Timing Attacks are cryptographic attacks that exploit differences in operation execution time to extract sensitive information, such as private keys or encrypted data.

What are Timing Attacks?

Timing attacks are a class of side-channel attacks that measure the time it takes to execute cryptographic operations to infer information about the processed data, especially private keys.

Main Characteristics

Time Exploitation

  • Measurement: Precise execution time measurement
  • Differences: Exploitation of temporal differences
  • Inference: Inference of sensitive information
  • Statistics: Statistical analysis of measurements

Common Vulnerabilities

  • Comparisons: Insecure string comparisons
  • Conditional Operations: Operations that depend on secret data
  • Memory Access: Memory access based on secret data
  • Optimizations: Compiler optimizations

Impact

  • Private Keys: Private key extraction
  • Sensitive Data: Sensitive data disclosure
  • Authentication: Authentication system bypass
  • Integrity: Integrity compromise

Types of Timing Attacks

Simple Timing Attacks

  • Direct Comparison: Direct time measurement
  • Statistical Analysis: Basic statistical analysis
  • Patterns: Temporal pattern identification
  • Inference: Information inference

Differential Timing Attacks

  • Multiple Measurements: Multiple time measurements
  • Comparative Analysis: Comparison between measurements
  • Correlation: Correlation with known data
  • Precision: Greater extraction precision

Adaptive Timing Attacks

  • Dynamic Adjustment: Dynamic parameter adjustment
  • Learning: Pattern learning
  • Optimization: Attack optimization
  • Efficiency: Greater extraction efficiency

Technical Implementation

Basic Timing Attack

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

import time
import random
import statistics
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

class VulnerableImplementation:
    def __init__(self):
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=1024
        )
        self.public_key = self.private_key.public_key()
    
    def vulnerable_string_compare(self, a, b):
        """String comparison vulnerable to timing attack"""
        if len(a) != len(b):
            return False
        
        for i in range(len(a)):
            if a[i] != b[i]:
                return False
            time.sleep(0.001)  # Simulate expensive operation
        
        return True
    
    def vulnerable_rsa_decrypt(self, ciphertext):
        """RSA decryption vulnerable to timing attack"""
        start_time = time.time()
        
        # Simulate operation that takes longer with bits in 1
        result = 1
        exponent = self.private_key.private_numbers().private_exponent
        
        for bit in bin(exponent)[2:]:
            if bit == '1':
                time.sleep(0.001)  # Simulate expensive operation
            result = (result * result) % self.private_key.private_numbers().public_numbers.n
        
        end_time = time.time()
        execution_time = end_time - start_time
        
        return result, execution_time

class TimingAttack:
    def __init__(self, target):
        self.target = target
        self.measurements = []
    
    def measure_timing(self, input_data, num_samples=1000):
        """Measure execution time"""
        times = []
        
        for _ in range(num_samples):
            start_time = time.time()
            self.target.vulnerable_string_compare(input_data, "secret_password")
            end_time = time.time()
            times.append(end_time - start_time)
        
        return times
    
    def analyze_timing(self, times):
        """Analyze time measurements"""
        mean_time = statistics.mean(times)
        std_time = statistics.stdev(times)
        min_time = min(times)
        max_time = max(times)
        
        return {
            'mean': mean_time,
            'std': std_time,
            'min': min_time,
            'max': max_time,
            'range': max_time - min_time
        }
    
    def attack_string_compare(self, known_prefix, max_length=20):
        """Attack string comparison"""
        result = known_prefix
        
        for pos in range(len(known_prefix), max_length):
            best_char = None
            best_time = 0
            
            for char in range(256):
                test_string = result + chr(char)
                times = self.measure_timing(test_string, 100)
                avg_time = statistics.mean(times)
                
                if avg_time > best_time:
                    best_time = avg_time
                    best_char = chr(char)
            
            if best_char:
                result += best_char
            else:
                break
        
        return result

# Usage example
vulnerable = VulnerableImplementation()
attacker = TimingAttack(vulnerable)

# Measure comparison time
times = attacker.measure_timing("test_password")
analysis = attacker.analyze_timing(times)
print(f"Time analysis: {analysis}")

# Attack string comparison
known_prefix = "secret_"
result = attacker.attack_string_compare(known_prefix)
print(f"Extracted string: {result}")

Timing Attack on RSA

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

class RSATimingAttack:
    def __init__(self, target_rsa):
        self.target = target_rsa
        self.measurements = []
    
    def measure_rsa_timing(self, ciphertext, num_samples=1000):
        """Measure RSA decryption time"""
        times = []
        
        for _ in range(num_samples):
            _, exec_time = self.target.vulnerable_rsa_decrypt(ciphertext)
            times.append(exec_time)
        
        return times
    
    def attack_rsa_key(self, ciphertext, key_size=1024):
        """Attack RSA key using timing"""
        # Get time measurements
        times = self.measure_rsa_timing(ciphertext, 1000)
        base_time = statistics.mean(times)
        
        # Attempt to extract key bits
        recovered_bits = []
        
        for bit_pos in range(key_size):
            # Create ciphertext that activates bit at position bit_pos
            test_ciphertext = self.create_test_ciphertext(bit_pos)
            
            # Measure time
            test_times = self.measure_rsa_timing(test_ciphertext, 100)
            test_time = statistics.mean(test_times)
            
            # Determine if bit is 1 or 0
            if test_time > base_time * 1.1:  # Empirical threshold
                recovered_bits.append(1)
            else:
                recovered_bits.append(0)
        
        return recovered_bits
    
    def create_test_ciphertext(self, bit_position):
        """Create test ciphertext"""
        # Simplified implementation
        return 2 ** bit_position

# Usage example
rsa_attacker = RSATimingAttack(vulnerable)
recovered_bits = rsa_attacker.attack_rsa_key(12345)
print(f"Recovered bits: {recovered_bits[:10]}...")  # Show first 10 bits

Timing Attack on HMAC

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

class HMACTimingAttack:
    def __init__(self, target_hmac):
        self.target = target_hmac
        self.measurements = []
    
    def measure_hmac_timing(self, message, num_samples=1000):
        """Measure HMAC verification time"""
        times = []
        
        for _ in range(num_samples):
            start_time = time.time()
            self.target.verify_hmac(message, "expected_hmac")
            end_time = time.time()
            times.append(end_time - start_time)
        
        return times
    
    def attack_hmac(self, known_prefix, max_length=32):
        """Attack HMAC using timing"""
        result = known_prefix
        
        for pos in range(len(known_prefix), max_length):
            best_char = None
            best_time = 0
            
            for char in range(256):
                test_message = result + chr(char)
                times = self.measure_hmac_timing(test_message, 100)
                avg_time = statistics.mean(times)
                
                if avg_time > best_time:
                    best_time = avg_time
                    best_char = chr(char)
            
            if best_char:
                result += best_char
            else:
                break
        
        return result

class VulnerableHMAC:
    def __init__(self, secret_key):
        self.secret_key = secret_key
    
    def verify_hmac(self, message, expected_hmac):
        """HMAC verification vulnerable to timing attack"""
        # Simulate byte-by-byte verification
        for i in range(min(len(message), len(expected_hmac))):
            if message[i] != expected_hmac[i]:
                return False
            time.sleep(0.001)  # Simulate expensive operation
        
        return len(message) == len(expected_hmac)

# Usage example
vulnerable_hmac = VulnerableHMAC("secret_key")
hmac_attacker = HMACTimingAttack(vulnerable_hmac)

# Attack HMAC
known_prefix = "user="
result = hmac_attacker.attack_hmac(known_prefix)
print(f"Extracted HMAC: {result}")

Countermeasures

Constant Time Comparison

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

import hmac
import hashlib

class SecureImplementation:
    def __init__(self):
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=1024
        )
        self.public_key = self.private_key.public_key()
    
    def constant_time_string_compare(self, a, b):
        """Constant time string comparison"""
        if len(a) != len(b):
            return False
        
        result = 0
        for x, y in zip(a, b):
            result |= ord(x) ^ ord(y)
        
        return result == 0
    
    def constant_time_hmac_verify(self, message, expected_hmac, secret_key):
        """Constant time HMAC verification"""
        # Calculate real HMAC
        real_hmac = hmac.new(
            secret_key.encode(),
            message.encode(),
            hashlib.sha256
        ).hexdigest()
        
        # Compare with constant time
        return self.constant_time_string_compare(real_hmac, expected_hmac)
    
    def constant_time_rsa_decrypt(self, ciphertext):
        """Constant time RSA decryption"""
        # Constant time implementation
        result = 1
        base = ciphertext
        exponent = self.private_key.private_numbers().private_exponent
        modulus = self.private_key.private_numbers().public_numbers.n
        
        # Modular exponentiation algorithm with constant time
        while exponent > 0:
            if exponent & 1:
                result = (result * base) % modulus
            base = (base * base) % modulus
            exponent >>= 1
        
        return result

# Usage example
secure = SecureImplementation()

# Secure comparison
result = secure.constant_time_string_compare("hello", "hello")
print(f"Secure comparison: {result}")

# Secure HMAC
hmac_result = secure.constant_time_hmac_verify(
    "test_message", 
    "expected_hmac", 
    "secret_key"
)
print(f"Secure HMAC: {hmac_result}")

Time Masking

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

import random
import time

class TimeMasking:
    def __init__(self, base_delay=0.001, jitter_range=0.0005):
        self.base_delay = base_delay
        self.jitter_range = jitter_range
    
    def add_timing_jitter(self, operation):
        """Add temporal jitter to mask timing"""
        # Calculate random jitter
        jitter = random.uniform(-self.jitter_range, self.jitter_range)
        total_delay = self.base_delay + jitter
        
        # Add delay
        time.sleep(total_delay)
        
        return operation
    
    def constant_time_operation(self, operation, min_time=0.01):
        """Operation with minimum constant time"""
        start_time = time.time()
        
        # Execute operation
        result = operation()
        
        # Calculate elapsed time
        elapsed_time = time.time() - start_time
        
        # Add delay if necessary
        if elapsed_time < min_time:
            time.sleep(min_time - elapsed_time)
        
        return result

# Usage example
time_masking = TimeMasking()

def sensitive_operation():
    """Sensitive operation that needs protection"""
    return "sensitive_result"

# Operation with masking
result = time_masking.add_timing_jitter(sensitive_operation)
print(f"Result with masking: {result}")

# Operation with constant time
result = time_masking.constant_time_operation(sensitive_operation)
print(f"Result with constant time: {result}")

Analysis Tools

High Precision Time Measurement

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

import time
import statistics
import matplotlib.pyplot as plt

class HighPrecisionTiming:
    def __init__(self):
        self.measurements = []
    
    def measure_high_precision(self, operation, num_samples=10000):
        """High precision measurement"""
        times = []
        
        for _ in range(num_samples):
            start_time = time.perf_counter()
            operation()
            end_time = time.perf_counter()
            times.append(end_time - start_time)
        
        return times
    
    def analyze_timing_distribution(self, times):
        """Analyze timing distribution"""
        mean_time = statistics.mean(times)
        median_time = statistics.median(times)
        std_time = statistics.stdev(times)
        
        # Percentiles
        p25 = statistics.quantiles(times, n=4)[0]
        p75 = statistics.quantiles(times, n=4)[2]
        
        return {
            'mean': mean_time,
            'median': median_time,
            'std': std_time,
            'p25': p25,
            'p75': p75,
            'range': max(times) - min(times)
        }
    
    def visualize_timing(self, times, title="Timing Distribution"):
        """Visualize timing distribution"""
        plt.figure(figsize=(12, 6))
        plt.hist(times, bins=50, alpha=0.7)
        plt.title(title)
        plt.xlabel("Time (seconds)")
        plt.ylabel("Frequency")
        plt.grid(True)
        plt.show()

# Usage example
timing_analyzer = HighPrecisionTiming()

def test_operation():
    """Test operation"""
    time.sleep(0.001)
    return "result"

times = timing_analyzer.measure_high_precision(test_operation)
analysis = timing_analyzer.analyze_timing_distribution(times)
print(f"Timing analysis: {analysis}")

Best Practices

Secure Development

  • Constant Time: Use constant time operations
  • Comparisons: Secure string comparisons
  • Validation: Secure input validation
  • Testing: Timing tests

Implementation

  • Libraries: Use secure cryptographic libraries
  • Compilers: Secure compiler configuration
  • Optimizations: Disable dangerous optimizations
  • Documentation: Vulnerability documentation

Monitoring

  • Detection: Timing attack detection
  • Alerts: Alerts for suspicious patterns
  • Analysis: Continuous timing analysis
  • Response: Response to detected attacks
  • Side-Channel Attacks - Category that includes timing attacks
  • Cryptanalysis - Discipline that includes timing attacks
  • RSA - Algorithm vulnerable to timing attacks
  • AES - Algorithm vulnerable to timing attacks
  • Hash Functions - Algorithms vulnerable to timing attacks
  • CISO - Role that oversees timing attacks
  • General Cybersecurity - Discipline that includes timing attacks
  • Security Breaches - Incidents caused by timing attacks
  • Attack Vectors - Timing attacks as attack vector
  • Incident Response - Process that includes timing attacks
  • SIEM - System that detects timing attacks
  • SOAR - Automation that responds to timing attacks
  • EDR - Tool that protects against timing attacks
  • Firewall - Device that complements protection against timing attacks
  • VPN - Connection that can be vulnerable to timing attacks
  • Dashboards - Visualization of timing attack metrics
  • Logs - Timing attack logs

References