Time Is Not Enough: Timing Leakage Analysis on Cryptographic Chips via Plaintext-Ciphertext Correlation in Non-Timing Channel

• Published in: IEEE transactions on information forensics and security Vol. 19; pp. 8544 - 8558
• Main Authors: Wei, Congming, Hong, Guangze, Wang, An, Wang, Jing, Sun, Shaofei, Ding, Yaoling, Zhu, Liehuang, Ma, Wenrui
• Format: Journal Article
• Language: English
• Published: IEEE 2024
• Subjects: Correlation; IEC Standards; ISO Standards; plaintext-ciphertext correlation; side-channel analysis; Testing; Time measurement; Timing; Timing analysis; timing leakage
• ISSN: 1556-6013; 1556-6021
• DOI: 10.1109/TIFS.2024.3449119

In side-channel testing, the standard timing analysis works when the vendor can provide a measurement to indicate the execution time of cryptographic algorithms. In this paper, we find that there exists timing leakage in power/electromagnetic channels, which is often ignored in traditional timing analysis. Hence a new method of timing analysis is proposed to deal with the case where execution time is not available. Different execution time leads to different execution intervals, affecting the locations of plaintext and ciphertext transmission. Our method detects timing leakage by studying changes in plaintext-ciphertext correlation when traces are aligned forward and backward. Experiments are then carried out on different cryptographic devices. Furthermore, we propose an improved timing analysis framework which gives appropriate methods for different scenarios.