Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

Spy Cartel: Parallelizing Evict+Time-Based Cache Attacks on Last-Level Caches

Abstract: A powerful cache timing attack cannot only determine the secret key of a cryptographic cipher accurately but also do so quickly. Cache timing attacks that utilize the shared L1 cache memory are known to have these two characteristics. On the other hand, attacks using the shared last-level cache (LLC) memory are not always successful in obtaining the secret key, and they take considerably longer than an L1 cache attack. This paper leverages the fact that all LLC attacks run on multi-core CPUs, facilitating the attack programs to be parallelized. We show how parallelization can be used to reduce the runtime and improve the attack’s success making it at par with L1 cache attacks. We then propose a new methodology for LLC cache attacks, by which an attacker can maximize the attack success for a given time frame. The only additional requirement is learning about the target system’s runtime behavior, which is done offline. We validate all our claims on a 4-core and a 10-core CPU.

A Differential Power Analysis Attack of Block Cipher based on the Hamming Weight of Internal Operation Unit

Abstract: Power analysis attack, which was introduced by Kocher et al. in 1999, was known as the most threatening physical attack against low power device such as smart-card. The essential reason that allows an attacker to implement a power analysis attack on a cryptosystem is leakage information, which is leaked during the operation of the cryptosystem's encryption/decryption process and related to internal secret information. The general and efficient power analysis attack method proposed in this paper is based on an internally divided operation unit. As such, the proposed power analysis attack is implemented to expose the weakness of the operation of a symmetric key encryption algorithm in a smart-card.

User Blocking Considered Harmful? An Attacker-Controllable Side Channel to Identify Social Accounts

Abstract: This paper presents a practical side-channel attack that identifies the social web service account of a visitor to an attacker's website. Our attack leverages the widely adopted user-blocking mechanism, abusing its inherent property that certain pages return different web content depending on whether a user is blocked from another user. Our key insight is that an account prepared by an attacker can hold an attackercontrollable binary state of blocking/non-blocking with respect to an arbitrary user on the same service; provided that the user is logged in to the service, this state can be retrieved as one-bit data through the conventional cross-site timing attack when a user visits the attacker's website. We generalize and refer to such a property as visibility control, which we consider as the fundamental assumption of our attack. Building on this primitive, we show that an attacker with a set of controlled accounts can gain a complete and flexible control over the data leaked through the side channel. Using this mechanism, we show that it is possible to design and implement a robust, largescale user identification attack on a wide variety of social web services. To verify the feasibility of our attack, we perform an extensive empirical study using 16 popular social web services and demonstrate that at least 12 of these are vulnerable to our attack. Vulnerable services include not only popular social networking sites such as Twitter and Facebook, but also other types of web services that provide social features, e.g., eBay and Xbox Live. We also demonstrate that the attack can achieve nearly 100% accuracy and can finish within a sufficiently short time in a practical setting. We discuss the fundamental principles, practical aspects, and limitations of the attack as well as possible defenses.

Parallel Implementation of SM2 Elliptic Curve Cryptography on Intel Processors with AVX2

Abstract: This paper presents an efficient and secure implementation of SM2, the Chinese elliptic curve cryptography standard that has been adopted by the International Organization of Standardization (ISO) as ISO/IEC 14888-3:2018. Our SM2 implementation uses Intel’s Advanced Vector Extensions version 2.0 (AVX2), a family of three-operand SIMD instructions operating on vectors of 8, 16, 32, or 64-bit data elements in 256-bit registers, and is resistant against timing attacks. To exploit the parallel processing capabilities of AVX2, we studied the execution flows of Co-Z Jacobian point arithmetic operations and introduce a parallel 2-way Co-Z addition, Co-Z conjugate addition, and Co-Z ladder algorithm, which allow for fast Co-Z scalar multiplication. Furthermore, we developed an efficient 2-way prime-field arithmetic library using AVX2 to support our Co-Z Jacobian point operations. Both the field and the point operations utilize branch-free (i.e. constant-time) implementation techniques, which increase their ability to resist Simple Power Analysis (SPA) and timing attacks. Our software for scalar multiplication on the SM2 curve is, to our knowledge, the first constant-time implementation of the Co-Z based ladder that leverages the parallelism of AVX2.

A quantitative approach towards detection of an optimal attack path in a wireless network using modified PSO technique

Abstract: In recent years there has been an immense proliferation of wireless networks and they are becoming increasingly vulnerable to attacks Thus there is a serious need to secure such networks from attacks Usually an attacker can penetrate into a network by utilizing a chain of exploits An exploit is a small piece of code that makes use of vulnerabilities present in a service or in a system Each exploit in the chain has a set of preconditions and effects and lays the groundwork for the subsequent exploits Application of such a chain of exploits generates a set of attack states or network states which form a path called the attack path and combining many such attack paths produces an attack graph A lot of research has been done on issues such as scalable and time efficient ways of generation of attack graphs in wired network in contrast to that in wireless scenario Moreover, the need is to identify the path that may be chosen by the attacker to comprise a target system in less time and effort The proposed methodology in this paper aims as finding out the optimal or risk-prone attack path that the attacker may choose to penetrate a wireless network The generation of attack paths in a wireless network is itself a difficult proposition due to networks inherent dynamic nature and ever changing topology In this work, the Particle Swarm Optimization (PSO) technique has been employed for finding out the optimal attack path using an attack vector metric The effort required on the part of the attacker to compromise a target system has been termed as an attack vector The wireless nodes have been assigned severity measures obtained from customized risk parameters which serve as an input to the modified PSO technique A case study has also been presented to demonstrate the efficacy of the proposed methodology