Security against Timing Analysis Attack

Timing attack is the type of side-channel attack involves the time taken to complete critical operations. Securing crypto processor from timing attack is critical issue. This paper implements the Bernstein’s Timing Attack and timing attack based on hamming weight. The countermeasures of Bernstein’s Timing attack are implemented in our experimental test bed and their performance is compared. This paper also proposes the key recovery method based on timing attack using hamming weight of the key.

Download Full-text

A Comprehensive Study of the Key Enumeration Problem

Entropy ◽

10.3390/e21100972 ◽

2019 ◽

Vol 21 (10) ◽

pp. 972 ◽

Cited By ~ 2

Author(s):

Ricardo Villanueva-Polanco

Keyword(s):

Main Memory ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Enumeration Algorithm ◽

Key Recovery ◽

Recovery Algorithm ◽

Enumeration Problem ◽

Enumeration Algorithms ◽

Recovery Problem

In this paper, we will study the key enumeration problem, which is connected to the key recovery problem posed in the cold boot attack setting. In this setting, an attacker with physical access to a computer may obtain noisy data of a cryptographic secret key of a cryptographic scheme from main memory via this data remanence attack. Therefore, the attacker would need a key-recovery algorithm to reconstruct the secret key from its noisy version. We will first describe this attack setting and then pose the problem of key recovery in a general way and establish a connection between the key recovery problem and the key enumeration problem. The latter problem has already been studied in the side-channel attack literature, where, for example, the attacker might procure scoring information for each byte of an Advanced Encryption Standard (AES) key from a side-channel attack and then want to efficiently enumerate and test a large number of complete 16-byte candidates until the correct key is found. After establishing such a connection between the key recovery problem and the key enumeration problem, we will present a comprehensive review of the most outstanding key enumeration algorithms to tackle the latter problem, for example, an optimal key enumeration algorithm (OKEA) and several nonoptimal key enumeration algorithms. Also, we will propose variants to some of them and make a comparison of them, highlighting their strengths and weaknesses.

Download Full-text

On the Randomness Timing Analysis of Timing Side Channel Attack on Key Derivation Functions

Proceedings of the 2018 VII International Conference on Network, Communication and Computing - ICNCC 2018 ◽

10.1145/3301326.3301332 ◽

2018 ◽

Author(s):

Wen Wen Koh ◽

Chai Wen Chuah

Keyword(s):

Timing Analysis ◽

Side Channel ◽

Side Channel Attack ◽

Key Derivation

Download Full-text

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i4.676-707 ◽

2021 ◽

pp. 676-707

Author(s):

Kalle Ngo ◽

Elena Dubrova ◽

Qian Guo ◽

Thomas Johansson

Keyword(s):

Error Correcting Codes ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Order Model ◽

Session Key ◽

Key Recovery ◽

Message Recovery ◽

Recovery Approach

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

Download Full-text

One Bit is All It Takes: A Devastating Timing Attack on BLISS’s Non-Constant Time Sign Flips

Journal of Mathematical Cryptology ◽

10.1515/jmc-2020-0079 ◽

2020 ◽

Vol 15 (1) ◽

pp. 131-142

Author(s):

Mehdi Tibouchi ◽

Alexandre Wallet

Keyword(s):

Likelihood Estimation ◽

Constant Time ◽

Side Channel ◽

Key Recovery ◽

Signature Generation ◽

Fisher Information Metric ◽

Timing Attack ◽

Information Metric ◽

Key Recovery Attack ◽

Cache Attacks

AbstractAs one of the most efficient lattice-based signature schemes, and one of the only ones to have seen deployment beyond an academic setting (e.g., as part of the VPN software suite strongSwan), BLISS has attracted a significant amount of attention in terms of its implementation security, and side-channel vulnerabilities of several parts of its signing algorithm have been identified in previous works. In this paper, we present an even simpler timing attack against it. The bimodal Gaussian distribution that BLISS is named after is achieved using a random sign flip during signature generation, and neither the original implementation of BLISS nor strongSwan ensure that this sign flip is carried out in constant time. It is therefore possible to recover the corresponding sign through side-channel leakage (using, e.g., cache attacks or branch tracing). We show that obtaining this single bit of leakage (for a moderate number of signatures) is in fact sufficient for a full key recovery attack. The recovery is carried out using a maximum likelihood estimation on the space of parameters, which can be seen as a statistical manifold. The analysis of the attack thus reduces to the computation of the Fisher information metric.

Download Full-text