Timing leaks and coarse-grained clocks

Panagiotis Vasilikos, Hanne Riis Nielson, Flemming Nielson, Boris Kopf

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

63 Downloads (Orbit)

Abstract

Timing-based side-channel attacks have matured from an academic exercise to a powerful attack vector in the hand of real-world adversaries. A widely deployed countermeausure against such attacks is to reduce the accuracy of the clocks that are available to adversaries. While a number of high-profile attacks show that this mitigation can be side-stepped, there has not been a principled analysis of the degree of security it provides until now. In this paper, we perform the first information-flow analysis with respect to adversaries with coarse-grained clocks. To this end, we define an adversary model that is parametric in the granularity of the clock and connect it with a system model based on timed automata. We present algorithms for translating such a system to an information-theoretic channel, which enables us to analyze the leakage using standard techniques from quantitative information-flow analysis. We use our techniques to derive insights about the effect of reducing clock resolution on security. In particular, (1) we show that a coarse-grained clock might leak more than a fine-grained one, (2) we give a sufficient condition for when increasing the grain of the clock we achieve better security, and (3) we show that the attack techniques used in the literature form a strict hierarchy in terms of the information an adversary can extract using them. Finally, we illustrate the expressiveness of our development on a case study of a system that uses RSA signatures.

Original languageEnglish
Title of host publicationProceedings of 2019 IEEE 32nd Computer Security Foundations Symposium
PublisherIEEE Computer Society Press
Publication date1 Jun 2019
Pages32-47
Article number8823781
ISBN (Electronic)9781728114064
DOIs
Publication statusPublished - 1 Jun 2019
Event2019 IEEE 32nd Computer Security Foundations Symposium - Hoboken, United States
Duration: 25 Jun 201928 Jun 2019
Conference number: 32
https://ieeexplore.ieee.org/xpl/conhome/8804915/proceeding

Conference

Conference2019 IEEE 32nd Computer Security Foundations Symposium
Number32
Country/TerritoryUnited States
CityHoboken
Period25/06/201928/06/2019
SponsorIEEE
Internet address
SeriesProceedings - IEEE Computer Security Foundations Symposium
Volume2019-June
ISSN1940-1434

Keywords

  • Quantitative information flow
  • Timed automata
  • Timing channels

Fingerprint

Dive into the research topics of 'Timing leaks and coarse-grained clocks'. Together they form a unique fingerprint.

Cite this