ABSTRACT
The timing attack (TA) is a side-channel analysis (SCA) variant that exploits information leakage through the computation duration. Previously, leakages in timing have been exploited by comparison analysis, most often thanks to "correlation - collision" or pre-characterization on a clone device. Time bias can also be used to break a secret crypto-system by linear correlations in a non-profiled setting. There is direct parallel between the Correlation Power Attack (CPA) and TA, the distinguisher being the same, but the exploited data being either vertical or horizontal. The countermeasures against such attacks consist in making the algorithm run in either random or constant time. In this paper, we show that the former is prone to high-order attacks that analyse the higher moments of the time computation during code execution. We present successful second-order timing attacks (2O-TA) based on a correlation and compare it to the second-order power attack. All experiments have been conducted on an 8-bit processor running an AES-128.
- O. Aciiçmez, W. Schindler, and Çetin Kaya Koç. Improving Brumley and Boneh timing attack on unprotected SSL implementations. In V. Atluri, C. Meadows, and A. Juels, editors, ACM Conference on Computer and Communications Security, pages 139--146. ACM, 2005. Google ScholarDigital Library
- L. Batina, B. Gierlichs, E. Prouff, M. Rivain, F.-X. Standaert, and N. Veyrat-Charvillon. Mutual Information Analysis: a Comprehensive Study. J. Cryptology, 24(2):269--291, 2011. Google ScholarDigital Library
- D. J. Bernstein. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.Google Scholar
- D. Brumley and D. Boneh. Remote timing attacks are practical. Computer Networks, 48(5):701--716, 2005. Google ScholarDigital Library
- B. Chevallier-Mames, M. Ciet, and M. Joye. Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity. IEEE Trans. Computers, 53(6):760--768, 2004. Google ScholarDigital Library
- C. Clavier, B. Feix, G. Gagnerot, M. Roussellet, and V. Verneuil. Improved Collision-Correlation Power Analysis on First Order Protected AES. In Preneel and Takagi {19}, pages 49--62. Google ScholarDigital Library
- J.-S. Coron and I. Kizhvatov. Analysis and Improvement of the Random Delay Countermeasure of CHES 2009. In CHES, volume 6225 of Lecture Notes in Computer Science, pages 95--109. Springer, August 17--20 2010. Santa Barbara, CA, USA. Google ScholarDigital Library
- J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems. A practical implementation of the timing attack. In J.-J. Quisquater and B. Schneier, editors, CARDIS, volume 1820 of Lecture Notes in Computer Science, pages 167--182. Springer, 1998. Google ScholarDigital Library
- T. Eisenbarth, Z. Gong, T. Güneysu, S. Heyse, S. Indesteege, S. Kerckhof, F. Koeune, T. Nad, T. Plos, F. Regazzoni, F.-X. Standaert, and L. van Oldeneel tot Oldenzeel. Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices. In A. Mitrokotsa and S. Vaudenay, editors, AFRICACRYPT, volume 7374 of Lecture Notes in Computer Science, pages 172--187. Springer, 2012. Google ScholarDigital Library
- Y. Fei, Q. Luo, and A. A. Ding. A Statistical Model for DPA with Novel Algorithmic Confusion Analysis. In E. Prouff and P. Schaumont, editors, CHES, volume 7428 of LNCS, pages 233--250. Springer, 2012. Google ScholarDigital Library
- T. Güneysu and A. Moradi. Generic side-channel countermeasures for reconfigurable devices. In Preneel and Takagi {19}, pages 33--48.Google Scholar
- G. Hachez, F. Koeune, and J.-J. Quisquater. Timing attack: what can be achieved by a powerful adversary. In A. M. Barbé, editor, 20th Symp. on Information Theory in the Benelux, pages 63--70, Haasrode (B), 27--28 1999. Werkgemeenschap Informatie- en Communicatietheorie (WC), Enschede (NL).Google Scholar
- H. Handschuh and H. M. Heys. A Timing Attack on RC5. In S. E. Tavares and H. Meijer, editors, Selected Areas in Cryptography, volume 1556 of Lecture Notes in Computer Science, pages 306--318. Springer, 1998. Google ScholarDigital Library
- P. C. Kocher, J. Jaffe, and B. Jun. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of CRYPTO'96, volume 1109 of LNCS, pages 104--113. Springer-Verlag, 1996. Google ScholarDigital Library
- Y. Li, K. Sakiyama, L. Batina, D. Nakatsu, and K. Ohta. Power Variance Analysis Breaks a Masked ASIC Implementation of AES. In DATE'10. IEEE Computer Society, March 8--12 2010. Dresden, Germany. Google ScholarDigital Library
- T. S. Messerges. Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois at Chicago, USA, 2000. 468 pages. Google ScholarDigital Library
- M. Neve, J.-P. Seifert, and Z. Wang. A refined look at Bernstein's AES side-channel analysis. In F.-C. Lin, D.-T. Lee, B.-S. P. Lin, S. Shieh, and S. Jajodia, editors, ASIACCS, page 369. ACM, 2006. Google ScholarDigital Library
- NIST/ITL/CSD. Advanced Encryption Standard (AES). FIPS PUB 197, Nov 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google Scholar
- B. Preneel and T. Takagi, editors. Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 -- October 1, 2011. Proceedings, volume 6917 of LNCS. Springer, 2011. Google ScholarDigital Library
- E. Prouff and M. Rivain. A Generic Method for Secure SBox Implementation. In S. Kim, M. Yung, and H.-W. Lee, editors, WISA, volume 4867 of Lecture Notes in Computer Science, pages 227--244. Springer, 2007. Google ScholarDigital Library
- C. Rebeiro and D. Mukhopadhyay. Boosting Profiled Cache Timing Attacks With A Priori Analysis. Information Forensics and Security, IEEE Transactions on, 7(6):1900--1905, 2012.Google ScholarDigital Library
- W. Schindler. A Timing Attack against RSA with the Chinese Remainder Theorem. In CHES, volume 1965 of LNCS, pages 109--124. Springer, 2000. Google ScholarDigital Library
- W. Schindler and K. Itoh. Exponent Blinding Does Not Always Lift (Partial) Spa Resistance to Higher-Level Security. In J. Lopez and G. Tsudik, editors, ACNS, volume 6715 of Lecture Notes in Computer Science, pages 73--90, 2011. Google ScholarDigital Library
- F.-X. Standaert, T. Malkin, and M. Yung. A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In EUROCRYPT, volume 5479 of LNCS, pages 443--461. Springer, April 26--30 2009. Cologne, Germany. Google ScholarDigital Library
- R. Toth, Z. Faigl, M. Szalay, and S. Imre. An Advanced Timing Attack Scheme on RSA. In Telecommunications Network Strategy and Planning Symposium, 2008. Networks 2008. The 13th International, pages 1--24, 2008.Google Scholar
Index Terms
- High-order timing attacks
Recommendations
Countermeasures for timing-based side-channel attacks against shared, modern computing hardware
There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityModern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Practical Timing Side Channel Attacks against Kernel Space ASLR
SP '13: Proceedings of the 2013 IEEE Symposium on Security and PrivacyDue to the prevalence of control-flow hijacking attacks, a wide variety of defense methods to protect both user space and kernel space code have been developed in the past years. A few examples that have received widespread adoption include stack ...
Comments