Loading...
Please wait, while we are loading the content...
Similar Documents
Extended Abstract : An Experimental Study of a Bucketing Approach ∗
| Content Provider | Semantic Scholar |
|---|---|
| Author | Dantas, Yuri Gil Hamann, Tobias Mantel, Heiko Schickel, Johannes |
| Copyright Year | 2017 |
| Abstract | When a secret has influence on the timing of a program, an attacker can measure the execution time of the program in order to learn some information about the secret. More specifically, this can be done by sending ordinary inputs to the program and analyzing the time taken to execute the program. Traditionally, these attacks, namely Timing Side-Channel Attacks [2], are carried out against cryptographic implementations [2, 13] and web applications [1, 6]. Indeed, there have been several attacks developed against TLS protocol [2], AES [5] and RSA implementations [11], where researchers demonstrated the feasibility of fully recovering the secret key. Although several approaches [3, 14, 12, 8, 7] have been proposed in order to eliminate timing sidechannel attacks, the problem is still not solved, mainly due to practicality and effectiveness reasons. For instance, implementations based on the static transformation [8] approach are not fully practical due to the large performance penalty caused by the transformation. Moreover, dynamic transformation [7] is not always effective as demonstrated in [4]. Eliminating timing side-channel attacks is challenging, as countermeasures should not only eliminate these attacks by reducing the amount of information leakage from the program, but also should be practical to use. With this in mind, another approach, namely Bucketing [14, 9], has been proposed. Bucketing is a quantitative approach for reducing timing side-channel attacks by decreasing the number of possible timing observations, while minimizing the performance penalty. Although Bucketing has been shown to be sound, it has not been implemented to the best of our knowledge. In this paper, we provide an implementation of Bucketing at the application level. More concretely, we implement Bucketing using a runtime enforcement tool and experimentally evaluate the effectiveness of our implementation for reducing timing side-channel attacks. In summary, the contributions of this paper are two-fold: • We implement Bucketing at the application level using a runtime enforcement tool. Our implementation is generic in the sense that it can be applied to any Java program with deterministic timing behavior, which is a foundational assumption of Bucketing [14]. • We evaluate the effectiveness of our implementation. For this, we carry out several experiments, with and without using Bucketing. In each experiment, we measure the running time of the program for different secret input values. For all experiments, we observed a quantitative reduction of information leakage from the program when using our implementation. This paper is organized as follows. Section 2 introduces the concept of Bucketing. Section 3 explains briefly how we implemented Bucketing using a runtime enforcement tool, and Section 4 contains our experimental results. Finally, in Section 5, we conclude the paper by discussing future work. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://qapl17.doc.ic.ac.uk/short1.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
