the clock is still ticking timing attacks in the modern
play

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom - PowerPoint PPT Presentation

Jan 27, 2024 •427 likes •642 views

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen, Nick Nikiforakis Background: Timing attacks Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a

  1. The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen, Nick Nikiforakis

  2. Background: Timing attacks ● Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a cryptographic ● algorithm/requesting a webpage/etc.

  3. Background: Timing attacks ● Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a cryptographic ● algorithm/requesting a webpage/etc. ● If someone has recently visited a particular website, then cache will store it.

  4. Background: Timing attacks ● Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a cryptographic ● algorithm/requesting a webpage/etc. ● If someone has recently visited a particular website, then cache will store it. ● Cache will save time the next time the website is requested, where attackers can analyze the time difference and get valuable information.

  5. Timing attacks in modern web ● This paper proposes new timing attacks using modern web features (HTML5, etc).

  6. Timing attacks in modern web ● This paper proposes new timing attacks using modern web features (HTML5, etc). ● Purpose of attacker in this paper is a bit different: estimate the size of a resource.

  7. Timing attacks in modern web ● Basic version: Image object is useful. ● The image src is set to be an HTML page, which will eventually result in error when the image object parses it. ● The onError function will always be called

  8. Advanced versions of timing attack in web ● Using audio or video object instead of image.

  9. Advanced versions of timing attack in web ● Use audio or video object instead of image. (HTML5 feature) Use ApplicationCache: attacker can force an external resource to be cached ● ○ Although reading a small file takes less than 1ms, the size of a file still has measurable influence on reading from cache.

  10. Advanced versions of timing attack in web ● Use audio or video object instead of image. (HTML5 feature) Use ApplicationCache: attacker can force an external resource to be cached ● ○ Although reading a small file takes less than 1ms, the size of a file still has measurable influence on reading from cache. ● Use Service Worker: allow time measuring even after user closes browser ○ Service Worker: event-driven scripts whose lifetime is independent of the webpage Use Fetch API to perform network requests, can make authenticated requests without CORS ○ ○ A process running in background

  11. Advanced versions of timing attack in web ● Use audio or video object instead of image. (HTML5 feature) Use ApplicationCache (modern browser feature): attacker can force an ● external resource to be cached ○ Although reading a small file takes less than 1ms, the size of a file still has measurable influence on reading from cache. ● Use Service Worker: allow time measuring even after user closes browser ○ Service Worker: event-driven scripts whose lifetime is independent of the webpage (A process running in background) ○ The time it takes to put a resource in cache and remove it from cache can be used by attacker. ● Use script parsing

  12. Performance of different timing attacks in web ● Performance of these timing attacks:

  13. Discussion: real-world timing attacks ● Facebook: Age, Gender and Location may be leaked by phishing Facebook page can post to a specific group of users (age 20-30/female only/etc.) ○ ○ Page can post several times with different user group, where the content is a permanent phishing website URL, and different targeted user will see different URL. ○ After the user gets into the website, timing attacks can be performed against private info..

  14. Discussion: real-world timing attacks ● LinkedIn: Contact Search If a user has many connections from Germany, then he or she is likely living in Germany. ○ ○ Query for contacts uses XMLHttpRequest(XHR) and JSON stream, response size depends on the connection numbers., ○ Timing attack can measure and estimate the number of connections

  15. Discussion: real-world timing attacks ● Twitter: Protected accounts Google and Amazon: Search History can be investigated ● ● Many more...

  16. Discussion: defensive approaches ● Randomized accessing time implemented on browser (client-side) But that may affect performance ○ ● Server side CSRF countermeasures ● What else?

  17. Discussion: Significance ● The above examples show that timing attack can be very harmful toward our private information

  18. Discussion: Significance ● The above examples show that timing attack can be very harmful toward our private information ● However, not a bad way for big data companies/institutions to obtain data. ○ Very crucial in researches. May actually improve people’s life.. ○

  19. Discussion: Significance ● The above examples show that timing attack can be very harmful toward our private information ● However, not a bad way for big data companies/institutions to obtain data. ○ Very crucial in researches. May actually improve people’s life.. ○ ● The question is: privacy information or machine learning benefits?

  20. Future Works on Timing attack ● Effective and efficient defensive approaches (Is that possible?) The ethical question ●

  21. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Seniors Seniors 2019 2019 The Clock is Ticking The Clock is Ticking!!! !!! Countdown

Seniors Seniors 2019 2019 The Clock is Ticking The Clock is Ticking!!! !!! Countdown

Seniors Seniors 2019 2019 The Clock is Ticking The Clock is Ticking!!! !!! Countdown Yearbooks Yearbooks Mrs. Cardenas Mrs. Cardenas lcarden1@houst lcarden1@houstonisd.o onisd.org rg Topic Topic Overview Overview Important

377 views • 33 slides
FOURTH UPDATE: Are You Ready? The October 19, 2011 Clock Is Ticking on MSP Mandatory Practice

FOURTH UPDATE: Are You Ready? The October 19, 2011 Clock Is Ticking on MSP Mandatory Practice

FOURTH UPDATE: Are You Ready? The October 19, 2011 Clock Is Ticking on MSP Mandatory Practice Group: Health Care Reporting Requirements By Mary Beth F. Johnston and Amy L. Mackin Once again the Centers for Medicare and Medicaid Services

200 views • 3 slides
The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we

The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we

The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we prepared What we did not expect How to better prepare next time Opportunities and unexpected upsides How we prepared Challenges Set Up

357 views • 21 slides
Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if

Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if

Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if desired) Agenda Basics of Clock Gating Fixing Clock Enable Timing in RTL-2-GDSII Flow Results Conclusion Harish Dangat 2 Clock

1.17k views • 41 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis

The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis

The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis Mumford Perpignan, 1356 Su Sung's Water Clock, 1094 Mechanical Clock: a definition Verge with Pendulum Regulator (Huygens, 1658) So who

265 views • 22 slides
Is the clock ticking? Head and Neck EBP Group Rachelle Robinson (POWH) Emma Pendleton

Is the clock ticking? Head and Neck EBP Group Rachelle Robinson (POWH) Emma Pendleton

Swallowing Rehab in Head & Neck Chemo-Radiotherapy... Is the clock ticking? Head and Neck EBP Group Rachelle Robinson (POWH) Emma Pendleton (Liverpool ) H&N EBP Showcase Presentation 2015 Head and Neck EBP Group Established:

626 views • 25 slides
Early Arthritis Workshop The clock is ticking Andrew Harrison Assoc Prof in Medicine, University

Early Arthritis Workshop The clock is ticking Andrew Harrison Assoc Prof in Medicine, University

Early Arthritis Workshop The clock is ticking Andrew Harrison Assoc Prof in Medicine, University of Otago, Wellington HoD, Wellington Regional Rheumatology Unit The purpose of this workshop By the end of this session you should be able to:

921 views • 60 slides
Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Introduction to Digital VLSI Logic Synthesis Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups according to the clock associated with the endpoint of the path. There is a default path group that

540 views • 18 slides
1 Clock skew optimization Another approach for sequential timing optimization

1 Clock skew optimization Another approach for sequential timing optimization

Sequential Timing Optimization Long path timing constraints Data must not reach destination FF too late d max (i,j) s i + d(i,j) + T setup s j + P i j s s i i sj d(i,j) T setup Short path timing constraints FF should not

85 views • 7 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of Science, Finland {bbrumley,ntuveri}@tcs.hut.fi Synopsis New remote timing attack vulnerability in OpenSSLs implementation of Montgomerys

487 views • 25 slides
Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l. 2018/12/06 Agenda 2 STM32 Nucleo Boards STM32 Firewall Cache-Timing Attack Evict&Time vs. MbedTLS AES on STM32

477 views • 20 slides
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

IEEE S&P 2016 No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis May 24, 2016 Wenrui Diao , Xiangyu Liu, Zhou Li, and Kehuan Zhang 2/18 Motivation -- Hardware and Kernel Mobile platform

700 views • 21 slides
The strong, silent type Alarm clock | Introduction That wakes you up in a different way

The strong, silent type Alarm clock | Introduction That wakes you up in a different way

Alarm clock | Introduction The strong, silent type Alarm clock | Introduction That wakes you up in a different way Alarm clock | Features Wake up to flashing lights High intensity LED flash Same type as a modern camera or a cell

337 views • 30 slides
Web Browsing, Cryptography, VPN, PGP Week 5 Frank Chen | Spring 2017 Frank Chen | Spring 2017

Web Browsing, Cryptography, VPN, PGP Week 5 Frank Chen | Spring 2017 Frank Chen | Spring 2017

Keybase, a company that strives to provide everyone with GPG CS 88S Web Browsing, Cryptography, VPN, PGP Week 5 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material How the Internet Works, abridged

542 views • 51 slides
Memory Hierarchy (Performance Optimization) 2 Lab Schedule Activities Assignments Due

Memory Hierarchy (Performance Optimization) 2 Lab Schedule Activities Assignments Due

Computer Systems and Networks ECPE 170 University of the Pacific Memory Hierarchy (Performance Optimization) 2 Lab Schedule Activities Assignments Due Today Tonight Background discussion Lab 7 due by 11:59pm

961 views • 42 slides
Get a perfect 100 in Google PageSpeed and what will happen if you don't Mike Carper (mikeytown2)

Get a perfect 100 in Google PageSpeed and what will happen if you don't Mike Carper (mikeytown2)

Get a perfect 100 in Google PageSpeed and what will happen if you don't Mike Carper (mikeytown2) @mcarper Your site just went live after being under construction for months You have varnish, redis, fastly, and cloudfront! Hosted on a

1.06k views • 78 slides
Memory Hierarchy Y. K. Malaiya Acknowledgements Computer Architecture, Quantitative Approach -

Memory Hierarchy Y. K. Malaiya Acknowledgements Computer Architecture, Quantitative Approach -

Memory Hierarchy Y. K. Malaiya Acknowledgements Computer Architecture, Quantitative Approach - Hennessy, Patterson Vishwani D. Agrawal Review: Major Components of a Computer Processor Devices Control Input Memory Datapath Output Cache

750 views • 46 slides
Welcome! Todays Agenda: Introduction The Idealized Cache Model Divide and

Welcome! Todays Agenda: Introduction The Idealized Cache Model Divide and

/INFOMOV/ Optimization & Vectorization J. Bikker - Sep-Nov 2019 - Lecture 12: Cache - Oblivious Welcome! Todays Agenda: Introduction The Idealized Cache Model Divide and Conquer Sorting Digest INFOMOV

783 views • 35 slides
Finding a Needle in Haystack Presentation by: Neelim Haider Authors (of paper): Doug Beaver,

Finding a Needle in Haystack Presentation by: Neelim Haider Authors (of paper): Doug Beaver,

Finding a Needle in Haystack Presentation by: Neelim Haider Authors (of paper): Doug Beaver, Sanjeev Kumar, Harry C. Li, Jason Sobel, Peter Vajgel Question 1: : Please briefly introduce the Haystacks architecture. Haystack consists of 3

377 views • 12 slides
Use Logical Decoding to build your own application cache By Blagoj Atanasovski Powered by Who

Use Logical Decoding to build your own application cache By Blagoj Atanasovski Powered by Who

Use Logical Decoding to build your own application cache By Blagoj Atanasovski Powered by Who am I Software Engineer at Sorsix https://www.sorsix.com/ I work on: Backends for Web Applications Solutions for Fast Data

782 views • 39 slides
with Variable Object Sizes Daniel S. Berger Nathan Beckmann Mor Harchol-Balter Carnegie Mellon

with Variable Object Sizes Daniel S. Berger Nathan Beckmann Mor Harchol-Balter Carnegie Mellon

Practical Bounds on Optimal Caching with Variable Object Sizes Daniel S. Berger Nathan Beckmann Mor Harchol-Balter Carnegie Mellon University ACM Sigmetrics, Irvine, June 19, 2018. Caches are Everywhere 10x Web browser Web Cache Server in

159 views • 15 slides

More recommend