|
Recently, a number of serious and realistic draw back of Database Management System, called timing vulnerability, are reported. The malicious users such as spammers can learn whether or not the user-data are comprised in database, using a timing attack. At this moment, the most popular countermeasure is unifying the time distance between HTTP requests and their responses. However, the time distance must be made consistent with the worst case. This raises a new problem for time efficiency. Whereas, if we simply substitute keyed-hashing for hashing at the chain scheme, it seems not only efficient but also secure against the timing attack. In this paper, we define the security of data-structure against timing attack, and evaluate the keyed-hashing chain scheme.
|
