysis (SCA) variant that exploits information leakage through the computation duration. Previously, leakages in timing have been exploited by comparison analysis, most often thanks to "correlation - collision" or pre-characterization on a clone device. Time bias can also be used to break a secret crypto-system by linear correlations in a non-profiled setting. There is direct parallel between the Correlation Power Attack (CPA) and TA, the distinguisher being the same, but the exploited data being either vertical or horizontal. The countermeasures against such attacks consist in making the algorithm run in either random or constant time. In this paper, we show that the former is prone to high-order attacks that analyse the higher moments of the time computation during code execution. We present successful second-order timing attacks (2O-TA) based on a correlation and compare it to the second-order power attack. All experiments have been conducted on an 8-bit processor running an AES-128.