Timing leaks and coarse-grained clocks

Panagiotis Vasilikos, Hanne Riis Nielson, Flemming Nielson, Boris Kopf

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

12 Downloads (Pure)


Timing-based side-channel attacks have matured from an academic exercise to a powerful attack vector in the hand of real-world adversaries. A widely deployed countermeausure against such attacks is to reduce the accuracy of the clocks that are available to adversaries. While a number of high-profile attacks show that this mitigation can be side-stepped, there has not been a principled analysis of the degree of security it provides until now. In this paper, we perform the first information-flow analysis with respect to adversaries with coarse-grained clocks. To this end, we define an adversary model that is parametric in the granularity of the clock and connect it with a system model based on timed automata. We present algorithms for translating such a system to an information-theoretic channel, which enables us to analyze the leakage using standard techniques from quantitative information-flow analysis. We use our techniques to derive insights about the effect of reducing clock resolution on security. In particular, (1) we show that a coarse-grained clock might leak more than a fine-grained one, (2) we give a sufficient condition for when increasing the grain of the clock we achieve better security, and (3) we show that the attack techniques used in the literature form a strict hierarchy in terms of the information an adversary can extract using them. Finally, we illustrate the expressiveness of our development on a case study of a system that uses RSA signatures.

Original languageEnglish
Title of host publicationProceedings of 2019 IEEE 32nd Computer Security Foundations Symposium
PublisherIEEE Computer Society Press
Publication date1 Jun 2019
Article number8823781
ISBN (Electronic)9781728114064
Publication statusPublished - 1 Jun 2019
Event32nd IEEE Computer Security Foundations Symposium - Hoboken, United States
Duration: 25 Jun 201928 Jun 2019


Conference32nd IEEE Computer Security Foundations Symposium
CountryUnited States
SeriesProceedings - IEEE Computer Security Foundations Symposium


  • Quantitative information flow
  • Timed automata
  • Timing channels

Fingerprint Dive into the research topics of 'Timing leaks and coarse-grained clocks'. Together they form a unique fingerprint.

Cite this