NetSec ◬ est. February 2019.

Acta #009

2021 January 8
(Side Channel) (Timing Attack) (USENIX) (CVE-2021-3011)

Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections
29th USENIX Security Symposium, 2020 [PDF, Info]


To perform successful remote timing attacks, an adversarytypically collects a series of network timing measurementsand subsequently performs statistical analysis to reveal a dif-ference in execution time. The number of measurements thatmust be obtained largely depends on the amount of jitter thatthe requests and responses are subjected to. In remote tim-ing attacks, a significant source of jitter is the network pathbetween the adversary and the targeted server, making it prac-tically infeasible to successfully exploit timing side-channelsthat exhibit only a small difference in execution time.

In this paper, we introduce a conceptually novel type of tim-ing attack that leverages the coalescing of packets by networkprotocols and concurrent handling of requests by applica-tions. These concurrency-based timing attacks infer a relativetiming difference by analyzing the order in which responsesare returned, and thus do not rely on any absolute timing in-formation. We show how these attacks result in a 100-foldimprovement over typical timing attacks performed over theInternet, and can accurately detect timing differences as smallas 100ns, similar to attacks launched on a local system. Wedescribe how these timing attacks can be successfully de-ployed against HTTP/2 webservers, Tor onion services, andEAP-pwd, a popular Wi-Fi authentication method.

A Side Journey to Titan: Side-Channel Attack on the Google Titan Security Key, 2021 [PDF Info]


The Google Titan Security Key is a FIDO U2F hardware device proposed by Google (available since July 2018) as a two-factor authentication token to sign in to applications (e.g. your Google account). Our work describes a side-channel attack that targets the Google Titan Security Key’s secure element (the NXP A700X chip) by the observation of its local electromagnetic radiations during ECDSA signatures (the core cryptographic operation of the FIDO U2F protocol). In other words, an attacker can create a clone of a legitimate Google Titan Security Key.

To understand the NXP ECDSA implementation, find a vulnerability and design a key-recovery attack, we had to make a quick stop on Rhea (NXP J3D081 JavaCard smartcard). Freely available on the web, this product looks very much like the NXP A700X chip and uses the same cryptographic library. Rhea, as an open JavaCard platform, gives us more control to study the ECDSA engine.

We could then show that the electromagnetic side-channel signal bears partial information about the ECDSA ephemeral key. The sensitive information is recovered with a non-supervised machine learning method and plugged into a customized lattice-based attack scheme.

Finally, 4000 ECDSA observations were enough to recover the (known) secret key on Rhea and validate our attack process. It was then applied on the Google Titan Security Key with success (this time by using 6000 observations) as we were able to extract the long term ECDSA private key linked to a FIDO U2F account created for the experiment.

Last Updated on 9 Apr 2021 (CC BY-SA 4.0)