Cache Timing Attacks Revisited: Efficient and Repeatable Browser History, OS and Network Sniffing

Abstract : Cache Timing Attacks (CTAs) have been shown to leak Web browsing history. Until recently, they were deemed a limited threat to individuals’ privacy because of their narrow attack surface and vectors, and a lack of robustness and efficiency. Our attack implementation exploits the Web Worker APIs to parallelise cache probing (300 requests/second) and applies time-outs on cache requests to prevent cache pollution. We demonstrate robust cache attacks at the browser, operating system and Web proxy level. Private browsing sessions, HTTPS and corporate intranets are vulnerable. Through case studies of (1) anti-phishing protection in online banking, (2) Web search using the address bar in browsers, (3) publishing of personal images in social media, and (4) use of desktop search, we show that CTAs can seriously compromise privacy and security of individuals and organisations. Options for protection from CTAs are limited. The lack of effective defence, and the ability to mount attacks without cooperation of other websites, makes the improved CTAs serious contenders for cyber-espionage and a broad consumer and corporate surveillance.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.97-111, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_7〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01345099
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 juillet 2016 - 10:53:08
Dernière modification le : mercredi 13 juillet 2016 - 11:18:42

Fichier

337885_1_En_7_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Chetan Bansal, Sören Preibusch, Natasa Milic-Frayling. Cache Timing Attacks Revisited: Efficient and Repeatable Browser History, OS and Network Sniffing. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.97-111, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_7〉. 〈hal-01345099〉

Partager

Métriques

Consultations de la notice

156

Téléchargements de fichiers

7