research-article

Implementing side-channel attacks on suggest boxes in web applications

Authors:

Sampreet A. Sharma,

Bernard L. MenezesAuthors Info & Claims

SecurIT '12: Proceedings of the First International Conference on Security of Internet of Things

Pages 57 - 62

https://doi.org/10.1145/2490428.2490436

Published: 17 August 2012 Publication History

Abstract

With the proliferation of web applications and web services, attacks such as cross-site scripting (XSS), SQL injection etc have increased dramatically. Apart from these well known attacks, it has been shown that side-channel leaks in web applications can be used to infer sensitive user information - [5]. For example, a side-channel attack may use the packet traffic pattern between client and server to gain sensitive information about the user. We explore the practicality of one such side-channel attack where the attacker deduces what was entered in the search suggest box (auto complete user input) by just observing the sizes of the packets exchanged between a user and an access point. All packets are exchanged between the two entities in a WPA/WPA2 secured WiFi network. The attack succeeds despite the packets being encrypted. We present complete details of our attack and report its effectiveness on well known sites such as Google, YouTube and Wikipedia.

References

[1]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. "Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds." ACM CCS 2009.

Digital Library

[2]

Dawn Song, David Wagner, and Xuqing Tian. "Timing Analysis of Keystrokes and SSH Timing Attacks," 10th USENIX Security Symposium, 2001

Digital Library

[3]

Charles Wright, Lucas Ballard, Scott Coulls, Fabian Monrose, and Gerald Masson. "Spot me if you can: recovering spoken phrases in encrypted VoIP conversations," in IEEE Symposium on Security and Privacy, May, 2008.

Digital Library

[4]

Yinqian Zhang, A. Juels, A. Oprea, and M. K. Reiter. HomeAlone: Co residency Detection in the Cloud via Side-Channel Analysis. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 313--328, May 2011.

Digital Library

[5]

Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang. 2010. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP '10). IEEE Computer Society, Washington, DC, USA, 191--206. DOI=10.1109/SP.2010.20 http://dx.doi.org/10.1109/SP.2010.20

Digital Library

[6]

Kehuan Zhang, Zhou Li, Rui Wang, XiaoFeng Wang, and Shuo Chen. 2010. Sidebuster: automated detection and quantification of side-channel leaks in web application development. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10). ACM, New York, NY, USA, 595--606. DOI=10.1145/1866307.1866374 http://doi.acm.org/10.1145/1866307.1866374

Digital Library

[7]

http://www.broadcom.com/docs/linux_sta/README.txt

[8]

https://help.ubuntu.com/community/WifiDocs/Driver/bcm43xx#Installing%20STA%20drivers

[9]

Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient Cache Attacks on AES, and Countermeasures. J. Cryptol. 23, 2 (January 2010), 37--71. DOI=10.1007/s00145-009-9049-y http://dx.doi.org/10.1007/s00145-009-9049-y

Digital Library

[10]

Joseph Bonneau and Ilya Mironov. 2006. Cache-collision timing attacks against AES. In Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems (CHES'06), Louis Goubin and Mitsuru Matsui (Eds.). Springer-Verlag, Berlin, Heidelberg, 201--215. DOI=10.1007/11894063_16 http://dx.doi.org/10.1007/11894063_16

Digital Library

[11]

D. Brumley and D. Boneh. "Remote timing attacks are practical," the 12th Usenix Security Symposium, 2003

Digital Library

[12]

Dawn Song, David Wagner, and Xuqing Tian. "Timing Analysis of Keystrokes and SSH Timing Attacks," 10th USENIX Security Symposium, 2001

Digital Library

[13]

http://www.wireshark.org

[14]

http://www.ubuntu.com

[15]

Paul C. Kocher, Joshua Joshua, and Benjamin Jun. Differential power analysis. In Advances in Cryptology - CRYPTO '99, pages 388--397, 1999.

[16]

Paul C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology - CRYPTO '96, pages 104--113, 1996.

[17]

Edward Fredkin. 1960. Trie memory. Commun. ACM 3, 9 (September 1960), 490--499. DOI=10.1145/367390.367400 http://doi.acm.org/10.1145/367390.367400

Digital Library

Cited By

Li DLin WLu BZhu Y(2022)Exploiting side-channel leaks in web traffic of incremental searchComputers and Security10.1016/j.cose.2021.102481111:COnline publication date: 9-Apr-2022
https://dl.acm.org/doi/10.1016/j.cose.2021.102481
Caviglione L(2022)Privacy-Leaking and Steganographic Threats in Wireless Connected EnvironmentsTowards a Wireless Connected World: Achievements and New Technologies10.1007/978-3-031-04321-5_2(17-34)Online publication date: 18-May-2022
https://doi.org/10.1007/978-3-031-04321-5_2
Kim JMonaco J(2021)User Identification in Dynamic Web Traffic via Deep Temporal Features2021 IEEE Security and Privacy Workshops (SPW)10.1109/SPW53761.2021.00048(282-290)Online publication date: May-2021
https://doi.org/10.1109/SPW53761.2021.00048
Show More Cited By

Index Terms

Implementing side-channel attacks on suggest boxes in web applications

Recommendations

Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
SP '10: Proceedings of the 2010 IEEE Symposium on Security and Privacy

With software-as-a-service becoming mainstream, more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is split into browser-side and server-side components. A subset of the application’s ...
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Modern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures
CompSysTech '12: Proceedings of the 13th International Conference on Computer Systems and Technologies

As the web pages today rely on Ajax and JavaScript, a larger attack surface becomes available. This paper presents in detail several different man-in-the-browser attacks against Ajax applications. We implemented browser extensions for Mozilla Firefox to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SecurIT '12: Proceedings of the First International Conference on Security of Internet of Things

August 2012

266 pages

ISBN:9781450318228

DOI:10.1145/2490428

General Chairs:
R. Chandrasekhar
Govt. of India
,
Andrew Tanenbaum
Vrije University, Netherlands
,
P. Venkat Rangan
Amrita University, India

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
TCG: Trusted Computing Group
Amrita: Amrita Vishwa Vidyapeetham
CSA: Computer Science Association

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SECURIT '12

Sponsor:

SIGSAC
TCG
Amrita
CSA

SECURIT '12: First International Conference on Security of Internet of Things

August 17 - 19, 2012

Kollam, India

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
233
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li DLin WLu BZhu Y(2022)Exploiting side-channel leaks in web traffic of incremental searchComputers and Security10.1016/j.cose.2021.102481111:COnline publication date: 9-Apr-2022
https://dl.acm.org/doi/10.1016/j.cose.2021.102481
Caviglione L(2022)Privacy-Leaking and Steganographic Threats in Wireless Connected EnvironmentsTowards a Wireless Connected World: Achievements and New Technologies10.1007/978-3-031-04321-5_2(17-34)Online publication date: 18-May-2022
https://doi.org/10.1007/978-3-031-04321-5_2
Kim JMonaco J(2021)User Identification in Dynamic Web Traffic via Deep Temporal Features2021 IEEE Security and Privacy Workshops (SPW)10.1109/SPW53761.2021.00048(282-290)Online publication date: May-2021
https://doi.org/10.1109/SPW53761.2021.00048
Kausar FAljumah SAlzaydi SAlroba R(2019)Traffic Analysis Attack for Identifying Users’ Online ActivitiesIT Professional10.1109/MITP.2018.287698821:2(50-57)Online publication date: 1-Mar-2019
https://doi.org/10.1109/MITP.2018.2876988
Oh SLi SHopper N(2017)Fingerprinting Keywords in Search Queries over TorProceedings on Privacy Enhancing Technologies10.1515/popets-2017-00482017:4(251-270)Online publication date: 10-Oct-2017
https://doi.org/10.1515/popets-2017-0048
Schaub ASchneider EHollender ACalasans VJolie LTouillon RHeuser AGuilley SRioul O(2015)Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic AlgorithmsRisks and Security of Internet and Systems10.1007/978-3-319-17127-2_8(116-130)Online publication date: 28-Apr-2015
https://doi.org/10.1007/978-3-319-17127-2_8

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents