Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

How to Explain Side-Channel Leakage to Your Kids

Abstract: This paper will attempt to explain some of the side-channel attack techniques in a fashion that is easily comprehensible by the layman. What follows is a presentation of three different attacks (power, timing and fault attacks) that can be carried out on cryptographic devices such as smart-cards. For each of the three attacks covered, a puzzle and it's solution will be given, which will act as an analogy to the attack. How these attacks can be applied to real devices will also be discussed.

Warding off timing attacks in Deterland.

Abstract: The massive parallelism and resource sharing embodying today's cloud business model not only exacerbate the security challenge of timing channels, but also undermine the viability of defenses based on resource partitioning. This paper proposes hypervisor-enforced timing mitigation to control timing channels in cloud environments. This approach closes "reference clocks" internal to the cloud by imposing a deterministic view of time on guest code, and uses timing mitigators to pace I/O and rate-limit potential information leakage to external observers. Our prototype hypervisor implementation is the first system that can mitigate timing-channel leakage across full-scale existing operating systems such as Linux and applications written in arbitrary languages. Mitigation incurs a varying performance cost, depending on workload and tunable leakage-limiting parameters, but this cost may be justified for security-critical cloud applications and data.

Analytic known-plaintext attack on a phase-shifting interferometry-based cryptosystem.

Abstract: We demonstrate a new analytic approach to a known-plaintext attack (KPA) on an optical cryptosystem based on the phase-shifting interferometry (PSI) technique. With the proposed analytic attack method, an opponent can access the exact decryption keys and obtain perfect attack results. This demonstration, to the best of our knowledge, shows for the first time that the optical cryptosystem based on the PSI technique is vulnerable to KPA.

Message Based Random Variable Length Key Encryption Algorithm

Abstract: Problem statement: A block ciphers provides confidentiality in cryptography but cryptanalysis of the classical block ciphers demonstrated some old weaknesses grabbing a partial key in any stage of encryption procedure leads to reconstructing the whole key. Exhaustive key search shows that key generation should be indeterminist and random for each round. Matching cipher-text attack shows that larger size of block is more secure. In order to overcome analysis mentioned above a new algorithm is designed that is based on random numbers and also can defeat time and memory constraints. Approach: Dynamic and message dependent key generator was created by producing a random number and it was selected as the size of first chunk. Residual value of second chunk divided by first chunk concatenating with first chunk forms the first cipher as an input for SP-boxes. These processes repeated until whole mesaage get involved into the last cipher. Encrypted messages are not equal under different run. Value of random number should be greater than 35 bits and plaintext must be at least 7 bits. A padding algorithm was used for small size messages or big random numbers. Results: Attack on the key generation process was prevented because of random key generation and its dependency to input message. Encryption and decryption times measured between 5 and 27 m sec in 2 GHz Pentium and java platform so time variant and fast enough key generation had been kept collision and timing attacks away due to small seized storage. Long and variable key length made key exhaustive search and differential attack impossible. None fixed size key caused avoidance of replaying and other attacks that can happen on fixed sized key algorithms. Conclusion: Random process employed in this block cipher increased confidentiality of the message and dynamic length substitution in proposed algorithm may lead to maximum cryptographic confusion and consequently makes it difficult for cryptanalysis.

Stronger and Faster Side-Channel Protections for CSIDH.

Abstract: CSIDH is a recent quantum-resistant primitive based on the difficulty of finding isogeny paths between supersingular curves. Recently, two constant-time versions of CSIDH have been proposed: first by Meyer, Campos and Reith, and then by Onuki, Aikawa, Yamazaki and Takagi. While both offer protection against timing attacks and simple power consumption analysis, they are vulnerable to more powerful attacks such as fault injections. In this work, we identify and repair two oversights in these algorithms that compromised their constant-time character. By exploiting Edwards arithmetic and optimal addition chains, we produce the fastest constant-time version of CSIDH to date. We then consider the stronger attack scenario of fault injection, which is relevant for the security of CSIDH static keys in embedded hardware. We propose and evaluate a dummy-free CSIDH algorithm. While these CSIDH variants are slower, their performance is still within a small constant factor of less-protected variants. Finally, we discuss derandomized CSIDH algorithms.