GitHunt
JA

Jayveersinh-Raj/Timing_attack_genetic_algorithm

This is a proof of concept timing attack using genetic algorithm project for the course nature inspired computing offered at Innopolis University.

genetic-algorithmnature-inspired-algorithmspython3timing-attacks

This is the proof of concept for Timing attack, using Genetic Algorithm

The search utilizes the idea of timing attack as computation time information may leak due to lookup in the dictionary for password matching, and comparing. The fitness function would be based on the timing. However, it is important to note that this is just a proof of concept, and is solely for educational purposes.

To run type the following in the console within the directory

python3 main.py

Project structure

Serverside

  • Database → Represents a database that the server utilizes for verification.
  • Match password → Represents the server that relies on Database for verification.

Utlization by the attacker

  • Length → The program utilizes to approximate length for computation information leaked by verification from Database.
  • Password → Represents the login attempt that is trying the genetically found passwords of the found length to get their timing information.

Project Report

Report.pdf → IEEE format project report.

The programs that executes and puts everything together

  • genetic_algorithm.py → The class that contains all the functions of the genetic algorithms, that main_loop_ga.py, and main.py can utilize
  • main_loop_ga.py → The function that repeatedly runs all the functions (except populate because main.py will do it, although it can do it too) from the genetic algorithm class until, either early stopping, generation limit, or login successfull is achivied
  • main.py → The main driver code that only calls :
    1. Populate from GeneticAlgorithm class, and
    2. Passes it to main_loop_ga.py

hyperparameters.yaml

It is the yaml file that contains hyper-parameters that one can tweek, experiment or play with without changing anything in the code.

Flow diagram

loop

The above continues till either one of the following is met:

  1. Login succes
  2. End of generation loop limit
  3. Early stop → Stop after user defined iterations if no better solution is being found till that given iteration limit, i.e. no convergence towards better results till last n iterations

Sample output:

image

An important note

  1. Patience is required since one needs to repeat in between 100-1000 times for timeit, and initial population, length of password, and the number of generations do affect it
  2. Cannot cover larger search space on single computer. The sample output covers only lower case alphabets. ASCII from 97-122.
  3. Dedicated machine is require otherwise the timing informations would not be correct, and good output might not be achieved.

References

  1. H. Ali and M. Al-Salami “Timing Attack Prospect for RSA Cryptanalysts Using Genetic Algorithm Technique”, The International Arab Journal of Information Technology, vol. 1, no. 1, Jan 2004
  2. J. Dekeyser, "Timing attack by Genetic algorithm", medium.com. https://medium.com/javarevisited/timing-attack-by-genetic-algorithm-b93a4357cd43 (accessed Nov. 27, 2022)

Languages

Python100.0%

Contributors

JA
Created December 6, 2022
Updated March 15, 2023