the clock is still ticking timing attacks in the modern
play

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom - PowerPoint PPT Presentation

Jan 27, 2024 •427 likes •642 views

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen, Nick Nikiforakis Background: Timing attacks Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a

  1. The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen, Nick Nikiforakis

  2. Background: Timing attacks ● Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a cryptographic ● algorithm/requesting a webpage/etc.

  3. Background: Timing attacks ● Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a cryptographic ● algorithm/requesting a webpage/etc. ● If someone has recently visited a particular website, then cache will store it.

  4. Background: Timing attacks ● Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a cryptographic ● algorithm/requesting a webpage/etc. ● If someone has recently visited a particular website, then cache will store it. ● Cache will save time the next time the website is requested, where attackers can analyze the time difference and get valuable information.

  5. Timing attacks in modern web ● This paper proposes new timing attacks using modern web features (HTML5, etc).

  6. Timing attacks in modern web ● This paper proposes new timing attacks using modern web features (HTML5, etc). ● Purpose of attacker in this paper is a bit different: estimate the size of a resource.

  7. Timing attacks in modern web ● Basic version: Image object is useful. ● The image src is set to be an HTML page, which will eventually result in error when the image object parses it. ● The onError function will always be called

  8. Advanced versions of timing attack in web ● Using audio or video object instead of image.

  9. Advanced versions of timing attack in web ● Use audio or video object instead of image. (HTML5 feature) Use ApplicationCache: attacker can force an external resource to be cached ● ○ Although reading a small file takes less than 1ms, the size of a file still has measurable influence on reading from cache.

  10. Advanced versions of timing attack in web ● Use audio or video object instead of image. (HTML5 feature) Use ApplicationCache: attacker can force an external resource to be cached ● ○ Although reading a small file takes less than 1ms, the size of a file still has measurable influence on reading from cache. ● Use Service Worker: allow time measuring even after user closes browser ○ Service Worker: event-driven scripts whose lifetime is independent of the webpage Use Fetch API to perform network requests, can make authenticated requests without CORS ○ ○ A process running in background

  11. Advanced versions of timing attack in web ● Use audio or video object instead of image. (HTML5 feature) Use ApplicationCache (modern browser feature): attacker can force an ● external resource to be cached ○ Although reading a small file takes less than 1ms, the size of a file still has measurable influence on reading from cache. ● Use Service Worker: allow time measuring even after user closes browser ○ Service Worker: event-driven scripts whose lifetime is independent of the webpage (A process running in background) ○ The time it takes to put a resource in cache and remove it from cache can be used by attacker. ● Use script parsing

  12. Performance of different timing attacks in web ● Performance of these timing attacks:

  13. Discussion: real-world timing attacks ● Facebook: Age, Gender and Location may be leaked by phishing Facebook page can post to a specific group of users (age 20-30/female only/etc.) ○ ○ Page can post several times with different user group, where the content is a permanent phishing website URL, and different targeted user will see different URL. ○ After the user gets into the website, timing attacks can be performed against private info..

  14. Discussion: real-world timing attacks ● LinkedIn: Contact Search If a user has many connections from Germany, then he or she is likely living in Germany. ○ ○ Query for contacts uses XMLHttpRequest(XHR) and JSON stream, response size depends on the connection numbers., ○ Timing attack can measure and estimate the number of connections

  15. Discussion: real-world timing attacks ● Twitter: Protected accounts Google and Amazon: Search History can be investigated ● ● Many more...

  16. Discussion: defensive approaches ● Randomized accessing time implemented on browser (client-side) But that may affect performance ○ ● Server side CSRF countermeasures ● What else?

  17. Discussion: Significance ● The above examples show that timing attack can be very harmful toward our private information

  18. Discussion: Significance ● The above examples show that timing attack can be very harmful toward our private information ● However, not a bad way for big data companies/institutions to obtain data. ○ Very crucial in researches. May actually improve people’s life.. ○

  19. Discussion: Significance ● The above examples show that timing attack can be very harmful toward our private information ● However, not a bad way for big data companies/institutions to obtain data. ○ Very crucial in researches. May actually improve people’s life.. ○ ● The question is: privacy information or machine learning benefits?

  20. Future Works on Timing attack ● Effective and efficient defensive approaches (Is that possible?) The ethical question ●

  21. Questions?

Recommend

Seniors Seniors 2019 2019 The Clock is Ticking The Clock is Ticking!!! !!! Countdown

Seniors Seniors 2019 2019 The Clock is Ticking The Clock is Ticking!!! !!! Countdown

Seniors Seniors 2019 2019 The Clock is Ticking The Clock is Ticking!!! !!! Countdown Yearbooks Yearbooks Mrs. Cardenas Mrs. Cardenas lcarden1@houst lcarden1@houstonisd.o onisd.org rg Topic Topic Overview Overview Important

377 views • 33 slides
FOURTH UPDATE: Are You Ready? The October 19, 2011 Clock Is Ticking on MSP Mandatory Practice

FOURTH UPDATE: Are You Ready? The October 19, 2011 Clock Is Ticking on MSP Mandatory Practice

FOURTH UPDATE: Are You Ready? The October 19, 2011 Clock Is Ticking on MSP Mandatory Practice Group: Health Care Reporting Requirements By Mary Beth F. Johnston and Amy L. Mackin Once again the Centers for Medicare and Medicaid Services

200 views • 3 slides
The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we

The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we

The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we prepared What we did not expect How to better prepare next time Opportunities and unexpected upsides How we prepared Challenges Set Up

359 views • 21 slides
Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if

Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if

Clock Enable Timing Closure Methodology Harish Dangat Samsung Semiconductor (company logo if desired) Agenda Basics of Clock Gating Fixing Clock Enable Timing in RTL-2-GDSII Flow Results Conclusion Harish Dangat 2 Clock

1.17k views • 41 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis

The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis

The clock, not the steam-engine, is the key-machine of the modern industrial age. --Lewis Mumford Perpignan, 1356 Su Sung's Water Clock, 1094 Mechanical Clock: a definition Verge with Pendulum Regulator (Huygens, 1658) So who

265 views • 22 slides
Is the clock ticking? Head and Neck EBP Group Rachelle Robinson (POWH) Emma Pendleton

Is the clock ticking? Head and Neck EBP Group Rachelle Robinson (POWH) Emma Pendleton

Swallowing Rehab in Head & Neck Chemo-Radiotherapy... Is the clock ticking? Head and Neck EBP Group Rachelle Robinson (POWH) Emma Pendleton (Liverpool ) H&N EBP Showcase Presentation 2015 Head and Neck EBP Group Established:

626 views • 25 slides
Early Arthritis Workshop The clock is ticking Andrew Harrison Assoc Prof in Medicine, University

Early Arthritis Workshop The clock is ticking Andrew Harrison Assoc Prof in Medicine, University

Early Arthritis Workshop The clock is ticking Andrew Harrison Assoc Prof in Medicine, University of Otago, Wellington HoD, Wellington Regional Rheumatology Unit The purpose of this workshop By the end of this session you should be able to:

921 views • 60 slides
Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Introduction to Digital VLSI Logic Synthesis Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups according to the clock associated with the endpoint of the path. There is a default path group that

541 views • 18 slides
1 Clock skew optimization Another approach for sequential timing optimization

1 Clock skew optimization Another approach for sequential timing optimization

Sequential Timing Optimization Long path timing constraints Data must not reach destination FF too late d max (i,j) s i + d(i,j) + T setup s j + P i j s s i i sj d(i,j) T setup Short path timing constraints FF should not

86 views • 7 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of Science, Finland {bbrumley,ntuveri}@tcs.hut.fi Synopsis New remote timing attack vulnerability in OpenSSLs implementation of Montgomerys

487 views • 25 slides
Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l. 2018/12/06 Agenda 2 STM32 Nucleo Boards STM32 Firewall Cache-Timing Attack Evict&Time vs. MbedTLS AES on STM32

477 views • 20 slides
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

IEEE S&P 2016 No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis May 24, 2016 Wenrui Diao , Xiangyu Liu, Zhou Li, and Kehuan Zhang 2/18 Motivation -- Hardware and Kernel Mobile platform

700 views • 21 slides
The strong, silent type Alarm clock | Introduction That wakes you up in a different way

The strong, silent type Alarm clock | Introduction That wakes you up in a different way

Alarm clock | Introduction The strong, silent type Alarm clock | Introduction That wakes you up in a different way Alarm clock | Features Wake up to flashing lights High intensity LED flash Same type as a modern camera or a cell

337 views • 30 slides
Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale

Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale

Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale University http://dedis.cs.yale.edu/ Ramakrishna Gummadi University of Massechusetts Amherst CCSW, October 8, 2010 Timing Attacks Cooperative attacks

471 views • 30 slides
Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA Werner Schindler Bundesamt f ur Sicherheit in der Werner Schindler

553 views • 23 slides
Site-swap Juggling Ingredients: Two hands (L and R) Some balls to throw A clock,

Site-swap Juggling Ingredients: Two hands (L and R) Some balls to throw A clock,

Site-swap Juggling Ingredients: Two hands (L and R) Some balls to throw A clock, ticking through the integers . . . , 2 , 1 , 0 , 1 , 2 , . . . A sequence . . . , h 2 , h 1 , h 0 , h 1 , h 2 , . . . of throw heights

433 views • 20 slides
Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University http://dedis.cs.yale.edu/ USENIX HotCloud, June 13, 2012 The Long History of Timing Attacks Cooperative attacks apply to: Mandatory Access

359 views • 21 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (5/1/07) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (5/1/07) I E S R C E O V U

Digital Systems Clock Distribution I CMPE 650 Clock Characteristics Clock signals must toggle twice (full cycle) for each single transition for data. Clock wires also tend to be very heavily loaded nets because they typically fan-out to every

490 views • 19 slides
CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This paper reports successful Thanks to: extraction of a complete AES key University of Illinois at Chicago from a network server NSF CCR9983950 on

1.28k views • 91 slides
C H A P T E R F I V E 223 5.2 Memory Types clk a 1 a 2 A en FIG U R E 5.11 Timing for a fl

C H A P T E R F I V E 223 5.2 Memory Types clk a 1 a 2 A en FIG U R E 5.11 Timing for a fl

C H A P T E R F I V E 223 5.2 Memory Types clk a 1 a 2 A en FIG U R E 5.11 Timing for a fl ow-through SSRAM. wr xx D_in xx M( a 2 ) D_out Again, these values are stored on the next clock edge, and during the third cycle the SSRAM

253 views • 11 slides

More recommend