摘要: Cross-site search (XS-search) attacks circumvent the same-origin policy and extract sensitive information, by using time it takes for browser to receive responses queries. This side-channel is usually considered impractical, due limited attack duration high variability of delays. may be true naive XS-search attacks; however, we show that use better tools facilitates effective attacks, exposing information efficiently precisely. We present evaluate three types tools: (1) appropriate statistical tests, (2) amplification timing side-channel, 'inflating' communication or computation, (3) optimized, tailored divide-and-conquer algorithms, identify terms from large 'dictionaries'. These techniques applicable in other scenarios. implemented evaluated against popular Gmail Bing services, several environments ethical experiments, taking careful, IRB-approved measures avoid exposure personal information.
acm.org
sci-hub.se 参考文章(23)
Alexei Czeskis, Alexander Moshchuk, Tadayoshi Kohno, Helen J. Wang, Lightweight server support for browser-based CSRF protection Proceedings of the 22nd international conference on World Wide Web - WWW '13. pp. 273- 284 ,(2013) , 10.1145/2488388.2488413
Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems international cryptology conference. ,vol. 1109, pp. 104- 113 ,(1996) , 10.1007/3-540-68697-5_9
Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 international cryptology conference. pp. 1- 12 ,(1998) , 10.1007/BFB0055716
Yossi Gilad, Amir Herzberg, Spying in the dark: TCP and tor traffic analysis privacy enhancing technologies. pp. 100- 119 ,(2012) , 10.1007/978-3-642-31680-7_6
Ziqing Mao, Ninghui Li, Ian Molloy, Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection Financial Cryptography and Data Security. ,vol. 5628, pp. 238- 255 ,(2009) , 10.1007/978-3-642-03549-4_15
Zachary Weinberg, Eric Y. Chen, Pavithra Ramesh Jayaraman, Collin Jackson, I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks ieee symposium on security and privacy. pp. 147- 161 ,(2011) , 10.1109/SP.2011.23
Oded Goldreich, Rafail Ostrovsky, Software protection and simulation on oblivious RAMs Journal of the ACM. ,vol. 43, pp. 431- 473 ,(1996) , 10.1145/233551.233553
Scott A. Crosby, Dan S. Wallach, Rudolf H. Riedi, Opportunities and Limits of Remote Timing Attacks ACM Transactions on Information and System Security. ,vol. 12, pp. 1- 29 ,(2009) , 10.1145/1455526.1455530
Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, Thomas Shrimpton, Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail ieee symposium on security and privacy. pp. 332- 346 ,(2012) , 10.1109/SP.2012.28
Edward W. Felten, Michael A. Schneider, Timing attacks on Web privacy computer and communications security. pp. 25- 32 ,(2000) , 10.1145/352600.352606