Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

Differential power analysis attack on the secure bit permutation in the McEliece cryptosystem

Abstract: The segment of post-quantum cryptography rises its importance with increasing improvements in the quantum computing. Cryptographic post-quantum algorithms have been proposed since 1970s. However, side-channel attack vulnerabilities of these algorithms are still in focus of the recent research. In this paper, we present a differential power analysis attack on the McEliece public-key cryptosystem. We demonstrate that a part of a private key, permutation matrix, can be recovered using the power analysis. We attack a software implementation of a secure bit permutation that was proposed by Strenzke et al. at PQCrypto 2008. The cryptosystem is implemented on a 32-bit ARM based microcontroller. We provide details of the attack and results using power consumption measurements of the device. In addition, we outline a novel countermeasure against the introduced attack. The countermeasure uses properties of the linear codes and does not require large amount of random bits which can be profitable for low-cost embedded devices.

Constant-Time BCH Error-Correcting Code

Abstract: Error-correcting codes can be useful in reducing decryption failure rate of several lattice-based and code-based public-key encryption schemes. Two schemes, namely LAC and HQC, in NIST's round 2 phase of its post-quantum cryptography standardisation project use the strong error-correcting BCH code. However, direct application of the BCH code in decryption algorithms of public-key schemes could open new avenues to the attacks. For example, a recent attack [1] exploited non-constant-time execution of BCH code to reduce the security of LAC. In this paper we analyse the BCH error-correcting code, identify computation steps that cause timing variations and design a constant-time BCH implementation. We implement our algorithm in software and evaluate its resistance against timing attacks by performing leakage detection tests. To study the computational overhead of the countermeasures, we integrated our constant-time BCH code in the reference and optimised implementations of the LAC scheme as a case study, and observed nearly 1.1 and 1.4 factor slowdown respectively for the CCA-secure primitives.

An Introduction to Timing Attacks

Abstract: This chapter introduces side-channel attacks and timing attacks on implementations of cryptographic ciphers. It classifies timing attacks, presents the essential requirements for the attack to succeed, and discusses the attackers success. The chapter also outlines the contents of the book.

Kalman filter based DNS cache poisoning attack detection

Abstract: Detection for Domain Name Systems cache poisoning attack is investigated. We exploit the fact that when attack is happening, the entropies of the query packet IP addresses of the cache server will have a decrease, to detect the cache poisoning attack. We pay attention to the detection method for the case that the entropy sequence has nonstationary dynamic at normal cases. In order to handle the nonstationarity, we first model the entropy sequence by a state space equation, and then we utilize Kalman filter to implement the attack detection. The problem is discussed for single and distributed cache poisoning attack, respectively. For the single one, we use the measurement errors to detect the anomaly. Under distributed attack, we utilize the correlation variation of the prediction errors to detect the attack event and identify the attacked cache servers. An experiment is illustrated to verify the effectiveness of our presented method.

FFT-Based McLaughlin's Montgomery Exponentiation without Conditional Selections

Abstract: Modular multiplication forms the basis of many cryptographic functions such as RSA, Diffie-Hellman key exchange, and ElGamal encryption. For large RSA moduli, combining the fast Fourier transform (FFT) with McLaughlin's Montgomery modular multiplication (MLM) has been validated to offer cost-effective implementation results. However, the conditional selections in McLaughlin's algorithm are considered to be inefficient and vulnerable to timing attacks, since extra long additions or subtractions may take place and the running time of MLM varies. In this work, we restrict the parameters of MLM by a set of new bounds and present a modified MLM algorithm involving no conditional selection. Compared to the original MLM algorithm, we inhibit extra operations caused by the conditional selections and accomplish constant running time for modular multiplications with different inputs. As a result, we improve both area-time efficiency and security against timing attacks. Based on the proposed algorithm, efficient FFT-based modular multiplication and exponentiation are derived. Exponentiation architectures with dual FFT-based multipliers are designed obtaining area-latency efficient solutions. The results show that our work offers a better efficiency compared to the state-of-the-art works from and above 2048-bit operand sizes. For single FFT-based modular multiplication, we have achieved constant running time and obtained area-latency efficiency improvements up to 24.3 percent for 1,024-bit and 35.5 percent for 4,096-bit operands, respectively.