research-article

High-order timing attacks

Authors:

Jean-Luc Danger,

Nicolas Debande,

Sylvain Guilley,

Youssef SouissiAuthors Info & Claims

CS2 '14: Proceedings of the First Workshop on Cryptography and Security in Computing Systems

Pages 7 - 12

https://doi.org/10.1145/2556315.2556316

Published: 20 January 2014 Publication History

Abstract

The timing attack (TA) is a side-channel analysis (SCA) variant that exploits information leakage through the computation duration. Previously, leakages in timing have been exploited by comparison analysis, most often thanks to "correlation - collision" or pre-characterization on a clone device. Time bias can also be used to break a secret crypto-system by linear correlations in a non-profiled setting. There is direct parallel between the Correlation Power Attack (CPA) and TA, the distinguisher being the same, but the exploited data being either vertical or horizontal. The countermeasures against such attacks consist in making the algorithm run in either random or constant time. In this paper, we show that the former is prone to high-order attacks that analyse the higher moments of the time computation during code execution. We present successful second-order timing attacks (2O-TA) based on a correlation and compare it to the second-order power attack. All experiments have been conducted on an 8-bit processor running an AES-128.

References

[1]

O. Aciiçmez, W. Schindler, and Çetin Kaya Koç. Improving Brumley and Boneh timing attack on unprotected SSL implementations. In V. Atluri, C. Meadows, and A. Juels, editors, ACM Conference on Computer and Communications Security, pages 139--146. ACM, 2005.

Digital Library

[2]

L. Batina, B. Gierlichs, E. Prouff, M. Rivain, F.-X. Standaert, and N. Veyrat-Charvillon. Mutual Information Analysis: a Comprehensive Study. J. Cryptology, 24(2):269--291, 2011.

Digital Library

[3]

D. J. Bernstein. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.

[4]

D. Brumley and D. Boneh. Remote timing attacks are practical. Computer Networks, 48(5):701--716, 2005.

Digital Library

[5]

B. Chevallier-Mames, M. Ciet, and M. Joye. Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity. IEEE Trans. Computers, 53(6):760--768, 2004.

Digital Library

[6]

C. Clavier, B. Feix, G. Gagnerot, M. Roussellet, and V. Verneuil. Improved Collision-Correlation Power Analysis on First Order Protected AES. In Preneel and Takagi {19}, pages 49--62.

Digital Library

[7]

J.-S. Coron and I. Kizhvatov. Analysis and Improvement of the Random Delay Countermeasure of CHES 2009. In CHES, volume 6225 of Lecture Notes in Computer Science, pages 95--109. Springer, August 17--20 2010. Santa Barbara, CA, USA.

Digital Library

[8]

J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems. A practical implementation of the timing attack. In J.-J. Quisquater and B. Schneier, editors, CARDIS, volume 1820 of Lecture Notes in Computer Science, pages 167--182. Springer, 1998.

Digital Library

[9]

T. Eisenbarth, Z. Gong, T. Güneysu, S. Heyse, S. Indesteege, S. Kerckhof, F. Koeune, T. Nad, T. Plos, F. Regazzoni, F.-X. Standaert, and L. van Oldeneel tot Oldenzeel. Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices. In A. Mitrokotsa and S. Vaudenay, editors, AFRICACRYPT, volume 7374 of Lecture Notes in Computer Science, pages 172--187. Springer, 2012.

Digital Library

[10]

Y. Fei, Q. Luo, and A. A. Ding. A Statistical Model for DPA with Novel Algorithmic Confusion Analysis. In E. Prouff and P. Schaumont, editors, CHES, volume 7428 of LNCS, pages 233--250. Springer, 2012.

Digital Library

[11]

T. Güneysu and A. Moradi. Generic side-channel countermeasures for reconfigurable devices. In Preneel and Takagi {19}, pages 33--48.

[12]

G. Hachez, F. Koeune, and J.-J. Quisquater. Timing attack: what can be achieved by a powerful adversary. In A. M. Barbé, editor, 20th Symp. on Information Theory in the Benelux, pages 63--70, Haasrode (B), 27--28 1999. Werkgemeenschap Informatie- en Communicatietheorie (WC), Enschede (NL).

[13]

H. Handschuh and H. M. Heys. A Timing Attack on RC5. In S. E. Tavares and H. Meijer, editors, Selected Areas in Cryptography, volume 1556 of Lecture Notes in Computer Science, pages 306--318. Springer, 1998.

Digital Library

[14]

P. C. Kocher, J. Jaffe, and B. Jun. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of CRYPTO'96, volume 1109 of LNCS, pages 104--113. Springer-Verlag, 1996.

Digital Library

[15]

Y. Li, K. Sakiyama, L. Batina, D. Nakatsu, and K. Ohta. Power Variance Analysis Breaks a Masked ASIC Implementation of AES. In DATE'10. IEEE Computer Society, March 8--12 2010. Dresden, Germany.

Digital Library

[16]

T. S. Messerges. Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois at Chicago, USA, 2000. 468 pages.

Digital Library

[17]

M. Neve, J.-P. Seifert, and Z. Wang. A refined look at Bernstein's AES side-channel analysis. In F.-C. Lin, D.-T. Lee, B.-S. P. Lin, S. Shieh, and S. Jajodia, editors, ASIACCS, page 369. ACM, 2006.

Digital Library

[18]

NIST/ITL/CSD. Advanced Encryption Standard (AES). FIPS PUB 197, Nov 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

[19]

B. Preneel and T. Takagi, editors. Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 -- October 1, 2011. Proceedings, volume 6917 of LNCS. Springer, 2011.

Digital Library

[20]

E. Prouff and M. Rivain. A Generic Method for Secure SBox Implementation. In S. Kim, M. Yung, and H.-W. Lee, editors, WISA, volume 4867 of Lecture Notes in Computer Science, pages 227--244. Springer, 2007.

Digital Library

[21]

C. Rebeiro and D. Mukhopadhyay. Boosting Profiled Cache Timing Attacks With A Priori Analysis. Information Forensics and Security, IEEE Transactions on, 7(6):1900--1905, 2012.

Digital Library

[22]

W. Schindler. A Timing Attack against RSA with the Chinese Remainder Theorem. In CHES, volume 1965 of LNCS, pages 109--124. Springer, 2000.

Digital Library

[23]

W. Schindler and K. Itoh. Exponent Blinding Does Not Always Lift (Partial) Spa Resistance to Higher-Level Security. In J. Lopez and G. Tsudik, editors, ACNS, volume 6715 of Lecture Notes in Computer Science, pages 73--90, 2011.

Digital Library

[24]

F.-X. Standaert, T. Malkin, and M. Yung. A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In EUROCRYPT, volume 5479 of LNCS, pages 443--461. Springer, April 26--30 2009. Cologne, Germany.

Digital Library

[25]

R. Toth, Z. Faigl, M. Szalay, and S. Imre. An Advanced Timing Attack Scheme on RSA. In Telecommunications Network Strategy and Planning Symposium, 2008. Networks 2008. The 13th International, pages 1--24, 2008.

Cited By

Wei CHong GWang AWang JSun SDing YZhu LMa W(2024)Time Is Not Enough: Timing Leakage Analysis on Cryptographic Chips via Plaintext-Ciphertext Correlation in Non-Timing ChannelIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.344911919(8544-8558)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3449119
Cheng WGuilley SRioul OCheng WGuilley SRioul O(2024)Attacks on Unprotected DevicesMathematical Foundations for Side-Channel Analysis of Cryptographic Systems10.1007/978-3-031-64399-6_3(25-138)Online publication date: 12-Jul-2024
https://doi.org/10.1007/978-3-031-64399-6_3
Bouvet AGuilley SVlasak L(2021)First-Order Side-Channel Leakage Analysis of Masked but Asynchronous AESSecurity and Privacy10.1007/978-3-030-90553-8_2(16-29)Online publication date: 9-Nov-2021
https://doi.org/10.1007/978-3-030-90553-8_2
Show More Cited By

Index Terms

High-order timing attacks

Recommendations

Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Modern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Practical Timing Side Channel Attacks against Kernel Space ASLR
SP '13: Proceedings of the 2013 IEEE Symposium on Security and Privacy

Due to the prevalence of control-flow hijacking attacks, a wide variety of defense methods to protect both user space and kernel space code have been developed in the past years. A few examples that have received widespread adoption include stack ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

CS2 '14: Proceedings of the First Workshop on Cryptography and Security in Computing Systems

January 2014

56 pages

ISBN:9781450324847

DOI:10.1145/2556315

General Chairs:
Jens Knoop
TU Vienna, Austria
,
Valentina Salapura
IBM
,
Program Chairs:
Israel Koren
University of Massachusetts Amherst
,
Gerardo Pelosi
Politecnico di Milano

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

HiPEAC: HiPEAC Network of Excellence

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 January 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CS2

Sponsor:

HiPEAC

CS2: Cryptography and Security in Computing Systems

January 20, 2014

Vienna, Austria

Acceptance Rates

CS2 '14 Paper Acceptance Rate 6 of 26 submissions, 23%;

Overall Acceptance Rate 27 of 91 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
247
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)1

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wei CHong GWang AWang JSun SDing YZhu LMa W(2024)Time Is Not Enough: Timing Leakage Analysis on Cryptographic Chips via Plaintext-Ciphertext Correlation in Non-Timing ChannelIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.344911919(8544-8558)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3449119
Cheng WGuilley SRioul OCheng WGuilley SRioul O(2024)Attacks on Unprotected DevicesMathematical Foundations for Side-Channel Analysis of Cryptographic Systems10.1007/978-3-031-64399-6_3(25-138)Online publication date: 12-Jul-2024
https://doi.org/10.1007/978-3-031-64399-6_3
Bouvet AGuilley SVlasak L(2021)First-Order Side-Channel Leakage Analysis of Masked but Asynchronous AESSecurity and Privacy10.1007/978-3-030-90553-8_2(16-29)Online publication date: 9-Nov-2021
https://doi.org/10.1007/978-3-030-90553-8_2
Ouladj MGuilley SOuladj MGuilley S(2021)Foundations of Side-Channel AttacksSide-Channel Analysis of Embedded Systems10.1007/978-3-030-77222-2_2(9-20)Online publication date: 29-Jul-2021
https://doi.org/10.1007/978-3-030-77222-2_2
Carré SFacon AGuilley STakarabt SSchaub ASouissi Y(2019)Cache-Timing Attack Detection and PreventionConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-16350-1_2(13-21)Online publication date: 16-Mar-2019
https://doi.org/10.1007/978-3-030-16350-1_2
Mao BHu WAlthoff AMatai JTai YMu DSherwood TKastner R(2018)Quantitative Analysis of Timing Channel Security in Cryptographic Hardware DesignIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2017.276842037:9(1719-1732)Online publication date: 1-Sep-2018
https://dl.acm.org/doi/10.1109/TCAD.2017.2768420
de Chérisey EGuilley SRioul OJayasinghe D(2016)Template Attacks with Partial Profiles and Dirichlet PriorsProceedings of the Hardware and Architectural Support for Security and Privacy 201610.1145/2948618.2948625(1-8)Online publication date: 18-Jun-2016
https://dl.acm.org/doi/10.1145/2948618.2948625
Bruneau NGuilley SHeuser AMarion DRioul O(2015)Less is MoreCryptographic Hardware and Embedded Systems -- CHES 201510.1007/978-3-662-48324-4_2(22-41)Online publication date: 1-Sep-2015
https://doi.org/10.1007/978-3-662-48324-4_2
Bhasin SDanger JGuilley SNajm ZLee RShi W(2014)Side-channel leakage and trace compression using normalized inter-class varianceProceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy10.1145/2611765.2611772(1-9)Online publication date: 15-Jun-2014
https://dl.acm.org/doi/10.1145/2611765.2611772

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents