Exploratory study of Timing Attack on RSA cryptosystem

  • Francisco Bolaños Burgos Universidad de Especialidades Espíritu Santo de Guayaquil
  • Luis García Tenesaca Universidad de Especialidades Espíritu Santo de Guayaquil
  • Antonio Cevallos Gamboa Universidad de Especialidades Espíritu Santo de Guayaquil
Keywords: Side, Channel, attacks, Timing, systems, countermeasures.

Abstract

This paper makes an exploratory bibliographic analysis of the Timing Attack (TA) technique on the Side Channel Attacks (SCA) in RSA. The information assets, operation modes and countermeasures of 22 papers were analyzed. Findings show that smartcards are the most attacked information assets (32%), blinding is the most applied countermeasure (33%) and the Chinese Remainder Theorem (CRT) or Montgomery Multiplication (MM) with CRT are the most frequent operation modes (41%). Furthermore, just one attack was executed in telecom unication systems, this opens the possibilty for future work, analyzing the same technique using the tecnologies WiMAX and the SIP VoIP protocol.

DOI  

Downloads

Download data is not yet available.

Author Biographies

Francisco Bolaños Burgos, Universidad de Especialidades Espíritu Santo de Guayaquil

Francisco Bolaños Burgos es ingeniero en Computación y magíster en seguridad informática aplicada de la Escuela Superior Politécnica del Litoral (ESPOL) en Guayaquil, Ecuador. Se desempeña como director de la Maestría en Auditoría de Tecnologías de la Información (MATI). Enseña criptografía, hackeo ético y seguridad de la información en la Facultad de Postgrados en UEES. Sus líneas de investigación son: seguridad de la información y herramientas de evaluación (rubrics y scripts).

 

Luis García Tenesaca, Universidad de Especialidades Espíritu Santo de Guayaquil
Luis García Tenesaca es ingeniero en Telecomunicaciones de la UEES. Se desempeña como Account Manager de Huawei Technologies CO., LTD. Sus líneas de investigación son: protocolos y estándares de comunicación.
Antonio Cevallos Gamboa, Universidad de Especialidades Espíritu Santo de Guayaquil
Antonio Cevallos Gamboa es ingeniero en sistemas, magíster en Sistemas de Información Gerencial y Administración de Empresas, PhD candidate de la Universidad Del Rosario en Bogotá, Colombia. Es decano de la Facultad de Ingeniería en Sistemas Telecomunicaciones y Electrónica (FISTE). Enseña escritura académica, metodología de la investigación y sistemas de información en la Facultad de Postgrado en UEES. Sus líneas de investigación son: sistemas de información, Tics, innovación y liderazgo tecnológico.

References

F.-X. Standaert, «Introduction to Side-Channel Attacks,» de Secure Integrated Circuits and Systems, Boston, MA, USA, Springer US, 2010, pp. 27-42.

R. Oppliger, Contemporary Cryptography (2nd Edition), Norwood, MA: Artech House, 2011.

Y. Zhou y D. Feng, «Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing,» 2006. [En línea]. Available: https://www.eprint.iacr.org.

C. Chen, T. Wang y J. Tian, «Improving timingattack on RSA-CRT via error detection and correction strategy,» Information Sciences, vol. 232, pp. 464-474, 2013.

P. C. Kocher, «Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems.,» de Andvances in Cryptology -CRYPTO'96: 16th Annual International Cryptology Conference, 1996.

J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater y J.-L. Willems, «A practical implementation of the timing attack,» de Smart Card Research and Applications: Third International Conference, CARDIS’98, 2000.

W. Schindler, «A timing attack against RSA with the chinese remainder theorem,» de Cryptographic Hardware and Embedded Systems —CHES 2000: Second International Workshop, 2000.

W. Schindler, F. Koeune y J.-J. Quisquater, «Improving divide and conquer attacks against cryptosystems by better error deteecction / correction strategies,» de Cryptography and Coding: 8th IMA International Conference, 2001.

C. D. Walter y S. Thompson, «Distinguishing exponent digits by observing modular substractions,» de Topics in Cryptology -CT-RSA 2001: The Cryptographers’ Track at RSA Conference 2001, 2001.

W. Schindler, F. Koeune y J.-J. Quisquater, «Unleashing the full power of timing attack,» Catholic University of Louvain -Crypto Group, 2001, 2001.

W. Schindler, «A combined timing and power attack,» Public Key Cryptography: 5th International Workshop on Practice and Theory in Public Key Cryptosystems, pp. 263-279, Febrero 2002a.

W. Schindler, «Optimized timing attacks against public key cryptosystems,» Statistics & Risk Modeling, vol. 20, nº 1-4, pp. 191-210, 2002b.

W. Schindler y C. D. Walter, «More detail for a combined timing and power attack against implementations of RSA,» Cryptography and Coding: 9th IMA International Conference, vol. 2898, pp. 245-263, 2003.

C. D. Walter, «Longer keys may facilitate side channel attacks,» Selected Areas in Cryptography: 10th Annual International Workshop, SAC 2003, vol. 3006, pp. 42-57, 2004.

D. Brumley y D. Boneh, «Remote timing attacks are practical,» ComputerNetworks, vol. 48, nº 5, pp. 701-716, 2005.

O. Aciiçmez, W. Schindler y Ç. K. Koç, «Improving Brumley and Boneh timing attack on unprotected SSL implementations,» de Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005.

W. Schindler, «On the optimization of side-channel attacks by advanced stochastic methods,» Public Key Cryptography -PKC 2005: 8th International Workshop on Theory and Practice in Public Key Cryptography, vol. 3386, pp. 85-103, 2005.

Y. Tomoeda, H. Miyake, A. Shimbo y S. Kawamura, «An SPA-based extension of Schindler's timing attack against RSA using CRT,» de IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2005.

S. A. Crosby, D. S. Wallach y R. H. Riedi, «Opportunitiesand limits of remote timing attacks,» ACM Transactions on Information and System Security (TISSEC), vol. 12, nº 3, 2009.

R. Tóth, Z. Faigl, M. Szalay y S. Imre, «An advanced timing attack scheme on RSA,» de Telecommunications Network Strategy and PlanningSymposium, 2008. Networks 2008. The 13th International, 2008.

Z. Ge, F.-H. Simone, L. A. Martucci y S. Ehlert, «Revealing the calling history of SIP VoIP systems by timing attacks,» de 2009 International Conference on Availability, Reliability and Security, 2009.

C. Chen, T. Wang y J. Tiang, «An improved timing attack with error detection on RSA-CRT,» 2010. [En línea]. Available: https://eprint.iacr.org/2010/054.

C. Arnaud y P. Fouque, «Timing attack against protected RSA-CRT implementation used in PolarSSL,» de Topics in Cryptology –CT-RSA 2013: The Cryptographers’ Track at the RSA Conference 2013 , 2013.

W. Schindler, «Exponent blinding may not prevent timing attacks on RSA,» 2014. [En línea]. Available: https://www.eprint.iacr.org/.

W. Schindler, «Exclusive exponent blinding may not suffice to prevent timing attacks on RSA,» de Cryptographic Hardware and Embedded Systems –CHES 2015: 17th International Workshop, 2015.

Cover Vol 3, No-2 (2016)
Published
2016-12-09
How to Cite
[1]
F. Bolaños Burgos, L. García Tenesaca, and A. Cevallos Gamboa, “Exploratory study of Timing Attack on RSA cryptosystem”, LAJC, vol. 3, no. 2, p. 6, Dec. 2016.
Issue
Vol 3 No 2 (2016)
Section
Research Articles for the Regular Issue

Licencia Creative Commons

This article is published by LAJC under a Creative Commons Attribution-Non-Commercial-Share-Alike 4.0 International License. This means that non-exclusive copyright is transferred to the National Polytechnic School. The Author (s) give their consent to the Editorial Committee to publish the article in the issue that best suits the interests of this Journal. Find out more in our Copyright Notice.

Disclaimer

LAJC in no event shall be liable for any direct, indirect, incidental, punitive, or consequential copyright infringement claims related to articles that have been submitted for evaluation, or published in any issue of this journal. Find out more in our Disclaimer Notice.