This paper presents a timing attack on the FIDO2 (Fast IDentity Online) authentication protocol that allows attackers to link user accounts stored in vulnerable authenticators, serious privacy concern. is new standard specified by FIDO industry alliance for secure token online authentication. It complements W3C WebAuthn specification providing means use USB or other authenticator (which holds s...

Virtualization has become of increasing importance for the security of embedded systems during the last years. One of the major threats to this security is posed by side channel attacks. In this work, Bernstein’s time-driven cache-based timing attack against AES is revisited in a virtualization security scenario and the PikeOS micro kernel system is presented. A novel countermeasure against tim...

In timing attack, a class of side channel attack, the attacker attempts to break a cryptographic algorithm by timing the operations of a specific system. Several studies on different types of timing attacks have been published, but they are either theoretical or hard to put into practice. To improve the feasibility of timing attack, the current study proposes an improved timing attack scheme on...

In military planning, it is important to be able to estimate not only the number of fatalities but how often attacks that result in fatalities will take place. We uncovered a simple dynamical pattern that may be used to estimate the escalation rate and timing of fatal attacks. The time difference between fatal attacks by insurgent groups within individual provinces in both Afghanistan and Iraq,...

The duration of floating-point instructions is a known timing side channel that has been used to break SameOrigin Policy (SOP) privacy on Mozilla Firefox and the Fuzz differentially private database. Several defenses have been proposed to mitigate these attacks. We present detailed benchmarking of floating point performance for various operations based on operand values. We identify families of...

Since many existing security systems can be broken with timing attacks, I am releasing this preliminary abstract to alert vendors and users. Research in this area is still in progress. Abstract. Cryptosystems often take slightly diierent amounts of time to process diierent messages. With network-based cryptosystems, cryptographic tokens, and many other applications, attackers can measure the am...

Side-channel attacks are a serious threat to multi-tenant public clouds. Past work showed how secret information in one virtual machine (VM) can be leaked to another, co-resident VM using timing side channels. Recent defenses against timing side channels focus on reducing the degree of resource sharing. However, such defenses necessarily limit the flexibility with which resources are shared. In...

This paper shows the great potential of lightweight cryptography in fast and timing-attack resistant software implementations in cloud computing by exploiting bitslice implementation. This is demonstrated by bitslice implementations of the PRESENT and Piccolo lightweight block ciphers. In particular, bitsliced PRESENT-80/128 achieves 4.73 cycles/byte and Piccolo-80 achieves 4.57 cycles/byte inc...