en English is Íslenska

Thesis (Master's)

Reykjavík University > Tæknisvið / School of Technology > MSc Tölvunarfræðideild / Department of Computer Science >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1946/29661

  • Using Autocorrelations to Detect Potential Side-Channels
  • Master's
  • Side-channel attacks like timing attacks are a severe threat towards cyber security. Although this type of attack has been known for more than 10 years, exploits based on timing attacks are still published. The aim of this work is to find a simple testing method for crypto libraries, that shows potential vulnerabilities. Therefore a precise measurement method is crucial.
    Firstly experiments with Python benchmarking tools have been performed using a constant time AES implementation. The measurement has been repeated using the method proposed by Intel, that recommends the programming language C, specific instructions and the kernel
    mode. This measurement method performed better than the one in Python. Furthermore the autocorrelation method and the Ljung-Box test have been applied to measurement results of the tests performed in C, but no large autocorrelations that indicate a timing leak were found.
    The measurement method was then applied to OpenSSLs RSA decryption function, which leaks exploitable timing variances, if blinding is disabled. Although higher autocorrelations were found within this experiment, the results were so heavily affected by noise, that it was
    difficult to determine if they came from the timing leak or from system noise. Therefore the goal to develop a simple testing method has not been reached.

  • Feb 22, 2018
  • http://hdl.handle.net/1946/29661

Files in This Item:
Filename Size VisibilityDescriptionFormat 
MSC-BUTSCHEK-2018.pdf5.85 MBOpenComplete TextPDFView/Open