scispace - formally typeset
Search or ask a question
Topic

Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.


Papers
More filters
Book ChapterDOI
18 Dec 2007
TL;DR: This paper analyzes a new attack on filter generators using the trace representation of the output sequence y and proves that it does not work always as expected, and proposes a new algorithm that covers the cases that the attack cannot be applied.
Abstract: Filter generators are important building blocks of stream ciphers and have been studied extensively. Recently, a new attack has been proposed. In this paper, we analyze this attack using the trace representation of the output sequence y and we prove that the attack does not work always as expected. We propose a new algorithm that covers the cases that the attack cannot be applied. The new attack is as efficient as the original attack. Finally, trying to motivate the research on the non-linear complexity of binary sequences, we present a scenario where the knowledge of the quadratic complexity of a sequence can decrease significantly the necessary for the attack amount of known keystream bits.

6 citations

Journal Article
TL;DR: Two mutual RFID authentication protocols are proposed that aim to improve YA-TRAP* by preventing timing attack, and by providing reader authentication, and can be implemented using the current standard low-cost RFID infrastructures.
Abstract: Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Supply-chain, inventory management are the areas where low-cost and secure batchmode authentication of RFID tags is required. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also necessary to thwart any illegal attempt to read the tags. With an objective to design a tracking, cloning, and replay attack resistant low-cost RFID authentication protocol, Gene Tsudik proposed a timestamp-based protocol using symmetric keys, named YA-TRAP∗. However, resistance against timing attack is very important for timestamp-based schemes, and the timestamps should be renewed in regular intervals to keep the tags operative. Although YA-TRAP∗ achieves its target security properties, it is susceptible to timing attacks, where the timestamp to be sent by the reader to the tag can be freely selected by an adversary. Moreover, in YA-TRAP∗, reader authentication is not provided, and a tag can become inoperative after exceeding its pre-stored threshold timestamp value. In this paper, we propose two mutual RFID authentication protocols that aim to improve YA-TRAP∗ by preventing timing attack, and by providing reader authentication. Also, a tag is allowed to refresh its pre-stored threshold value in our protocols, so that it does not become inoperative after exceeding the threshold. Our protocols also achieve other security properties like forward security, resistance against cloning, replay, and tracking attacks. Moreover, the computation and communication costs are kept as low as possible for the tags. It is important to keep the communication cost as low as possible when many tags are authenticated in batch-mode. By introducing aggregate function for the reader-to-server communication, the communication cost is reduced. We also discuss different possible applications of our protocols. Our protocols thus capture more security properties and more efficiency than YA-TRAP∗. Finally, we show that our protocols can be implemented using the current standard low-cost RFID infrastructures.

6 citations

Proceedings ArticleDOI
19 May 2019
TL;DR: This work investigates the feasibility of a keylogging side channel attack on several popular search engines by characterizing the behavior of each website and measuring information leakage at the network level, and describes the ways in which two search engines mitigate this vulnerability with minimal effects on usability.
Abstract: Many websites induce the browser to send network traffic in response to user input events. This includes websites with autocomplete, a popular feature on search engines that anticipates the user's query while they are typing. Websites with this functionality require HTTP requests to be made as the query input field changes, such as when the user presses a key. The browser responds to input events by generating network traffic to retrieve the search predictions. The traffic emitted by the client can expose the timings of keyboard input events which may lead to a keylogging side channel attack whereby the query is revealed through packet inter-arrival times. We investigate the feasibility of such an attack on several popular search engines by characterizing the behavior of each website and measuring information leakage at the network level. Three out of the five search engines we measure preserve the mutual information between keystrokes and timings to within 1% of what it is on the host. We describe the ways in which two search engines mitigate this vulnerability with minimal effects on usability.

6 citations

Posted Content
TL;DR: In this paper, it was shown that the amount of information about the key that an unknown-message attacker can extract from a deterministic side-channel is bounded from above by |O| log (n+1) bits, where n is the number of sidechannel measurements and O is the set of possible observations.
Abstract: We show that the amount of information about the key that an unknown-message attacker can extract from a deterministic side-channel is bounded from above by |O| log (n+1) bits, where n is the number of side-channel measurements and O is the set of possible observations. We use this bound to derive a novel countermeasure against timing attacks, where the strength of the security guarantee can be freely traded for the resulting performance penalty. We give algorithms that efficiently and optimally adjust this trade-off for given constraints on the side-channel leakage or on the efficiency of the cryptosystem. Finally, we perform a case-study that shows that applying our countermeasure leads to implementations with minor performance overhead and formal security guarantees.

6 citations

Journal Article
TL;DR: In this article, the authors proposed a chosen ciphertext attack against EPOC-2 from NESSIE by observing the timing of the reject signs from the decryption oracle, which can factor the public modulus with probability at least 1/2.
Abstract: EPOC-2 is a public-key cryptosystem that can be proved IND-CCA2 under the factoring assumption in the random oracle model. It was written into a standard specification P1363 of IEEE, and it has been a candidate of the public-key cryptosystem in several international standards (or portfolio) on cryptography, e.g. NESSIE, CRYPTREC, ISO, etc. In this paper we propose a chosen ciphertext attack against EPOC-2 from NESSIE by observing the timing of the reject signs from the decryption oracle. We construct an algorithm, which can factor the public modulus using the difference of the reject symbols. For random 384-bit primes, the modulus can be factored with probability at least 1/2 by invoking about 385 times to the decryption oracle.

6 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
89% related
Public-key cryptography
27.2K papers, 547.7K citations
88% related
Encryption
98.3K papers, 1.4M citations
85% related
Authentication
74.7K papers, 867.1K citations
85% related
Key (cryptography)
60.1K papers, 659.3K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202312
202221
202120
202030
201956
201849