Topic
Timing attack
About: Timing attack is a research topic. Over the lifetime, 726 publications have been published within this topic receiving 25462 citations.
Papers published on a yearly basis
Papers
More filters
Journal Article•
TL;DR: An access driven Cache timing attack model is displayed, non-elimination and elimination two general methods to analyze Cache information leakage during AES encryption are proposed, and theCache information leakage model is built.
Abstract: Firstly,this paper displays an access driven Cache timing attack model,proposes non-elimination and elimination two general methods to analyze Cache information leakage during AES encryption,and builds the Cache information leakage modelNext,it uses quantitative analysis to attack a sample with the above elimination analysis method,and provides some solutions for the potential problems of a real attackFinally,this paper describes 12 local and remote attacks on AES in OpenSSL v098a,v098jExperiment results demonstrate that: the access driven Cache timing attack has strong applicability in both local and remote environments;the AES lookup table and Cache structure decide that AES is vulnerable to this type of attack,the least sample size required to recover a full AES key is about 13;the last round AES implementation in OpenSSL v098j,which abandoned the T4 lookup table,cannot secure itself from the access driven Cache timing attack;the attack results strongly verify the correctness of the quantitative Cache information leakage theory and key analysis methods above
3 citations
Patent•
21 Aug 1998
TL;DR: In this paper, the problem of finding a secret key by using the same parameters as an attacking method for open key ciphering making good use of power operation by varying the delay time of a critical path by propagation delay by power residue operation was solved.
Abstract: PROBLEM TO BE SOLVED: To enable protection against such a timing attack that a secret key is found by using the same parameters as an attacking method for open key ciphering making good use of power operation by varying the delay time of a critical path by propagation delay by power residue operation. SOLUTION: A power residue arithmetic operation part 201 has a delay time adjustment part 202 and a delay time determination part 203 and then supplies a necessary irreducible delay time to the delay time adjustment part 202 to vary the operation time by power operation. A random number generation part 204 generates a random number so that the delay time determined by the delay time determination part 203 becomes random, and supplies the random number generated by the random number generation part 204 to the delay time determination part 103. The random number generated by the random number generation part 204 is determined by the input of an initial value. Consequently, the protection against a timing attack having a high risk becomes effective as the attacking method for open key ciphering making good use of the power residue operation.
3 citations
01 Mar 2013
TL;DR: The common wisdom is that string comparison timing attacks against a hashed password are impossible, but these attacks can still be effective if attackers give up on the ideal of stealing all the characters representing the user's password or the entire hash.
Abstract: The common wisdom is that string comparison timing attacks against a hashed password are impossible. However, these attacks can still be effective if attackers give up on the ideal of stealing all the characters representing the user's password or the entire hash.
3 citations
TL;DR: The proposed SPCL QoS framework achieves better performance compared to existing QoS frameworks in metrics of throughput, packet drop ratio, end-to-end delay, and average jitter in both condition when malicious nodes present in the network and when malicious node not present inThe network.
Abstract: A cross layer QoS framework is a complete system that provides required QoS services to each node present in the network. All components within it cooperate together for providing the required services. In existing QoS frameworks there is no security mechanism provided while Security is a critical aspect for QoS in the MANET environment. Cross layer QoS framework tend to be vulnerable to a number of threats and attacks like, over/under-reporting of available bandwidth, over-reservation, state table starvation, QoS degradation, information disclosure, theft of services timing attack, flooding attack, replay attack, and denial of service (DoS) attack, attacks on information in transit and attacks against routing. So it is necessary when designing protocols for QoS framework, the harmony between security and QoS must be present as one impacts the others. In this work we proposed secure and proficient cross layer (SPCL) QoS frameworks which prevents from various types of threats and attacks. The proposed SPCL QoS framework achieves better performance compared to existing QoS frameworks in metrics of throughput, packet drop ratio, end-to-end delay, and average jitter in both condition when malicious node present in the network and when malicious node not present in the network
3 citations
04 May 2008
TL;DR: In this paper, FPGA and ASIC implementations of side-channel attack resistant elliptic curve cryptosystems defined over GF(p) are dealt with, which provides a secure design against timing and power analysis attacks.
Abstract: This paper deals with FPGA and ASIC implementations of side-channel attack resistant elliptic curve cryptosystems defined over GF(p). The elegance of the design lies in the fact that all operations are performed in binary number system, thus reducing conversion overheads of existing architectures. In our implementation, point addition and point doubling operations are performed in affine coordinates. They are performed using same amount of computation, which provides a secure design against timing and power analysis attacks. Implementation and side-channel analysis results are compared with related existing designs.
3 citations