Pavel Kankovsky wrote:

> [...] The signal--the differences in memcmp() timings--is measured in
> few CPU clock ticks but the noise is much higher--tens, hundreds, maybe
> even thousands of clock ticks (or more if no ultra-high precision clock is
> available). [...]

Depending on how the noise is distributed, it may be that the standard
deviation of the added noise grows with the square root of the number
of observations. Hence, if the standard deviation of a single observation
were one thousand times the memcmp() difference, we would need several, say,
25 million observations to make the peak stand out if the random sums aren't
expected to differ more than five standard deviations from the average.

It might be interesting to repeat the observations with a higher count.
Of course, a long duration makes this attack uninteresting for real use.

> [...] (**) Perhaps some smart
> noise-filtering techniques might make the results look better?

Some values are distorted because of page faults, timer interrupts etc.
It might be a start to sort the observed values and throw away a certain
percentage of the upper values before averaging.

Klaus Frank

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]