Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

Known---Plaintext---Only Attack on RSA---CRT with Montgomery Multiplication

Abstract: The paper describes a new attack on RSA---CRT employing Montgomery exponentiation. Given the amount of so-called final subtractions during the exponentiation of a known message (not chosen, just known), it creates an instance of the well known Hidden Number Problem (HNP, [2]). Solving the problem reveals the factorization of RSA modulus, i.e. breaks the scheme. The main advantage of the approach compared to other attacks [14,17] is the lack of the chosen plaintext condition. The existing attacks, for instance, cannot harm so-called Active Authentication (AA) mechanism of the recently deployed electronic passports. Here, the challenge, i.e. the plaintext, is jointly chosen by both parties, the passport and the terminal, thus it can not be conveniently chosen by the attacker. The attack described here deals well with such a situation and it is able to solve the HNP instance with 150 measurements filtered from app. 7000. Once the secret key used by the passport during AA is available to the attacker, he can create a fully functional copy of the RFID chip in the passport he observes. A possible way to obtain the side information needed for the attack within the electromagnetic traces is sketched in the paper. Having no access to high precision measurement equipment, its existence has not been experimentally verified, yet. The attack, however, should be taken into account by the laboratories testing the resilience of (not only) electronic passports to the side channel attacks.

Improving Security for Time-Triggered Real-Time Systems with Task Replication

Abstract: Time-triggered real-time systems achieve deterministic behaviour, making them suitable for safety-critical environments. However, this determinism also allows attackers to finetune attacks after studying the system behaviour through side channels, targeting safety-critical victim tasks. Assuming fault independence, replication tolerates both random and malicious faults of up to f replicas. Yet, directed attacks violate the fault independence assumption. This violation possibly gives attackers the edge to compromise more than f replicas simultaneously, in particular if they can mount the attack from already compromised components. In this paper, we sketch mitigation strategies for time-triggered systems with task replication to withstand directed timing attacks and show preliminary results on their effectiveness and practicality.

Embedded cryptographic hardware : design & security

Abstract: Compact and Efficient Encryption/Decryption Module for FPGA Implementation of AES PAX: A Datapath-Scalable Minimalist Cryptographic Processor For Mobile Devices Architectural Design Features of a Programmable High Throughput AES Coprocessor Power-Analysis Attack on an ASIC AES Implementation On the Importance of Protecting c in SFLASH against Side Channel Attacks Resistance Against Power and Timing Attacks: An Evaluation of Two Clock-less Implementations of the AES Modular Multiplication: Methods and Hardware A Design of Basis-Independent Bit-Parallel Multipliers Reducing the Complexity of Modular Multiplication by Modification of One Operand Special Hyperelliptic Curve Cryptosystems of Genus Two: Efficient Arithmetic and Fast Implementation A Generic Coprocessor For Elliptic Curve Scalar Multiplication on Hardware Hyperelliptic Curve Cryptosystem: What is the Best Parallel Hardware Architecture? Permutation Operations in Block Ciphers Streaming Encryption for a Secure Wavelength and Time Domain Hopped Optical Network Bibliography Index.

PandA: Pairings and Arithmetic

Abstract: This paper introduces PandA, a software framework for Pairings and Arithmetic. It is designed to bring together advances in the efficient computation of cryptographic pairings and the development and implementation of pairing-based protocols. The intention behind the PandA framework is to give protocol designers and implementors easy access to a toolbox of all functions needed for implementing pairing-based cryptographic protocols, while making it possible to use state-of-the-art algorithms for pairing computation and group arithmetic. PandA offers an API in the C programming language and all arithmetic operations run in constant time to protect against timing attacks. The framework also makes it easy to consistently test and benchmark the lower level functions used in pairing-based protocols. As an example of how easy it is to implement pairing-based protocols with PandA, we use Boneh-Lynn-Shacham BLS signatures. Our PandA-based implementation of BLS needs only 434640 cycles for signature generation and 5832584 cycles for signature verification on one core of an Intel i5-3210M CPU. This includes full protection against timing attacks and compression of public keys and signatures.

Are Timing-Based Side-Channel Attacks Feasible in Shared, Modern Computing Hardware?

Abstract: There exist various vulnerabilities in computing hardware that adversaries can exploit to mount attacks against the users of such hardware. Microarchitectural Attacks, the result of these vulnerabilities, take advantage of Microarchitectural performance of processor implementations, revealing hidden computing process. Leveraging Microarchitectural resources, adversaries can potentially launch Timing-Based Side-Channel Attacks in order to leak information via timing. In view of these security threats against computing hardware, we analyse current attacks that take advantage of Microarchitectural elements in shared computing hardware. Our analysis focuses only on Timing-Based Side-Channel Attacks against the components of modern PC platforms - with references being made also to other platforms when relevant - as opposed to any other variations of Side-Channel Attacks which have a broad application range. To this end, we analyse Timing Attacks performed against processor and cache components, again with references to other components when appropriate.