Skip to Main content Skip to Navigation
New interface
Reports (Research report)

(Un)Safe Browsing

Thomas Gerbet 1 Amrit Kumar 1, 2 Cédric Lauradoux 2 
2 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
Abstract : Users often accidentally or inadvertently click ma- licious phishing or malware website links, and in doing so they sacrifice secret information and sometimes even fully compromise their devices. These URLs are intelligently scripted to remain inconspicuous over the Internet. In light of the ever increasing number of such URLs, new ingenious strategies have been in- vented to detect them and inform the end user when he is tempted to access such a link. The Safe Browsing technique provides an exemplary service to identify unsafe websites and notify users and webmasters allowing them to protect themselves from harm. In this work, we show how to turn Google Safe Browsing services against itself and its users. We propose several Distributed Denial- of-Service attacks that simultaneously affect both the Google Safe Browsing server and the end user. Our attacks leverage on the false positive probability of the data structures used for malicious URL detection. This probability exists because a trade- off was made between Google's server load and client's memory consumption. Our attack is based on the forgery of malicious URLs to increase the false positive probability. Finally we show how Bloom filter combined with universal hash functions and prefix lengthening can fix the problem.
Document type :
Reports (Research report)
Complete list of metadata
Contributor : Cédric Lauradoux Connect in order to contact the contributor
Submitted on : Monday, September 22, 2014 - 9:22:11 AM
Last modification on : Wednesday, October 26, 2022 - 8:14:46 AM
Long-term archiving on: : Friday, April 14, 2017 - 3:52:07 PM


Files produced by the author(s)


  • HAL Id : hal-01064822, version 2


Thomas Gerbet, Amrit Kumar, Cédric Lauradoux. (Un)Safe Browsing. [Research Report] RR-8594, INRIA. 2014. ⟨hal-01064822v2⟩



Record views


Files downloads