itu-itis24-yeterb24/Time-Based-Side-Channel-Attacks-on-String-Comparison-Algorithms

# SEC 211E - Fundamentals of Cryptography ## Project 3: Timing-Based Side-Channel Attacks **Name:** Berra Deniz Yeter **Student ID:** 150240426 **Institution:** Istanbul Technical University ### Overview This project demonstrates a timing-based side-channel attack on a vulnerable string comparison algorithm. It uses a high-resolution CPU hardware counter (`cntvct_el0`) and statistical noise filtering (minimum cycle logic) to extract a 16-character secret password character by character. It also provides a constant-time comparison implementation that is mathematically secure against this type of attack. ### Directory Contents - `attack_code.c`: The implementation of the side-channel attack targeting an insecure string comparison function. - `secure_code.c`: The implementation of a secure, constant-time string comparison function using bitwise XOR and OR operations. - `report.pdf`: The detailed project report covering the vulnerability analysis, methodology, and experimental results. - `presentation.pdf`: The slides used for the project presentation. ### Environment Requirements - The code uses inline assembly specific to ARMv8-A architecture (`mrs %0, cntvct_el0`) to read the virtual counter. - It is designed to be compiled and executed on an **Apple Silicon (M-Series)** processor running macOS. ### Compilation and Execution **1. Compiling and running the vulnerable attack script:** gcc attack_code.c -o attack ./attack **2. Compiling and running the secure constant-time script:** gcc secure_code.c -o secure ./secure ### Notes - The attack filters out Operating System context-switch noise by executing the target function 10,000 times per character and selecting the absolute minimum execution cycle. - The `secure_code.c` proves the efficacy of constant-time paradigms, as the execution time remains identical regardless of the character input, effectively mitigating the side-channel vulnerability.

标签：客户端加密