A Formal Analysis of Timing Channel Security via Bucketing

Terauchi, Tachio; Antonopoulos, Timos

doi:10.1007/978-3-030-17138-4_2

Cited by 4 publications

(2 citation statements)

References 43 publications

(103 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It should be noted that this definition of security is used in our earlier work [23] and it also closely corresponds to the definition used in the DARPA STAC program [20].…”

Section: Preliminariesmentioning

confidence: 99%

Games for Security Under Adaptive Adversaries

Antonopoulos

Terauchi

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

Self Cite

View full text Add to dashboard Cite

This work explores methods for proving and disproving security of systems under adaptive adversaries. Adaptive adversaries are ones which make their next move based on the previous observations. Our first contribution is a new game based characterization of security. We show that the game accurately captures security of deterministic and probabilistic systems against adaptive (probabilistic) adversaries. In addition, we build on top of the game characterization and present techniques that expedite proving the existence of attacker and defender strategies, and consequently proving security or vulnerability of systems.The first is what we call attack (and defense) slopes which give simple sufficient criteria for existence of winning strategies (for attacker and defender). The second is reductions of one game to another achieved by mapping a strategy of one to that of the other. We show that such reductions can prove or disprove security by reducing from a game of a secure system or reducing to that of a non-secure system.

show abstract

“…It should be noted that this definition of security is used in our earlier work [23] and it also closely corresponds to the definition used in the DARPA STAC program [20].…”

Section: Preliminariesmentioning

confidence: 99%

Games for Security Under Adaptive Adversaries

Antonopoulos

Terauchi

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The attack becomes a fatal threat if the attacker can actively choose the input to the target program [1], [6], [11], and countermeasures such as bucketing and blinding are studied thereafter. The bucketing inserts dummy operations to hide real running time, but it slows down the computation, and furthermore, its effectiveness is questioned recently [12]. The blinding is another countermeasure that is effective to programs for numerical computations.…”

Section: Introductionmentioning

confidence: 99%

Information Leakage Through Passive Timing Attacks on RSA Decryption System

Hirata

Kaji

2023

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

A side channel attack is a means of security attacks that tries to restore secret information by analyzing side-information such as electromagnetic wave, heat, electric energy and running time that are unintentionally emitted from a computer system. The side channel attack that focuses on the running time of a cryptosystem is specifically named a "timing attack". Timing attacks are relatively easy to carry out, and particularly threatening for tiny systems that are used in smart cards and IoT devices because the system is so simple that the processing time would be clearly observed from the outside of the card/device. The threat of timing attacks is especially serious when an attacker actively controls the input to a target program. Countermeasures are studied to deter such active attacks, but the attacker still has the chance to learn something about the concealed information by passively watching the running time of the target program. The risk of passive timing attacks can be measured by the mutual information between the concealed information and the running time. However, the computation of the mutual information is hardly possible except for toy examples. This study focuses on three algorithms for RSA decryption, derives formulas of the mutual information under several assumptions and approximations, and calculates the mutual information numerically for practical security parameters.

show abstract

A review of hardware timing channel detection and mitigation

Chen

Zhu

Mao

et al. 2020

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

Hardware timing channels are likely to leak information and easily ignored, which has gradually become the target of attacker. However, there are few investigations systematically analyse hardware timing channel detection and mitigation. In this article, we perform in-depth analysis for the detection technologies such as taint analysis, fuzzing, symbolic analysis and information statistics. And we further analyse some mitigation techniques such as taint analysis and algorithm analysis. Moreover, we compare and analyse the methodologies and characteristics of detecting and mitigating timing channel attack in recent years, and proposes a feasible perspective.

show abstract

A Formal Analysis of Timing Channel Security via Bucketing

Cited by 4 publications

References 43 publications

Games for Security Under Adaptive Adversaries

Games for Security Under Adaptive Adversaries

Information Leakage Through Passive Timing Attacks on RSA Decryption System

A review of hardware timing channel detection and mitigation

Contact Info

Product

Resources

About