We present a federated analysis of communication protocols which considers both security properties and timing. These are not entirely independent observations of a protocol; by using timing observations of an executing protocol it is possible to calculate encryption keys which were intended to be secret or to deduce derived information about the nature of the communication even in the presence...

We introduce a new type of timing attack which enables the factorization of an RSA-modulus if the exponentiation with the secret exponent uses the Chinese Remainder Theorem and Montgomery’s algorithm. Its standard variant assumes that both exponentiations are carried out with a simple square and multiply algorithm. However, although its efficiency decreases, our attack can also be adapted to mo...

Microarchitectural attacks have gained popularity in recent years since they use only standard resources, e.g. memory and cache access timing. Such privileges are available to applications at the lowest privilege levels. Further, microarchitectural attacks have proven successful on shared cloud instances across VMs, on smartphones with sandboxing, and on numerous embedded platforms. Given the r...

Introduction Familial Mediterranean fever (FMF), the most common of the hereditary autoinflammatory diseases, is characterized by recurrent self-limiting attacks of fever and/ or serositis accompanied with acute phase response. Recurrence of attacks does not show a clear periodicity, and its timing is usually unpredictable. Little is known about the factors triggering or precipitating the attac...

An important class of remotely applicable security attacks concerns time. You can attack somebody by making their algorithms run in their worst-case behavior rather than common-case behavior. Likewise, the processing time can disclose a secret. If an attacker can observe the time it takes for somebody to process a request, an attacker may learn something about the internal state. The first part...

A network flow watermarking scheme attempts to manipulate the statistical properties of a flow of packets to insert a “mark” making it easier to detect the flow after passing through one or more relay hosts. Because an attacker that is willing to tolerate delay can (nearly) always eliminate such marks, recent schemes have concentrated on making the marks “invisible” so that a passive attacker c...

Information flow control allows untrusted code to access sensitive and trustworthy information without leaking this information. However, the presence of covert channels subverts this security mechanism, allowing processes to communicate information in violation of IFC policies. In this paper, we show that concurrent deterministic IFC systems that use time-based scheduling are vulnerable to a c...

Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where expected, for example, they may allow to add data in a colum...

In this paper we introduce a trace-based tunnel that is resistant to traffic analysis in the sense that it provides deniability to users that a specific web page was fetched given that a packet trace is observed on the tunnel. We present a scheduler design for managing the transmission of traces to satisfy user traffic demand while maintaining reasonably low delay and throughput overhead due to...

Attacks on cryptosystem implementations (e.g. security fault injection, timing analysis and differential power analysis) are amongst the most exciting developments in cryptanalysis of the past decade. Altering the internal state of a cryptosystem or profiling the system’s computational dynamics can be used to gain a huge amount of information. This paper shows how fault injection and timing ana...