Abstract
Formal definitions of state-based and language-based security with respect to timing attacks are proposed and studied. Then various ways how to secure systems with respect to such attacks are discussed. First, we investigate time insertion functions. Conditions, when such functions exist and could protect systems, are investigated. Then we discuss the concept of supervisor control which can be used if there is no appropriate time insertion function to protect the systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
André, E., Lime, D., Marinho, D., Sun, J.: Guaranteeing timed opacity using parametric timed model checking. ACM Trans. Softw. Eng. Methodol. (2021). https://doi.org/10.1145/3502851
Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2006, pp. 201–215. Springer, Berlin (2006)
Bryans, J., Koutny, M., Mazare, L., Ryan, P.: Opacity generalised to transition systems. Int. J. Inf. Sec. 7, 421–435 (2008). https://doi.org/10.1007/11679219_7
Bryans, J.W., Koutny, M., Ryan, P.Y.: Modelling opacity using petri nets. Electronic Notes in Theoretical Computer Science 121, 101–115 (2005). https://doi.org/10.1016/j.entcs.2004.10.010. https://www.sciencedirect.com/science/article/pii/S1571066105000277. Proceedings of the 2nd International Workshop on Security Issues with Petri Nets and Other Computational Models (WISP 2004)
Dhem, J.F., Koeune, F., Leroux, P.A., Mestré, P., Quisquater, J.J., Willems, J.L.: A practical implementation of the timing attack. In: Quisquater, J.J., Schneier, B., (eds.), Smart Card Research and Applications, vol. 1820, pp. 167–182. Springer, Berlin (2000). https://doi.org/10.1007/10721064_15
Dubreil, J., Darondeau, P., Marchand, H.: Supervisory control for opacity. IEEE Trans. Autom. Control. 55(5), 1089–1100 (2010). https://doi.org/10.1109/TAC.2010.2042008
Focardi, R., Gorrieri, R., Lanotte, R., Maggiolo-Schettini, A., Martinelli, F., Tini, S., Tronci, E.: Formal models of timing attacks on web privacy. Electron. Notes Theor. Comput. Sci. 62, 229–243 (2001). https://doi.org/10.1016/S1571-0661(04)00329-9
Focardi, R., Gorrieri, R., Martinelli, F.: Information flow analysis in a discrete-time process algebra. In: Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13, pp. 170–184 (2000). https://doi.org/10.1109/CSFW.2000.856935
Gorrieri, R., Martinelli, F.: A simple framework for real-time cryptographic protocol analysis with compositional proof rules. Sci. Comput. Programm. 50, 23–49 (2004). https://doi.org/10.1016/j.scico.2004.01.001
Gruska, D.P.: Process opacity for timed process algebra. In:  Voronkov, A., Virbitskaite, I.B., (eds.), Perspectives of System Informatics - 9th International Ershov Informatics Conference, PSI 2014, St. Petersburg, Russia, June 24–27, 2014. Revised Selected Papers, Lecture Notes in Computer Science, vol. 8974, pp. 151–160. Springer (2014). https://doi.org/10.1007/978-3-662-46823-4_13
Gruska, D.P.: Dynamics security policies and process opacity for timed process algebras. In:  Mazzara, M., Voronkov, A., (eds.), Perspectives of System Informatics - 10th International Andrei Ershov Informatics Conference, PSI 2015, in Memory of Helmut Veith, Kazan and Innopolis, Russia, August 24–27, 2015, Revised Selected Papers, Lecture Notes in Computer Science, vol. 9609, pp. 149–157. Springer (2015). https://doi.org/10.1007/978-3-319-41579-6_12
Gruska, D.P.: Security and time insertion. In:  Manolopoulos, Y., Papadopoulos, G.A., Stassopoulou, A., Dionysiou, I., Kyriakides, I., Tsapatsoulis, N., (eds.), Proceedings of the 23rd Pan-Hellenic Conference on Informatics, PCI 2019, Nicosia, Cyprus, November 28–30, 2019, pp. 154–157. ACM (2019). https://doi.org/10.1145/3368640.3368668
Gruska, D.P.: Time insertion functions. In:  Bellatreche, L., Chernishev, G.A., Corral, A., Ouchani, S., Vain, J., (eds.), Advances in Model and Data Engineering in the Digitalization Era - MEDI 2021 International Workshops: DETECT, SIAS, CSMML, BIOC, HEDA, Tallinn, Estonia, June 21–23, 2021, Proceedings, Communications in Computer and Information Science, vol. 1481, pp. 181–188. Springer (2021). https://doi.org/10.1007/978-3-030-87657-9_14
Gruska, D.P., Ruiz, M.C.: Opacity-enforcing for process algebras. In:  Schlingloff, B., Akili, S., (eds.), Proceedings of the 27th International Workshop on Concurrency, Specification and Programming, Berlin, Germany, September 24–26, 2018, CEUR Workshop Proceedings, vol. 2240. CEUR-WS.org (2018). http://ceur-ws.org/Vol-2240/paper1.pdf
Gruska, D.P., Ruiz, M.C.: Process opacity and insertion functions. In:  Schlingloff, H., Vogel, T., (eds.), Proceedings of the 29th International Workshop on Concurrency, Specification and Programming (CS &P 2021), Berlin, Germany, September 27–28, 2021, CEUR Workshop Proceedings, vol. 2951, pp. 83–92. CEUR-WS.org (2021). http://ceur-ws.org/Vol-2951/paper7.pdf
Handschuh, H., Heys, H.M.: A timing attack on rc5. In: Proceedings of the Selected Areas in Cryptography, SAC ’98, pp. 306–318. Springer, Berlin (1998)
Hevia, A., Kiwi, M.: Strength of two data encryption standard implementations under timing attacks. ACM Trans. Inf. Syst. Secur. 2(4), 416–437 (1999). https://doi.org/10.1145/330382.330390
Jacob, R., Lesage, J.J., Faure, J.M.: Overview of discrete event systems opacity: models, validation, and quantification. Ann. Rev. Control 41, 135–146 (2016). https://doi.org/10.1016/j.arcontrol.2016.04.015. www.sciencedirect.com/science/article/pii/S1367578816300189
Ji, Y., Wu, Y.C., Lafortune, S.: Enforcement of opacity by public and private insertion functions. Automatica 93, 369–378 (2018). https://doi.org/10.1016/j.automatica.2018.03.041. www.sciencedirect.com/science/article/pii/S0005109818301286
Ji, Y., Yin, X., Lafortune, S.: Enforcing opacity by insertion functions under multiple energy constraints. Automatica 108, 108476 (2019). https://doi.org/10.1016/j.automatica.2019.06.028. www.sciencedirect.com/science/article/pii/S0005109819303243
Keroglou, C., Lafortune, S.: Embedded insertion functions for opacity enforcement. IEEE Trans. Autom. Control 66(9), 4184–4191 (2021). https://doi.org/10.1109/TAC.2020.3037891
Keroglou, C., Ricker, L., Lafortune, S.: Insertion functions with memory for opacity enforcement. IFAC-PapersOnLine 51(7), 394–399 (2018). https://doi.org/10.1016/j.ifacol.2018.06.331. www.sciencedirect.com/science/article/pii/S240589631830661X. 14th IFAC Workshop on Discrete Event Systems WODES 2018
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) Advances in Cryptology – CRYPTO ’96, pp. 104–113. Springer, Berlin (1996)
Koeune, F., Koeune, F., Quisquater, J.J., jacques Quisquater, J.: A timing attack against Rijndael. Tech. rep., Technical Report CG-1999/1 (1999)
Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: 23rd IEEE Computer Security Foundations Symposium, pp. 44–56 (2010). https://doi.org/10.1109/CSF.2010.11
Milner, R.: Communication and Concurrency. Prentice-Hall Inc, USA (1989)
Ramadge, P., Wonham, W.: The control of discrete event systems. Proc. IEEE 77(1), 81–98 (1989). https://doi.org/10.1109/5.21072
Rashidinejad, A., Reniers, M., Fabian, M.: Supervisory control synthesis of timed automata using forcible events (2021). https://arxiv.org/abs/2102.09338
Rebeiro, C., Mukhopadhyay, D.: A formal analysis of prefetching in profiled cache-timing attacks on block ciphers. J. Cryptol. 34, 21 (2015)
Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, SSYM’01. USENIX Association, USA (2001)
Tong, Y., Li, Z., Seatzu, C., Giua, A.: Current-state opacity enforcement in discrete event systems under incomparable observations. Discret. Event Dyn. Syst. 28(2), 161–182 (2018). https://doi.org/10.1007/s10626-017-0264-7
Tong, Y., Ma, Z., Li, Z., Seatzu, C., Giua, A.: Supervisory enforcement of current-state opacity with uncomparable observations. In: 2016 13th International Workshop on Discrete Event Systems (WODES), pp. 313–318 (2016). https://doi.org/10.1109/WODES.2016.7497865
Wu, Y.C., Lafortune, S.: Enforcement of opacity properties using insertion functions. In: 2012 IEEE 51st IEEE Conference on Decision and Control (CDC), pp. 6722–6728 (2012). https://doi.org/10.1109/CDC.2012.6426760
Yin, X., Lafortune, S.: A new approach for synthesizing opacity-enforcing supervisors for partially-observed discrete-event systems. In: American Control Conference, ACC 2015, Chicago, IL, USA, July 1–3, 2015, pp. 377–383. IEEE (2015). https://doi.org/10.1109/ACC.2015.7170765
Acknowledgements
This work was supported by the Slovak Research and Development Agency under the Contract no. APVV-19-0220 (ORBIS).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gruska, D.P. (2023). Security Enforcing. In: Schlingloff, BH., Vogel, T., Skowron, A. (eds) Concurrency, Specification and Programming. Studies in Computational Intelligence, vol 1091. Springer, Cham. https://doi.org/10.1007/978-3-031-26651-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-26651-5_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26650-8
Online ISBN: 978-3-031-26651-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)