Topic
Timing attack
About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.
Papers published on a yearly basis
Papers
More filters
TL;DR: A class of side-channel attacks known as differential cache attacks on Feistel ciphers are considered, and a theoretical framework to understand the relationship between the attack's success, the target platform, and the cipher algorithm is developed.
Abstract: The success of a side-channel attack depends mainly on three factors, namely, the cipher algorithm, the attack platform, and the measurement noise. In this paper, we consider a class of side-channel attacks known as differential cache attacks on Feistel ciphers, and develop a theoretical framework to understand the relationship between the attack's success, the target platform, and the cipher algorithm. The framework allows a comparison of various differential cache attack forms, and is supported by case studies on the block ciphers CLEFIA and CAMELLIA. To understand the effect of noise in the attack's success, the paper uses empirical methods on standard Intel platforms in a time driven side-channel analysis scenario.
9 citations
01 Oct 2017
TL;DR: This paper explores time synchronization attacks against PMU measurements that are undetectable by state-of-the-art Bad-Data Detection (BDD) algorithms, used for Linear State-Estimation (LSE).
Abstract: Recent innovations in protection and control applications for power systems require the use of Phasor Measurement Unit (PMU) measurements. PMUs rely on precise time synchronization and have been shown to be vulnerable to time synchronization attacks. In this paper, we explore time synchronization attacks against PMU measurements that are undetectable by state-of-the-art Bad-Data Detection (BDD) algorithms, used for Linear State-Estimation (LSE). We show that compromising three or more PMUs enables an attacker to create a continuum of undetectable attacks, and based on geometric arguments we provide a closed form expression for computing the attacks. Furthermore, we provide an algorithm for identifying PMU measurements that are vulnerable to the considered attacks. We use simulations on the IEEE 39-Bus benchmark power system to show that attacks can have a significant impact in terms of power flow mis-estimation that could lead to the violation of ampacity limits in transmission lines.
9 citations
TL;DR: An improved attack method is proposed based on SPA which just depends on the fact that there exist some subtle differences in each loop during the operation of cd mod n, and can easy to discover the mode of RSA implementation and extract the bits of decryption key just based on a few collected traces.
Abstract: Nowadays the modular multiplications in many kinds of smartcards are utilized Montgomery's algorithm modular multiplier, so traditional SPA to RSA becomes invalid. An improved attack method is proposed based on SPA which just depends on the fact that there exist some subtle differences in each loop during the operation of cd mod n. At same time, compared with the traditional SPA, it doesn't need to select the clear text or some known message. Using this method, attacks can easy to discover the mode of RSA implementation and extract the bits of decryption key just based on a few collected traces. From the real attack test on several main kinds of smartcard, the private keys of RSA stored inside can be analyzed successfully.
9 citations
12 Aug 2019
TL;DR: This work presents the first timing attack against the HQC public-key encryption scheme, requiring the attacker to record the decryption time of around 400 million ciphertexts for a set of HQC parameters corresponding to 128 bits of security.
Abstract: The HQC public-key encryption scheme is a promising code-based submission to NIST’s post-quantum cryptography standardization process. The scheme is based on the decisional decoding problem for random quasi-cyclic codes. One problem of the HQC’s reference implementation submitted to NIST in the first round of the standardization process is that the decryption operation is not constant-time. In particular, the decryption time depends on the number of errors decoded by a BCH decoder. We use this to present the first timing attack against HQC. The attack is practical, requiring the attacker to record the decryption time of around 400 million ciphertexts for a set of HQC parameters corresponding to 128 bits of security. This makes the use of constant-time decoders mandatory for the scheme to be considered secure.
9 citations
08 Jul 2019
TL;DR: This research proposes the first fault attack analysis of FALCON and finds its lattice trapdoor sampler is as vulnerable to fault attacks as the GPV sampler used in alternative signature schemes.
Abstract: Post-quantum cryptography is an important and growing area of research due to the threat of quantum computers, as recognised by the National Institute of Standards and Technology (NIST) recent call for standardisation. FALCON is a lattice-based signature candidate submitted to NIST, which has good performance but lacks in research with respect to implementation attacks and resistance. This research proposes the first fault attack analysis of FALCON and finds its lattice trapdoor sampler is as vulnerable to fault attacks as the GPV sampler used in alternative signature schemes. We simulate the post-processing component of this fault attack and achieve a 100% success rate at retrieving the private-key. This research then proposes an evaluation of countermeasures to prevent this fault attack and timing attacks of FALCON. We provide cost evaluations on the overheads of the proposed countermeasures which shows that FALCON has only up to 30% deterioration in performance of its key generation, and only 5% in signing, compared to runtimes without countermeasures.
9 citations