scispace - formally typeset
Search or ask a question
Topic

Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.


Papers
More filters
Book ChapterDOI
10 May 2019
TL;DR: This paper studies the resistance of the code-based encryption scheme RQC to timing attacks and describes two chosen ciphertext timing attacks that rely on a correlation between the weight of the error to be decoded and the running time of Gabidulin code’s decoding algorithm.
Abstract: This paper studies the resistance of the code-based encryption scheme RQC to timing attacks. We describe two chosen ciphertext timing attacks that rely on a correlation between the weight of the error to be decoded and the running time of Gabidulin code’s decoding algorithm. These attacks are of theoretical interest as they outperform the best known algorithm to solve the rank syndrome decoding problem in term of complexity. Nevertheless, they are quite impracticable in real situations as they require a huge number of requests to a timing oracle. We also provide a constant-time algorithm for the decoding of Gabidulin codes that prevent these attacks without any performance cost for honest users.

8 citations

Journal ArticleDOI
TL;DR: This paper provides a solution to cope with the de-synchronization between the tag and the reader when hash chains are employed, and relies on mutual reader-tag authentication, achieved via hash traversal and Merkle tree techniques.
Abstract: In RFID systems addressing security issues, many authentication techniques require the tag to keep some sort of synchronization with the reader. In particular, this is true in those proposals that leverage hash chains. When the reader and the tag get de-synchronized, possibly by an attacker, this paves the way to several denial of service (DoS) attacks, as well as threatening privacy (e.g., via the timing attack). Even if de-synchronization happens for non-malicious causes, this event has a negative effect on performances (for instance, slowing down the authentication process). In this paper, we provide a solution to cope with the de-synchronization between the tag and the reader when hash chains are employed. In particular, our solution relies on mutual reader-tag authentication, achieved via hash traversal and Merkle tree techniques. We show that this techniques applied to an existing security protocol for RFID systems, such as RIPP-FS, make timing attacks hard to succeed. Moreover, the proposed solutions can be transparently and independently adopted by similar security protocols as well to thwart timing attack and/or to provide reader-tag mutual authentication. Finally, extensive simulations show that our proposal introduces a negligible overhead to recover de-synchronization. Copyright © 2009 John Wiley & Sons, Ltd.

8 citations

Proceedings ArticleDOI
01 Nov 2018
TL;DR: The probability that the ECC cryptography implemented by other forms be attacked with modular subtraction or addition, and how the problem can be solved by hardware implementation are discussed.
Abstract: Although SPA (Simple Power Analysis) has been studied for many years, it is still effective on many cryptographic algorithms based on ECC. Double-and-Add and Montgomery ladder can avoid attacks with point double and point add operations, but in software implementation of ECC algorithm, modular addition and subtraction will be the weakness that the hostile attackers may use. In this paper, a black box SPA is performed on a smart card with SM2 algorithm, a Chinese standard of ECC cryptographic algorithm. The card was proved to implement the SM2 algorithm by Jacobi form and non-adjacent form, and its private key can be extracted by SPA within less than 10 power traces, with conditional operations in the modular subtraction. Then we discussed the probability that the ECC cryptography implemented by other forms be attacked with modular subtraction or addition, and illustrate how the problem can be solved by hardware implementation.

8 citations

Proceedings ArticleDOI
01 Aug 2017
TL;DR: A reconfigurable high-speed processor supporting all currently used NIST primes on FPGA platform is constructed and outperforms times of others in term of scalar multiplication performance, while the hardware cost remains moderate, which makes it suitable for computation-intensive applications.
Abstract: Elliptic curve cryptography (ECC) is widely used in the field of cyber security such as TLS protocol. Compared with symmetric cryptography, the computation of ECC is much slower. In this paper, a reconfigurable high-speed processor supporting all currently used NIST primes on FPGA platform is constructed. The modular addition and substraction is eliminated in our design by applying lazy reduction strategy. Throughput of modular multiplication is improved significantly with Karatsuba algorithm and compact pipeline schedule. The latency of modular inverse is tactfully avoided by pipeline coverage at the level of scalar multiplication. Furthermore, Montgomery-ladder algorithm and base-point randomization is applied to resist side-channel and timing attacks. Most of these techniques can also be used in software designs. Compared with previous works, our FPGA design outperforms times of others in term of scalar multiplication performance, while the hardware cost remains moderate, which makes it suitable for computation-intensive applications.

8 citations

Proceedings ArticleDOI
Zhong Xiu-yu1
04 Nov 2010
TL;DR: In this model, an algorithm of association rules mining is used to mine the association rules of attack event and build the attack signature database, which can be used as primitive evidence for computer forensics.
Abstract: With frequently network attacks, network security products are practically impossible to guard against the intrusion methods. A model of online attack detection for computer forensics is proposed to collect crime evidence of attack. In this model, an algorithm of association rules mining is used to mine the association rules of attack event and build the attack signature database. After gaining network data package and pattern matching according to the protocol analysis result of primary data, the attack behavior is detected, and the signature database is unceasingly updated by new attack behavior signature. The SSL encryption authentication is used in data package transmission, which can prevent the information leakage and falsifying, and the data remain original. The serious attack behaviors are detected and saved in the evidence database, which can be used as primitive evidence for computer forensics. Simulation results show that the algorithm of association rules mining improves the efficiency of network attack behavior recognition. After the new attack behavior being discovered, the safety system integrally reconstructs the attack behavior. The model can be used for the next forensic step.

8 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
89% related
Public-key cryptography
27.2K papers, 547.7K citations
88% related
Encryption
98.3K papers, 1.4M citations
85% related
Authentication
74.7K papers, 867.1K citations
85% related
Key (cryptography)
60.1K papers, 659.3K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202312
202221
202120
202030
201956
201849