A side channel attack is a means of security attacks thattries to restore secret information by analyzing side-information such aselectromagnetic wave, heat, electric energy and running time that are unin-tentionally emitted from a computer system. The side channel attack thatfocuses on the running time of a cryptosystem is specifically named a “tim-ing attack”. Timing attacks are relatively easy to carry out, and particularlythreatening for tiny systems that are used in smart cards and IoT devicesbecause the system is so simple that the processing time would be clearlyobserved from the outside of the card/device. The threat of timing attacksis especially serious when an attacker actively controls the input to a targetprogram. Countermeasures are studied to deter such active attacks, but theattacker still has the chance to learn something about the concealed infor-mation by passively watching the running time of the target program. Therisk of passive timing attacks can be measured by the mutual informationbetween the concealed information and the running time. However, thecomputation of the mutual information is hardly possible except for toy ex-amples. This study focuses on three algorithms for RSA decryption, derivesformulas of the mutual information under several assumptions and approx-imations, and calculates the mutual information numerically for practicalsecurity parameters.
展开▼