On Aggregation of Information in Timing Attacks
Title | On Aggregation of Information in Timing Attacks |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Rakotonirina, Itsaka, Köpf, Boris |
Conference Name | 2019 IEEE European Symposium on Security and Privacy (EuroS P) |
Date Published | June 2019 |
Publisher | IEEE |
ISBN Number | 978-1-7281-1148-3 |
Keywords | Aggregates, Analytical models, compositionality, Computational modeling, Computing Theory and Compositionality, cryptography, cryptosystems, divide and conquer methods, divide-and-conquer method, high-profile timing attacks, Human Behavior, human factors, information aggregation reasoning, information flow, information-flow analysis, Mathematical model, multiple timing measurements, program compositionality, program diagnostics, pubcrawl, real-world adversaries, real-world attacks, side-channels, system vulnerability, Timing, timing attacks |
Abstract | A key question for characterising a system's vulnerability against timing attacks is whether or not it allows an adversary to aggregate information about a secret over multiple timing measurements. Existing approaches for reasoning about this aggregate information rely on strong assumptions about the capabilities of the adversary in terms of measurement and computation, which is why they fall short in modelling, explaining, or synthesising real-world attacks against cryptosystems such as RSA or AES. In this paper we present a novel model for reasoning about information aggregation in timing attacks. The model is based on a novel abstraction of timing measurements that better captures the capabilities of real-world adversaries, and a notion of compositionality of programs that explains attacks by divide-and-conquer. Our model thus lifts important limiting assumptions made in prior work and enables us to give the first uniform explanation of high-profile timing attacks in the language of information-flow analysis. |
URL | https://ieeexplore.ieee.org/document/8806719 |
DOI | 10.1109/EuroSP.2019.00036 |
Citation Key | rakotonirina_aggregation_2019 |
- Information Flow
- timing attacks
- timing
- system vulnerability
- Side-Channels
- real-world attacks
- real-world adversaries
- pubcrawl
- program diagnostics
- program compositionality
- multiple timing measurements
- Mathematical model
- information-flow analysis
- Compositionality
- information aggregation reasoning
- high-profile timing attacks
- divide-and-conquer method
- divide and conquer methods
- cryptosystems
- Cryptography
- Computational modeling
- Analytical models
- Aggregates
- Computing Theory and Compositionality
- Human Factors
- Human behavior