Timing attacks against user logon and network I/O
First Claim
1. A method for classifying characters within a character string, comprising:
- logging interrupts;
checking a time between interrupts;
checking an interrupt duration; and
classifying the characters within the character string based upon said time between interrupts and said interrupt duration.
1 Assignment
0 Petitions
Accused Products
Abstract
In a first aspect of the invention, method for classifying characters within a character string entered via a keyboard device includes logging interrupts, checking a time between interrupts, checking an interrupt duration and classifying the characters within the character string based upon the time between interrupts and the interrupt duration. In a second aspect of the invention, a method for protecting against timing attacks against a trusted path mechanism includes employing a multithreaded process with a first thread to prevent any timing Trojan horses from running, running the first thread in a loop at a first priority and preventing unprivileged processes from obtaining a priority higher than the first priority.
-
Citations
27 Claims
-
1. A method for classifying characters within a character string, comprising:
-
logging interrupts;
checking a time between interrupts;
checking an interrupt duration; and
classifying the characters within the character string based upon said time between interrupts and said interrupt duration.
-
-
2. A method for determining whether consecutively entered keyboard characters are from the same timing equivalence class, comprising:
-
determining a cache miss average time;
determining a cache hit average time;
determining a threshold based upon said cache miss average time and said cache hit average time;
reading a first character;
clearing cache after said reading a first character;
reading a second character after said clearing cache;
determining a processing time for said reading a second character; and
indicating whether said first character and said second character are from the same timing equivalence class based upon said threshold and said processing time.
-
-
3. A method for determining whether consecutively entered keyboard characters are from the same timing equivalence class, comprising:
-
reading a first character;
clearing cache after said reading a first character;
reading a second character after said clearing cache;
determining a processing time for said reading a second character; and
indicating whether said first character and said second character are from the same timing equivalence class based upon a predetermined threshold and said processing time.
-
-
4. A method for classifying characters within a character string, comprising:
-
determining a first classification of a plurality of characters based on a first character string application processing time;
determining a second classification of said plurality of characters based on a second character string application processing time; and
determining a third classification of said plurality of characters based upon the combination of said first classification and said second classification.
-
-
5. A method for identifying the equivalence class of consecutively entered keyboard characters in an n-character string, comprising:
-
clearing a cache after character n-l is read;
testing each equivalence class to determine which equivalence class includes character i; and
identifying the equivalence class of characters in a string comprising characters 1 to n-1.
-
-
6. A method for protecting against timing attacks against a trusted path mechanism, comprising:
-
requiring computer user passwords comprising at least twenty-eight characters;
selecting said password characters such that at most one character is within eight keys of the number one (“
1”
) key; and
selecting said password characters such that at most one character is within eight keys of the forward slash (“
/”
) key. - View Dependent Claims (7)
-
-
8. A method for protecting against timing attacks against a trusted path mechanism, comprising:
-
requiring new computer user passwords at least every two months; and
enforcing a relatively strong password policy. - View Dependent Claims (9)
-
-
10. A method for protecting against timing attacks against a trusted path mechanism, comprising:
-
configuring a computer system for Trojan horse non-persistence; and
enforcing a relatively strong password policy. - View Dependent Claims (11)
-
-
12. A method for protecting against timing attacks against a trusted path mechanism, comprising:
modifying a trusted path mechanism implementation to be a multithreaded process comprising a first thread to prevent any timing Trojan horses from running, said first thread running in a loop at a relatively high priority. - View Dependent Claims (13)
-
14. A method for protecting against timing attacks against a trusted path mechanism, comprising:
-
employing a multithreaded process comprising a first thread to prevent any timing Trojan horses from running;
running said first thread in a loop at a first priority; and
prohibiting unprivileged processes from obtaining a priority higher than said first priority. - View Dependent Claims (15, 16)
-
-
17. A method for protecting against timing attacks against a trusted path mechanism, comprising:
employing a network user authentication protocol including a public key algorithm. - View Dependent Claims (18)
-
19. A method for protecting against timing attacks against a trusted path mechanism, comprising:
-
encrypting a computer user private key in a password;
storing said computer user private key on a tamper-proof smart card; and
issuing a tamper-proof smart card containing a computer user private key to each computer user.
-
-
20. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to classify characters within a character string, comprising:
-
a first module comprising code for causing a machine to log interrupts;
a second module comprising code for causing a machine to check a time between interrupts;
a third module comprising code for causing a machine to check an interrupt duration; and
a fourth module comprising code for causing a machine to classify the characters within the character string based upon said time between interrupts and said interrupt duration.
-
-
21. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to determine whether consecutively entered keyboard characters are from the same timing equivalence class, comprising:
-
a first module comprising code for causing a machine to determine a cache miss average time;
a second module comprising code for causing a machine to determine a cache hit average time;
a third module comprising code for causing a machine to determine a threshold based upon said cache miss average time and said cache hit average time;
a fourth module comprising code for causing a machine to clear cache after reading a first character;
a fifth module comprising code for causing a machine to read a second character after said clearing cache;
a sixth module comprising code for causing a machine to determine a processing time for said reading a second character; and
a seventh module comprising code for causing a machine indicate whether said first character and said second character are from the same timing equivalence class based upon said threshold and said processing time.
-
-
22. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to determine whether consecutively entered keyboard characters are from the same timing equivalence class, comprising:
-
a first module comprising code for causing a machine to read a first character;
a second module comprising code for causing a machine to clear cache after said reading a first character;
a third module comprising code for causing a machine read second character after said clearing cache;
a fourth module comprising code for causing a machine to determine a processing time for said reading a second character; and
a fifth module comprising code for causing a machine indicate whether said first character and said second character are from the same timing equivalence class based upon a predetermined threshold and said processing time.
-
-
23. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to classify characters within a character string, comprising:
-
a first module comprising code for causing a machine to determine a first classification of a plurality of characters based on a first character string application processing time;
a second module comprising code for causing a machine to determine a second classification of said plurality of characters based on a second character string application processing time; and
a third module comprising code for causing a machine to determine a third classification of said plurality of characters based upon the combination of said first classification and said second classification.
-
-
24. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to identify the equivalence class of consecutively entered keyboard characters in an n-character string, comprising:
-
a first module comprising code for causing a machine to clear a cache after character n-l;
a second module comprising code for causing a machine to test each equivalence class to determine which equivalence class includes character n; and
a third module comprising code for causing a machine to identify the equivalence class of characters in a string comprising characters 1 to n-l.
-
-
25. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to protect against timing attacks against a trusted path mechanism, comprising:
-
a first module comprising code for causing a machine to require computer user passwords comprising at least twenty-eight characters;
a second module comprising code for causing a machine to select said password characters such that at most one character is within eight keys of the number one (“
1”
) key; and
a third module comprising code for causing a machine to select said password characters such that at most one character is within eight keys of the forward slash (“
/”
) key.
-
-
26. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to protect against timing attacks against a trusted path mechanism, comprising:
a first module comprising code for causing a machine to modify a trusted path mechanism implementation to be a multithreaded process comprising a first thread to prevent any timing Trojan horses from running, said first thread running in a loop at a relatively high priority.
-
27. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to protect against timing attacks against a trusted path mechanism, comprising:
-
a first module comprising code for causing a machine to employ a multithreaded process comprising a first thread to prevent any timing Trojan horses from running; and
a second module comprising code for causing a machine to run said first thread in a loop at a first priority; and
a third module comprising code for causing a machine to prohibit unprivileged processes from obtaining a priority higher than said first priority.
-
Specification