Timing Attacks, Technique CM0063

Side-Channel Attack: Timing Attacks

Threat actors can leverage timing attacks to exfiltrate information due to variances in the execution timing for different sub-systems in the spacecraft (i.e., cryptosystem). In spacecraft, due to the utilization of processors with lower processing powers (i.e. slow), this becomes all the more important because slower processors will enhance even small difference in computation time. Every operation in a spacecraft takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, a threat actor can work backwards to the input. Finding secrets through timing information may be significantly easier than using cryptanalysis of known plaintext, ciphertext pairs. Sometimes timing information is combined with cryptanalysis to increase the rate of information leakage.

Other Subtechniques of Side-Channel Attack ( 5 )

ID	Name
EXF-0002.01	Power Analysis Attacks
EXF-0002.02	Electromagnetic Leakage Attacks
EXF-0002.03	Traffic Analysis Attacks
EXF-0002.04	Timing Attacks
EXF-0002.05	Thermal Imaging attacks

ID: CM0063

Sub-technique of: EXF-0002

Related Aerospace Threat IDs: No related threat IDs

Related MITRE ATT&CK TTPs: No related MITRE ATT&CK TTPs

ⓘ

Tactic: Exfiltration

Created: 2022/10/19

Last Modified: 2022/10/28

Countermeasures

ID	Name	Description	NIST Rev5	D3FEND	ISO 27001
CM0002	COMSEC	Utilizing secure communication protocols with strong cryptographic mechanisms to prevent unauthorized disclosure of, and detect changes to, information during transmission. Systems should also maintain the confidentiality and integrity of information during preparation for transmission and during reception. Spacecraft should not employ a mode of operations where cryptography on the TT&C link can be disabled (i.e., crypto-bypass mode). The cryptographic mechanisms should identify and reject wireless transmissions that are deliberate attempts to achieve imitative or manipulative communications deception based on signal parameters.	AC-17(1) \| AC-17(10) \| AC-17(10) \| AC-17(2) \| AC-18(1) \| AC-2(11) \| AC-3(10) \| IA-4(9) \| IA-5 \| IA-5(7) \| IA-7 \| SA-8(18) \| SA-9(6) \| SC-10 \| SC-12 \| SC-12(1) \| SC-12(2) \| SC-12(3) \| SC-12(6) \| SC-13 \| SC-16(3) \| SC-28(1) \| SC-28(3) \| SC-7 \| SC-7(11) \| SC-7(18) \| SI-10 \| SI-10(3) \| SI-10(5) \| SI-10(6) \| SI-19(4)	None	A.8.16 \| A.5.16 \| A.5.17 \| A.5.14 \| A.8.16 \| A.8.20 \| A.8.22 \| A.8.23 \| A.8.26 \| A.8.20 \| A.8.24 \| A.8.24 \| A.8.26 \| A.5.31 \| A.5.33 \| A.8.11
CM0063	Increase Clock Cycles/Timing	Use more clock cycles such that branching does not affect the execution time. Also, the memory access times should be standardized to be the same over all accesses. If timing is not mission critical and time is in abundance, the access times can be reduced by adding sufficient delay to normalize the access times. These countermeasures will result in increased power consumption which may not be conducive for low size, weight, and power missions.	PE-19 \| PE-19(1)	None	A.7.5 \| A.7.8 \| A.8.12

References

https://www.cse.msu.edu/~alexliu/publications/SensorSideChannel/SensorSideChannel.pdf