Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms
作者: Alexander Schaub , Emmanuel Schneider , Alexandros Hollender , Vinicius Calasans , Laurent Jolie
DOI: 10.1007/978-3-319-17127-2_8
关键词:
摘要: Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis the web traffic gain sensitive information about client. this paper, we investigate how leaks can be used on search engines such as Google or Bing retrieve client’s query. contrast previous works, due payload randomization and compression, it is not always possible uniquely map query signature hence stochastic algorithms must used. They yield, for French language, an exact recovery word more than \(30\) % cases. Finally, present some methods mitigate leaks.
springer.com
core.ac.uk
sci-hub.st 参考文章(10)
Boris Köpf, Goran Doychev, Michael Backes, Preventing Side-Channel Leaks in Web Traffic: A Formal Approach. network and distributed system security symposium. ,(2013)
Maxime Nassar, Sylvain Guilley, Jean-Luc Danger, Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks Lecture Notes in Computer Science. pp. 22- 39 ,(2011) , 10.1007/978-3-642-25578-6_4
Chee Meng Tey, Payas Gupta, Debin Gao, Yan Zhang, Keystroke timing analysis of on-the-fly web apps applied cryptography and network security. ,vol. 7954, pp. 405- 413 ,(2013) , 10.1007/978-3-642-38980-1_25
Sampreet A. Sharma, Bernard L. Menezes, Implementing side-channel attacks on suggest boxes in web applications international workshop on security. pp. 57- 62 ,(2012) , 10.1145/2490428.2490436
Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, Thomas Shrimpton, Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail ieee symposium on security and privacy. pp. 332- 346 ,(2012) , 10.1109/SP.2012.28
Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang, Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow ieee symposium on security and privacy. pp. 191- 206 ,(2010) , 10.1109/SP.2010.20
Luke Mather, Elisabeth Oswald, Pinpointing Side-Channel Information Leaks in Web Applications Journal of Cryptographic Engineering. ,vol. 2, pp. 161- 177 ,(2012) , 10.1007/S13389-012-0036-0
Dominik Herrmann, Rolf Wendolsky, Hannes Federrath, Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier ieee international conference on cloud computing technology and science. pp. 31- 42 ,(2009) , 10.1145/1655008.1655013
Marc Liberatore, Brian Neil Levine, Inferring the source of encrypted HTTP connections Proceedings of the 13th ACM conference on Computer and communications security - CCS '06. pp. 255- 263 ,(2006) , 10.1145/1180405.1180437
Edward Fredkin, Trie memory Communications of The ACM. ,vol. 3, pp. 490- 499 ,(1960) , 10.1145/367390.367400