Attacking the Implementation (and timing attacks)

These are lecture notes from my Computer Science course.

So far, we have always assumed that a cryptographic system is a purely “mathematical” black box and input/output is all that can be viewed/analysed. However that isn’t how it works in the real world; they’re executed on physical devices. These executions take time, consume power, etc. etc. and these traits are actually variables – dependent on the data they are dealing with.


Consider a safe, you might assume that trying a combination is “atomic”. However that’s not the case – there is a sequence of tumblers that fall as the dial is turned correctly. Therefore you can use a stethoscope to listen to the intermediate states as the tumblers fall.

What if a password is checked byte by byte and aborts if an incorrect byte is found? And then that password is stored across a page boundary in memory? You can watch for page faults to see how many characters are correct.

Timing attacks

There’s a lot of complicated maths in the slides, so I’ll just summarise; if there are correlations between the time and the calculation being done (and there often are!), this provides an avenue of attack. These correlations can be quite subtle however. There are ways of making the attackers job harder (e.g. do random calculations to add extra delay) but not impossible. You can protect against these attacks if you know they are possible, which is the same as with Power Attacks (covered in another lecture).

This entry was posted in cry, lecture. Bookmark the permalink.