Timing Attack: What Can Be Achieved by a Powerful Adversary?
نویسندگان
چکیده
Implementations of cryptographic algorithms often perform computations in non-constant time, due to performance optimizations. If such operations involve secret parameters, these timing variations can leak some information and, provided enough knowledge of the implementation is at hand, a careful statistical analysis could even lead to the total recovery of these secret parameters. This idea, due to Kocher [Koc96], was developed in [DKL98], were a timing attack against an actual smart card implementation of the RSA was conducted. The paper’s conclusion was that, however impressive, the obtained results could be improved even further in several aspects, especially regarding the errorcorrection policy. The paper first presents the basic principle of the timing attack, then briefly discusses several error-correction policies and describes the results we obtain implementing them on a parallel architecture of 4 processors PA8000 @ 180Mhz with 4 Gbytes RAM.
منابع مشابه
Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks
Low latency anonymous network systems, such as Tor, were considered secure against timing attacks when the threat model does not include a global adversary. In this threat model the adversary can only see part of the links in the system. In a recent paper entitled Low-cost traffic analysis of Tor, it was shown that a variant of timing attack that does not require a global adversary can be appli...
متن کاملAdversary Model: Adaptive Chosen Ciphertext Attack with Timing Attack
We have introduced a novel adversary model in Chosen-Ciphertext Attack with Timing Attack (CCA2-TA) [1] and it was a practical model because the model incorporates the timing attack. This paper is an extended paper for “A Secure TFTP Protocol with Security Proofs” [1]. Keywords—Timing Attack, Random Oracle Model, Indistinguishabilit, Chosen Plaintext Attack, CPA, Chosen Ciphertext Attack, IND-C...
متن کاملAES side channel attack protection using random isomorphisms
General method of side-channel attacks protection, based on random cipher isomorphisms is presented. Isomorphic ciphers produce common outputs for common inputs. Cipher isomor-phisms can be changed independently on transmitting and receiving sides. Two methods of RIJNDAEL protection are considered. The first one is based on random commutative isomor-phisms of underlying structure. The set of fi...
متن کاملA note on quantum related-key attacks
In a basic related-key attack against a block cipher, the adversary has access to encryptions under keys that differ from the target key by bit-flips. In this short note we show that for a quantum adversary such attacks are quite powerful: if the secret key is (i) uniquely determined by a small number of plaintextciphertext pairs, (ii) the block cipher can be evaluated efficiently, and (iii) a ...
متن کاملA Cache Timing Attack on AES in Virtualization Environments
We show in this paper that the isolation characteristic of system virtualization can be bypassed by the use of a cache timing attack. Using Bernstein’s correlation in this attack, an adversary is able to extract sensitive keying material from an isolated trusted execution domain. We demonstrate this cache timing attack on an embedded ARMbased platform running an L4 microkernel as virtualization...
متن کامل