Skip to main content
SpringerLink
Log in

Analysis of Mitigation Measures for Timing Attacks in Mobile-Cloud Offloading Systems

  • Conference paper
Measurement, Modelling and Evaluation of Dependable Computer and Communication Systems (MMB&DFT 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9629))

Abstract

Mobile cloud offloading has been proposed to migrate complex computations from mobile devices to powerful servers. While this may be beneficial from the performance and energy perspective, it certainly exhibits new challenges in terms of security due to increased data transmission over networks with potentially unknown threats. Among possible security issues are timing attacks which are not prevented by traditional cryptographic security. Usually random delays are introduced in such systems as a popular countermeasure. Random delays are easily deployed even if the source code of the application is not at hand. While the benefits are obvious, a random delay introduces a penalty that should be minimized. The challenge is to select the distribution from which to draw the random delays and to set mean and variance in a suitable way such that the system security is maximized and the overhead is minimized. To tackle this problem, we have implemented a prototype that allows us to compare the impact of different random distributions on the expected success of timing attacks. Based on our model, the effect of random delay padding on the performance and security perspective of offloading systems is analyzed in terms of response time and optimal rekeying rate. We found that the variance of random delays is the primary influencing factor to the mitigation effect. Based on our approach, the system performance and security can be improved as follows. Starting from the mission time of a computing job one can select a desired padding policy. From this the optimal rekeying interval can be determined for the offloading system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kumar, K., Liu, J., Lu, Y.-H., Bhargava, B.: A survey of computation offloading for mobile systems. Mob. Netw. Appl. 18(1), 129–140 (2013)

    Article  Google Scholar 

  2. Barbera, M., Kosta, S., Mei, A., Perta, V., Stefa, J.: Mobile offloading in the wild: findings and lessons learned through a real-life experiment with a new cloud-aware system. In: INFOCOM, Proceedings of IEEE, pp. 2355–2363. IEEE (2014)

    Google Scholar 

  3. Hong, J.I., Landay, J.A.: An infrastructure approach to context-aware computing. Hum.-Comput. Interact. 16(2), 287–303 (2001)

    Article  Google Scholar 

  4. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  5. Hao, Z., Tang, Y., Zhang, Y., Novak, E., Carter, N., Li, Q.: SMOC: a secure mobile cloud computing platform. In: IEEE Conference on Computer Communications (INFOCOM), pp. 2668–2676. IEEE (2015)

    Google Scholar 

  6. Cui, H., Yuan, X., Wang, C.: Harnessing encrypted data in cloud for secure and efficient image sharing from mobile devices. In: IEEE Conference on Computer Communications (INFOCOM), pp. 2659–2667. IEEE (2015)

    Google Scholar 

  7. Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  8. Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)

    Article  Google Scholar 

  9. Braun, B.A., Jana, S., Boneh, D.: Robust and efficient elimination of cache and timing side channels (2015). arXiv preprint arxiv:1506.00189

  10. Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: from dependability to security. IEEE Trans. Dependable Secure Comput. 1(1), 48–65 (2004)

    Article  Google Scholar 

  11. Lenkala, S.R., Shetty, S., Xiong, K.: Security risk assessment of cloud carrier. In: 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 442–449. IEEE (2013)

    Google Scholar 

  12. Rebeiro, C., Mukhopadhyay, D., Bhattacharya, S.: An introduction to timing attacks. In: Timing Channels in Cryptography, pp. 1–11. Springer, Switzerland (2015)

    Google Scholar 

  13. Wu, H., Sun, Y., Wolter, K.: Analysis of the energy-response time tradeoff for delayed mobile cloud offloading. SIGMETRICS Perform. Eval. Rev. 43, 33–35 (2015)

    Article  Google Scholar 

  14. Köpf, B., Basin, D.: Automatically deriving information-theoretic bounds for adaptive side-channel attacks. J. Comput. Secur. 19(1), 1–31 (2011)

    Article  Google Scholar 

  15. Coron, J.-S., Kizhvatov, I.: An efficient method for random delay generation in embedded software. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 156–170. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  17. Lu, Y., O’Neill, M.P., McCanny, J.V.: FPGA implementation and analysis of random delay insertion countermeasure against DPA. In: International Conference on ICECE Technology, FPT 2008, pp. 201–208. IEEE (2008)

    Google Scholar 

  18. He, Z., Deng, X., Yang, B., Dai, K., Zou, X.: A SCA-resistant processor architecture based on random delay insertion. In: International Conference on Computing and Communications Technologies (ICCCT), pp. 278–281. IEEE (2015)

    Google Scholar 

  19. Kotipalli, S., Kim, Y.-B., Choi, M.: Asynchronous advanced encryption standard hardware with random noise injection for improved side-channel attack resistance. J. Electr. Comput. Eng. 2014, 19 (2014)

    Google Scholar 

  20. Meng, T., Wang, Q., Wolter, K.: Model-based quantitative security analysis of mobile offloading systems under timing attacks. In: Remke, A., Manini, D., Gribaudo, M. (eds.) ASMTA 2015. LNCS, vol. 9081, pp. 143–157. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  21. Stewart, W.J.: Probability, Markov Chains, Queues, and Simulation: The Mathematical Basis of Performance Modeling. Princeton University Press, Princeton (2009)

    MATH  Google Scholar 

  22. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Crypt. 10(4), 233–260 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  23. Chen, C., Wang, T., Tian, J.: Improving timing attack on RSA-CRT via error detection and correction strategy. Inf. Sci. 232, 464–474 (2013)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, Freie Universität Berlin, Takustr. 9, 14195, Berlin, Germany

    Tianhui Meng & Katinka Wolter

Authors
  1. Tianhui Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Katinka Wolter
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tianhui Meng .

Editor information

Editors and Affiliations

  1. Universität Münster, Münster, Germany

    Anne Remke

  2. University of Twente, Enschede, The Netherlands

    Boudewijn R. Haverkort

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Meng, T., Wolter, K. (2016). Analysis of Mitigation Measures for Timing Attacks in Mobile-Cloud Offloading Systems. In: Remke, A., Haverkort, B.R. (eds) Measurement, Modelling and Evaluation of Dependable Computer and Communication Systems. MMB&DFT 2016. Lecture Notes in Computer Science(), vol 9629. Springer, Cham. https://doi.org/10.1007/978-3-319-31559-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31559-1_14

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31558-4

  • Online ISBN: 978-3-319-31559-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation