Abstract
Timing-based side-channel attacks have matured from an academic exercise to a powerful attack vector in the hand of real-world adversaries. A widely deployed countermeausure against such attacks is to reduce the accuracy of the clocks that are available to adversaries. While a number of high-profile attacks show that this mitigation can be side-stepped, there has not been a principled analysis of the degree of security it provides until now. In this paper, we perform the first information-flow analysis with respect to adversaries with coarse-grained clocks. To this end, we define an adversary model that is parametric in the granularity of the clock and connect it with a system model based on timed automata. We present algorithms for translating such a system to an information-theoretic channel, which enables us to analyze the leakage using standard techniques from quantitative information-flow analysis. We use our techniques to derive insights about the effect of reducing clock resolution on security. In particular, (1) we show that a coarse-grained clock might leak more than a fine-grained one, (2) we give a sufficient condition for when increasing the grain of the clock we achieve better security, and (3) we show that the attack techniques used in the literature form a strict hierarchy in terms of the information an adversary can extract using them. Finally, we illustrate the expressiveness of our development on a case study of a system that uses RSA signatures.
Original language | English |
---|---|
Title of host publication | Proceedings of 2019 IEEE 32nd Computer Security Foundations Symposium |
Publisher | IEEE Computer Society Press |
Publication date | 1 Jun 2019 |
Pages | 32-47 |
Article number | 8823781 |
ISBN (Electronic) | 9781728114064 |
DOIs | |
Publication status | Published - 1 Jun 2019 |
Event | 2019 IEEE 32nd Computer Security Foundations Symposium - Hoboken, United States Duration: 25 Jun 2019 → 28 Jun 2019 Conference number: 32 https://ieeexplore.ieee.org/xpl/conhome/8804915/proceeding |
Conference
Conference | 2019 IEEE 32nd Computer Security Foundations Symposium |
---|---|
Number | 32 |
Country/Territory | United States |
City | Hoboken |
Period | 25/06/2019 → 28/06/2019 |
Sponsor | IEEE |
Internet address |
Series | Proceedings - IEEE Computer Security Foundations Symposium |
---|---|
Volume | 2019-June |
ISSN | 1940-1434 |
Keywords
- Quantitative information flow
- Timed automata
- Timing channels