J. Danger, Nicolas Debande, S. Guilley, Youssef Souissi
{"title":"高阶定时攻击","authors":"J. Danger, Nicolas Debande, S. Guilley, Youssef Souissi","doi":"10.1145/2556315.2556316","DOIUrl":null,"url":null,"abstract":"The timing attack (TA) is a side-channel analysis (SCA) variant that exploits information leakage through the computation duration. Previously, leakages in timing have been exploited by comparison analysis, most often thanks to \"correlation - collision\" or pre-characterization on a clone device. Time bias can also be used to break a secret crypto-system by linear correlations in a non-profiled setting. There is direct parallel between the Correlation Power Attack (CPA) and TA, the distinguisher being the same, but the exploited data being either vertical or horizontal. The countermeasures against such attacks consist in making the algorithm run in either random or constant time. In this paper, we show that the former is prone to high-order attacks that analyse the higher moments of the time computation during code execution. We present successful second-order timing attacks (2O-TA) based on a correlation and compare it to the second-order power attack. All experiments have been conducted on an 8-bit processor running an AES-128.","PeriodicalId":153749,"journal":{"name":"CS2 '14","volume":"75 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"High-order timing attacks\",\"authors\":\"J. Danger, Nicolas Debande, S. Guilley, Youssef Souissi\",\"doi\":\"10.1145/2556315.2556316\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The timing attack (TA) is a side-channel analysis (SCA) variant that exploits information leakage through the computation duration. Previously, leakages in timing have been exploited by comparison analysis, most often thanks to \\\"correlation - collision\\\" or pre-characterization on a clone device. Time bias can also be used to break a secret crypto-system by linear correlations in a non-profiled setting. There is direct parallel between the Correlation Power Attack (CPA) and TA, the distinguisher being the same, but the exploited data being either vertical or horizontal. The countermeasures against such attacks consist in making the algorithm run in either random or constant time. In this paper, we show that the former is prone to high-order attacks that analyse the higher moments of the time computation during code execution. We present successful second-order timing attacks (2O-TA) based on a correlation and compare it to the second-order power attack. All experiments have been conducted on an 8-bit processor running an AES-128.\",\"PeriodicalId\":153749,\"journal\":{\"name\":\"CS2 '14\",\"volume\":\"75 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-01-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"CS2 '14\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2556315.2556316\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"CS2 '14","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2556315.2556316","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The timing attack (TA) is a side-channel analysis (SCA) variant that exploits information leakage through the computation duration. Previously, leakages in timing have been exploited by comparison analysis, most often thanks to "correlation - collision" or pre-characterization on a clone device. Time bias can also be used to break a secret crypto-system by linear correlations in a non-profiled setting. There is direct parallel between the Correlation Power Attack (CPA) and TA, the distinguisher being the same, but the exploited data being either vertical or horizontal. The countermeasures against such attacks consist in making the algorithm run in either random or constant time. In this paper, we show that the former is prone to high-order attacks that analyse the higher moments of the time computation during code execution. We present successful second-order timing attacks (2O-TA) based on a correlation and compare it to the second-order power attack. All experiments have been conducted on an 8-bit processor running an AES-128.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
