SlideShare a Scribd company logo

Timing Attack paper--pres--v.01

Download as PPTX, PDF
A
anasz3z3

Timing Attack

Technology
1 of 14
Timing Attacks • Prepared By : *Anas Za’za’ • Dr. Adwan Yasin. • COMPUTER SECURITY.
Timing Attacks : side-channel attack based on measuring the length of time it takes to digitally sign a message(respond it)
Network Timing Attack Regular Client Server [Web,SSL] 1. ClientHello 2. ServerHello (send public key) 3. ClientKeyExchange
Attack Attack Client Server 1. ClientHello 2. ServerHello (send public key) 3. Record time t1 Send guess g or ghi 4. Alert 5. Record time t2 Compute t2 –t1
a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
Trick AAAAAAAAAA BAAAAAAAAA CAAAAAAAAA DAAAAAAAAA ... XAAAAAAAAA YAAAAAAAAA ZAAAAAAAAA
a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
Reform The Code match = true; for (i = 0; i < a.length; i++) { if (a[i] != b[i]) match := false; } return match;
Reform The Code 2 match = 0; for (i = 0; i < a.length; i++) { match = match or (a[i] xor b[i]); } return match == 0; A B OUTPUT A XOR B 0 0 0 0 1 1 1 0 1 1 1 0
Attack on OpenSSL OpenSSL: an open source cryptographic library used in web servers and other SSL applications.
RSA Key generation: • Generate large primes p, q • Compute n=pq and (n)=(p-1)(q-1) • Choose small e, relatively prime to (n) • Compute unique d such that ed = 1 mod (n) Public key = (e,n); private key = d Security relies on the assumption that it is difficult to compute roots modulo n without knowing p and q Encryption of p (simplified!): c = pe mod n Decryption of c: cd mod n = (pe)d mod n = m
Timing Attack on RSA • Initial guess g for q • Try all possible guesses for the top few bits • Suppose we know i-1 top bits of q. Goal: ith bit. • Set g =<known i-1 bits of q>000000 • Set ghi=<known i-1 bits of q>100000 - note: g<ghi • If g<q<ghi then the ith bit of q is 0 • If g<ghi<q then the ith bit of q is 1 • Goal: decide whether g<q<ghi or g<ghi<q Let ‘g’ be a guess as to the value of q Let ghi be the same value as g, with the i'th bit
slide 13 Two Possibilities for ghi Decryption time #Reductions Mult routine ghi Difference in decryption times ? between g and ghi will be small q g ghi? Value of ciphertext Difference in decryption times between g and ghi will be large D=|t1-t2|. If D is large then g<q<ghi and i’th bit of q is 0, otherwise the bit is 1.
RSA Blinding • Decrypt random number related to c: 1. Before decryption compute x’ = c*re mod N, r is random 2. p’ = Decrypt x’ 3. Calculate p = p’/r mod N • Since r is random, the decryption time should be random • 2-10% performance penalty

Recommended

RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Rsa
RsaRsa
Rsaismaelhaider
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyCysinfo Cyber Security Community
 

Recommended

RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Security Attacks on RSA
Security Attacks on RSASecurity Attacks on RSA
Security Attacks on RSAPratik Poddar
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Rsa
RsaRsa
Rsaismaelhaider
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyCysinfo Cyber Security Community
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange ProtocolPrateek Singh Bapna
 
Ch03
Ch03Ch03
Ch03Joe Christensen
 
Rc4
Rc4Rc4
Rc4Amjad Rehman
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric CryptographyUTD Computer Security Group
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key ExchangeSAURABHDHAGE6
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithmArpana shree
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Unit 1
Unit 1Unit 1
Unit 1Trupti Kodinariya
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherMona Rajput
 
Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and AttacksShahbaz Anjam
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
Link Analysis for Web Information Retrieval
Link Analysis for Web Information RetrievalLink Analysis for Web Information Retrieval
Link Analysis for Web Information RetrievalCarlos Castillo (ChaTo)
 
rsa.ppt
rsa.pptrsa.ppt
rsa.pptArkadiansNatblida
 
rsa.ppt
rsa.pptrsa.ppt
rsa.pptPrasadM389394
 

More Related Content

What's hot

2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithmsAnamika Singh
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key ExchangeSAURABHDHAGE6
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherMona Rajput
 
Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and AttacksShahbaz Anjam
 
Link Analysis for Web Information Retrieval
Link Analysis for Web Information RetrievalLink Analysis for Web Information Retrieval
Link Analysis for Web Information RetrievalCarlos Castillo (ChaTo)
 

What's hot (20)

2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 
Ch03
Ch03Ch03
Ch03
 
Rc4
Rc4Rc4
Rc4
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Cryptographic algorithms
Cryptographic algorithmsCryptographic algorithms
Cryptographic algorithms
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key Exchange
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Unit 1
Unit 1Unit 1
Unit 1
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSA
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
 
Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and Attacks
 
Pgp
PgpPgp
Pgp
 
Link Analysis for Web Information Retrieval
Link Analysis for Web Information RetrievalLink Analysis for Web Information Retrieval
Link Analysis for Web Information Retrieval
 

Similar to Timing Attack paper--pres--v.01

Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
 
Digital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesDigital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesPriyanka Aash
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptMuhammadAbdullah311866
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...FahmiOlayah
 
Technology, Process, and Strategy
Technology, Process, and StrategyTechnology, Process, and Strategy
Technology, Process, and Strategyereddick
 
RSA.pptx
RSA.pptxRSA.pptx
RSA.pptxmic
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)Dharmalingam Ganesan
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxVishwanathMahalle
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Riscure
 
14-applications-of-number-theory.ppt
14-applications-of-number-theory.ppt14-applications-of-number-theory.ppt
14-applications-of-number-theory.pptIdcIdk1
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkNisheed KM
 

Similar to Timing Attack paper--pres--v.01 (20)

rsa.ppt
rsa.pptrsa.ppt
rsa.ppt
 
rsa.ppt
rsa.pptrsa.ppt
rsa.ppt
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Ntewrok secuirty cs7
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7
 
Digital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signaturesDigital Signatures: Reassessing security of randomizable signatures
Digital Signatures: Reassessing security of randomizable signatures
 
RSA
RSARSA
RSA
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted Data
 
implementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.pptimplementing the encryption in the JAVA.ppt
implementing the encryption in the JAVA.ppt
 
Kleptography
KleptographyKleptography
Kleptography
 
Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...Public-Key Cryptography.pdfWrite the result of the following operation with t...
Public-Key Cryptography.pdfWrite the result of the following operation with t...
 
Technology, Process, and Strategy
Technology, Process, and StrategyTechnology, Process, and Strategy
Technology, Process, and Strategy
 
RSA.pptx
RSA.pptxRSA.pptx
RSA.pptx
 
An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)An Analysis of Secure Remote Password (SRP)
An Analysis of Secure Remote Password (SRP)
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
 
New ppt.ppt
New ppt.pptNew ppt.ppt
New ppt.ppt
 
14-applications-of-number-theory.ppt
14-applications-of-number-theory.ppt14-applications-of-number-theory.ppt
14-applications-of-number-theory.ppt
 
TLS/SSL Internet Security Talk
TLS/SSL Internet Security TalkTLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
 

Recently uploaded

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Timing Attack paper--pres--v.01

  • 1. Timing Attacks • Prepared By : *Anas Za’za’ • Dr. Adwan Yasin. • COMPUTER SECURITY.
  • 2. Timing Attacks : side-channel attack based on measuring the length of time it takes to digitally sign a message(respond it)
  • 3. Network Timing Attack Regular Client Server [Web,SSL] 1. ClientHello 2. ServerHello (send public key) 3. ClientKeyExchange
  • 4. Attack Attack Client Server 1. ClientHello 2. ServerHello (send public key) 3. Record time t1 Send guess g or ghi 4. Alert 5. Record time t2 Compute t2 –t1
  • 5. a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
  • 6. Trick AAAAAAAAAA BAAAAAAAAA CAAAAAAAAA DAAAAAAAAA ... XAAAAAAAAA YAAAAAAAAA ZAAAAAAAAA
  • 7. a = "ABCD" b = "ABBA" for (i = 0; i < a.length; i++) { if (a[i] != b[i]) return false; } return true;
  • 8. Reform The Code match = true; for (i = 0; i < a.length; i++) { if (a[i] != b[i]) match := false; } return match;
  • 9. Reform The Code 2 match = 0; for (i = 0; i < a.length; i++) { match = match or (a[i] xor b[i]); } return match == 0; A B OUTPUT A XOR B 0 0 0 0 1 1 1 0 1 1 1 0
  • 10. Attack on OpenSSL OpenSSL: an open source cryptographic library used in web servers and other SSL applications.
  • 11. RSA Key generation: • Generate large primes p, q • Compute n=pq and (n)=(p-1)(q-1) • Choose small e, relatively prime to (n) • Compute unique d such that ed = 1 mod (n) Public key = (e,n); private key = d Security relies on the assumption that it is difficult to compute roots modulo n without knowing p and q Encryption of p (simplified!): c = pe mod n Decryption of c: cd mod n = (pe)d mod n = m
  • 12. Timing Attack on RSA • Initial guess g for q • Try all possible guesses for the top few bits • Suppose we know i-1 top bits of q. Goal: ith bit. • Set g =<known i-1 bits of q>000000 • Set ghi=<known i-1 bits of q>100000 - note: g<ghi • If g<q<ghi then the ith bit of q is 0 • If g<ghi<q then the ith bit of q is 1 • Goal: decide whether g<q<ghi or g<ghi<q Let ‘g’ be a guess as to the value of q Let ghi be the same value as g, with the i'th bit
  • 13. slide 13 Two Possibilities for ghi Decryption time #Reductions Mult routine ghi Difference in decryption times ? between g and ghi will be small q g ghi? Value of ciphertext Difference in decryption times between g and ghi will be large D=|t1-t2|. If D is large then g<q<ghi and i’th bit of q is 0, otherwise the bit is 1.
  • 14. RSA Blinding • Decrypt random number related to c: 1. Before decryption compute x’ = c*re mod N, r is random 2. p’ = Decrypt x’ 3. Calculate p = p’/r mod N • Since r is random, the decryption time should be random • 2-10% performance penalty