Timing-Sensitive Information Flow Analysis for Synchronous Systems

  • Boris Köpf
  • David Basin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)


Timing side channels are a serious threat to the security of cryptographic algorithms. This paper presents a novel method for the timing-sensitive analysis of information flow in synchronous hardware circuits. The method is based on a parameterized notion of confidentiality for finite transition systems that allows one to model information leakage in a fine-grained way. We present an efficient decision procedure for system security and apply it to discover timing leaks in nontrivial hardware implementations of cryptographic algorithms.


Clock Cycle Cryptographic Algorithm Synchronous System Partial Partition Deterministic Automaton 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agat, J.: Transforming out Timing Leaks. In: Proc. POPL 2000, pp. 40–53 (2000)Google Scholar
  2. 2.
    Barthe, G., D’Argenio, P., Rezk, T.: Secure Information Flow by Self-Composition. In: Proc. CSFW 2004, pp. 100–114 (2004)Google Scholar
  3. 3.
    Barthe, G., Rezk, T., Warnier, M.: Preventing Timing Leaks Through Transactional Branching Instructions. In: Proc. QAPL 2005 (2005)Google Scholar
  4. 4.
    Boneh, D., Brumley, D.: Remote Timing Attacks are Practical. In: Proc. USENIX Security Symposium 2003 (2003)Google Scholar
  5. 5.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative Information Flow, Relations and Polymorphic Types. J. Log. Comput. 18(2), 181–199 (2005)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Davio, M., Deschamps, J.P., Thayse, A.: Digital Systems with Algorithm Implementation. John Wiley & Sons, Inc., Chichester (1983)MATHGoogle Scholar
  7. 7.
    Focardi, R., Gorrieri, R., Martinelli, F.: Information Flow Analysis in a Discrete-Time Process Algebra. In: Proc. CSFW 2000, pp. 170–184 (2000)Google Scholar
  8. 8.
    Focardi, R., Rossi, S., Sabelfeld, A.: Bridging language-based and process calculi security. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 299–315. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Giacobazzi, R., Mastroeni, I.: Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: Proc. POPL 2004, pp. 186–197 (2004)Google Scholar
  10. 10.
    Giacobazzi, R., Mastroeni, I.: Timed Abstract Non-interference. In: Pettersson, P., Yi, W. (eds.) FORMATS 2005. LNCS, vol. 3829, pp. 289–303. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Kanellakis, P., Smolka, S.: CCS Expressions, Finite State Processes, and Three Problems of Equivalence. Information and Computation 86, 43–68 (1990)MATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Köpf, B., Basin, D.: Timing-Sensitive Information Flow Analysis for Synchronous Systems. Technical Report 526, ETH Zürich (2006)Google Scholar
  14. 14.
    Köpf, B., Mantel, H.: Eliminating implicit information leaks by transformational typing and unification. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 47–62. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Lowe, G.: Quantifying Information Flow. In: Proc. CSFW 2002, pp. 18–31 (2002)Google Scholar
  16. 16.
    McLean, J.D.: A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions. In: Proc. IEEE Symp. on Security and Privacy 1994, pp. 79–93 (1994)Google Scholar
  17. 17.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  18. 18.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Paige, R., Tarjan, R.E.: Three Partition Refinement Algorithms. SIAM J. Comput. 6(16), 973–989 (1987)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Puschner, P., Burns, A.: A Review of Worst-Case Execution-Time Analysis. Real-Time Systems 18(2/3), 115–128 (2000)CrossRefGoogle Scholar
  21. 21.
    Sabelfeld, A., Myers, A.C.: Language-based Information-Flow Security. J. Selected Areas in Communication 21(1), 5–19 (2003)CrossRefGoogle Scholar
  22. 22.
    Sabelfeld, A., Sands, D.: Probabilistic Noninterference for Multi-threaded Programs. In: Proc. CSFW 2000, pp. 200–215 (2000)Google Scholar
  23. 23.
    Sabelfeld, A., Sands, D.: A PER Model of Secure Information Flow in Sequential Programs. Higher-Order and Symbolic Computation 14(1), 59–91 (2001)MATHCrossRefGoogle Scholar
  24. 24.
    Schaumont, P., Verbauwhede, I.: Domain-Specific Codesign for Embedded Security. IEEE Computer 36(4), 68–74 (2003)Google Scholar
  25. 25.
    Schaumont, P., Verbauwhede, I.: The Descriptive Power of GEZEL. Technical report (2005)Google Scholar
  26. 26.
    Smith, G., Volpano, D.: Secure Information Flow in a Multi-Threaded Imperative Language. In: Proc. POPL 1998, pp. 355–364 (1998)Google Scholar
  27. 27.
    Tolstrup, T., Nielson, F.: Analyzing for Absence of Timing Leaks in VHDL. In: Proc. WITS 2006 (to appear)Google Scholar
  28. 28.
    Tolstrup, T.K., Nielson, F., Riis Nielson, H.: Information Flow Analysis for VHDL. In: Malyshkin, V.E. (ed.) PaCT 2005. LNCS, vol. 3606, pp. 79–98. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    Volpano, D., Smith, G.: Eliminating Covert Flows with Minimum Typings. In: Proc. CSFW 1997, pp. 156–168 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Boris Köpf
    • 1
  • David Basin
    • 1
  1. 1.Information SecurityETH ZurichSwitzerland

Personalised recommendations