Timing is everything: the importance of history detection

Authors:
Gunnar Kreitz
Affiliations:
KTH - Royal Institute of Technology
Venue:
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Year:
2011

Citing 10
Cited 1

Timing attacks on Web privacy

Proceedings of the 7th ACM conference on Computer and communications security
Invasive browser sniffing and countermeasures

Proceedings of the 15th international conference on World Wide Web
Cutting through the confusion: a measurement study of homograph attacks

ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Protecting browsers from dns rebinding attacks

Proceedings of the 14th ACM conference on Computer and communications security
Robust defenses for cross-site request forgery

Proceedings of the 15th ACM conference on Computer and communications security
Securing frame communication in browsers

Communications of the ACM - One Laptop Per Child: Vision vs. Reality
Lightweight self-protecting JavaScript

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
A Practical Attack to De-anonymize Social Network Users

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Web browser history detection as a real-world privacy threat

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy

Off-path attacking the web

WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work, we present a Flow Stealing attack, where a victim's browser is redirected during a legitimate flow. One scenario is redirecting the victim's browser as it moves from a store to a payment provider. We discuss two attack vectors. Firstly, browsers have long admitted an attack allowing a malicious web page to detect whether the browser has visited a target web site by using CSS to style visited links and read out the style applied to a link. For a long time, this CSS history detection attack was perceived as having small impact. Lately, highly efficient implementations of the attack have enabled malicious web sites to extract large amounts of information. Following this, browser developers have deployed measures to protect against the attack. Flow stealing demonstrates that the impact of history detection is greater than previously known. Secondly, an attacker who can mount a man-in-the-middle attack against the victim's network traffic can also perform a flow stealing attack. Noting that different browsers place different restrictions on cross-frame navigation through JavaScript window handles, we suggest a stricter policy based on pop-up blockers to prevent Flow Stealing attacks.