Obermaier, JohannesLaas, TobiasRoner, MarkusPlödereder, E.Grunske, L.Schneider, E.Ull, D.2017-07-262017-07-262014978-3-88579-626-8This paper demonstrates a novel timing attack on a software implementation of the AES decryption algorithm. The implementation was optimized to reduce its code and memory footprint by utilizing an inverse S-box operation which directly calculates the substitution values instead of fetching them from a pre-computed look-up table. This code-size optimized implementation was created as part of a laboratory for which a smart-card emulator was designed and physically tested. Later on, we noticed that the implementation shows a data-dependent execution time for which we developed a novel timing attack. It is based on a timing-model which was derived from an analysis of the implementation. The feasibility of the approach was first proved by a simulation. The subsequent application of the attack on the smart-card emulator in a real setup was successful. This paper describes the analysis done to conduct the attack and emphasizes the dangers of incautiously implemented cryptographic algorithms.enText/Conference Paper1617-5468