Timing attack

About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.

Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack

Abstract: We apply power analysis on known elliptic curve cryptosystems, and consider an exact implementation of scalar multiplication on elliptic curves for resisting against power attacks Our proposed algorithm does not decrease the computational performance compared to the conventional scalar multiplication algorithm, whereas previous methods did cost the performance or fail to protect against power analysis attacks

A Cache Timing Attack on AES in Virtualization Environments

Abstract: We show in this paper that the isolation characteristic of system virtualization can be bypassed by the use of a cache timing attack. Using Bernstein’s correlation in this attack, an adversary is able to extract sensitive keying material from an isolated trusted execution domain. We demonstrate this cache timing attack on an embedded ARM-based platform running an L4 microkernel as virtualization layer. An attacker who gained access to the untrusted domain can extract the key of an AES-based authentication protocol used for a financial transaction. We provide measurements for different public domain AES implementations. Our results indicate that cache timing attacks are highly relevant in virtualization-based security architectures, such as trusted execution environments.

Distinguishing Exponent Digits by Observing Modular Subtractions

Abstract: We analyse timing variations in an implementation of modular multiplication which has certain standard characteristics. This shows that squarings and multiplications behave differently when averaged over a number of random observations. Since power analysis can reveal such data, secret RSA exponents can be deduced if a standard square and multiply exponentiation algorithm is used. No knowledge of the modulus or input is required to do this. The technique generalises to the m-ary and sliding windows exponentiation methods since different multipliers can be distinguished. Moreover, only a small number of observations (independent of the key size and well under 1k) are required to perform the cryptanalysis successfully. Thus, if the modular multiplication algorithm cannot be made any safer, the exponent must be modified on every use.

Trace-driven cache attacks on AES (short paper)

Abstract: Cache based side-channel attacks have recently been attracted significant attention due to the new developments in the field. In this paper, we present an efficient trace-driven cache attack on a widely used implementation of the AES cryptosystem. We also evaluate the cost of the proposed attack in detail under the assumption of a noiseless environment. We develop an accurate mathematical model that we use in the cost analysis of our attack. We use two different metrics, specifically, the expected number of necessary traces and the cost of the analysis phase, for the cost evaluation purposes. Each of these metrics represents the cost of a different phase of the attack.

On Emerging Family of Elliptic Curves to Secure Internet of Things: ECC Comes of Age

Abstract: Lightweight Elliptic Curve Cryptography (ECC) is a critical component for constructing the security system of Internet of Things (IoT). In this paper, we define an emerging family of lightweight elliptic curves to meet the requirements on some resource-constrained devices. We present the design of a scalable, regular, and highly-optimized ECC library for both MICAz and Tmote Sky nodes, which supports both widely-used key exchange and signature schemes. Our parameterized implementation of elliptic curve group arithmetic supports pseudo-Mersenne prime fields at different security levels with two optimized-specific designs: the high-speed version (HS) and the memory-efficient (ME) version. The former design achieves record times for computation of cryptographic schemes at roughly $80\sim 128$ -bit security levels, while the latter implementation only requires half of the code size of the current best implementation. We also describe our efforts to evaluate the energy consumption and harden our library against some basic side-channel attacks, e.g., timing attacks and simple power analysis (SPA) attacks.