A Provably Secure and Efficient Countermeasure against Timing Attacks

Köpf, Boris; Dürmuth, Markus

doi:10.1109/csf.2009.21

Cited by 80 publications

(130 citation statements)

References 17 publications

Supporting

Mentioning

129

Contrasting

Order By: Relevance

“…Finally, the model of side-channels presented in this paper serves as the basis for the quantitative analysis of systems with respect to unknown-message attacks [4,31]. By comparing the side-channel leakage in unknown-message attacks to that in adaptive attacks, one can quantify the resistance gained by applying message-blinding, the state-of-the art countermeasure against timing attacks.…”

Section: Related Workmentioning

confidence: 99%

Automatically deriving information-theoretic bounds for adaptive side-channel attacks

Köpf

Basin

2011

JCS

Self Cite

View full text Add to dashboard Cite

We present a model of adaptive attacks which we combine with information-theoretic metrics to quantify the information revealed to an adaptive adversary. This enables us to express an adversary's remaining uncertainty about a secret as a function of the number of interactions with the system under attack. We present algorithms and approximation methods for computing this function. The main application area for our approach is the analysis of side-channels in cryptographic algorithms and we give examples of how it can be used to characterize the vulnerability of hardware implementations to timing and power attacks. We also show the generality of our approach by using it to quantify the information leaked by a security protocol.

show abstract

Section: Related Workmentioning

confidence: 99%

Automatically deriving information-theoretic bounds for adaptive side-channel attacks

Köpf

Basin

2011

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Köpf and Dürmuth (Köpf and Dürmuth 2009) have recently argued that, however effective in practice, the exact degree of protection provided by blinding remains unclear. They therefore propose to enhance blinding with bucketing, a technique by which the algorithm's execution times are adjusted so as to always fall in one of few predefined values.…”

Section: Timing Leaks and Blinding In Modular Exponentiationmentioning

confidence: 99%

“…They rely on the informationtheoretic method of types to determine the asymptotic behaviour of the considered quantities, as we do in the present paper. An application of their setting to the modular exponentiation algorithm is the subject of (Köpf and Dürmuth 2009), where the effect of bucketing on security of rsa is examined (see Section 5). This study has recently been extended to the case of one-try attacks by Köpf and Smith in (Köpf and Smith 2010).…”

Section: Related Workmentioning

confidence: 99%

Asymptotic Information Leakage under One-Try Attacks

Boreale

Pampaloni

Paolini

2011

Foundations of Software Science and Computational Structures

View full text Add to dashboard Cite

We study the asymptotic behaviour of (a) information leakage and (b) adversary's error probability in information hiding systems modelled as noisy channels. Specifically, we assume the attacker can make a single guess after observing n independent executions of the system, throughout which the secret information is kept fixed. We show that the asymptotic behaviour of quantities (a) and (b) can be determined in a simple way from the channel matrix. Moreover, simple and tight bounds on them as functions of n show that the convergence is exponential. We also discuss feasible methods to evaluate the rate of convergence. Our results cover both the Bayesian case, where a prior probability distribution on the secrets is assumed known to the attacker, and the maximum-likelihood case, where the attacker does not know such distribution. In the Bayesian case, we identify the distributions that maximize the leakage. We consider both the min-entropy setting studied by Smith and the additive form recently proposed by Braun et al., and show the two forms do agree asymptotically. Next, we extend these results to a more sophisticated eavesdropping scenario, where the attacker can perform a (noisy) observation at each state of the computation and the systems are modelled as hidden Markov models.

show abstract

“…They rely on the information-theoretic method of types to determine the asymptotic behaviour of the considered quantities, as we do in the present paper. An application of their setting to the modular exponentiation algorithm is the subject of Köpf and Dürmuth (2009), where the effect of bucketing on security of rsa is examined (see Section 5). This study has recently been extended to the case of one-try attacks by Köpf and Smith (2010).…”

Section: Related Workmentioning

confidence: 99%

Asymptotic information leakage under one-try attacks

Boreale¹,

Pampaloni

Paolini

2014

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

We study the asymptotic behaviour of (a) information leakage and (b) adversary's error probability in information hiding systems modelled as noisy channels. Specifically, we assume the attacker can make a single guess after observing n independent executions of the system, throughout which the secret information is kept fixed. We show that the asymptotic behaviour of quantities (a) and (b) can be determined in a simple way from the channel matrix. Moreover, simple and tight bounds on them as functions of n show that the convergence is exponential. We also discuss feasible methods to evaluate the rate of convergence. Our results cover both the Bayesian case, where an a priori probability distribution on the secrets is assumed known to the attacker, and the maximum-likelihood case, where the attacker does not know such distribution. In the Bayesian case, we identify the distributions that maximize leakage. We consider both the min-entropy setting studied by Smith and the additive form recently proposed by Braun et al. and show the two forms do agree asymptotically. Next, we extend these results to a more sophisticated eavesdropping scenario, where the attacker can perform a (noisy) observation at each state of the computation and the systems are modelled as hidden Markov models.

show abstract

A Provably Secure and Efficient Countermeasure against Timing Attacks

Cited by 80 publications

References 17 publications

Automatically deriving information-theoretic bounds for adaptive side-channel attacks

Automatically deriving information-theoretic bounds for adaptive side-channel attacks

Asymptotic Information Leakage under One-Try Attacks

Asymptotic information leakage under one-try attacks

Contact Info

Product

Resources

About