Implementing side-channel attacks on suggest boxes in web applications

Authors:
Sampreet A. Sharma;Bernard L. Menezes
Affiliations:
IIT-Bombay, Powai, Mumbai, India;IIT-Bombay, Powai, Mumbai, India
Venue:
Proceedings of the First International Conference on Security of Internet of Things
Year:
2012

Citing 12
Cited 0

Trie memory

Communications of the ACM
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Timing analysis of keystrokes and timing attacks on SSH

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Remote timing attacks are practical

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Proceedings of the 16th ACM conference on Computer and communications security
Efficient Cache Attacks on AES, and Countermeasures

Journal of Cryptology
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Sidebuster: automated detection and quantification of side-channel leaks in web application development

Proceedings of the 17th ACM conference on Computer and communications security
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Cache-collision timing attacks against AES

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the proliferation of web applications and web services, attacks such as cross-site scripting (XSS), SQL injection etc have increased dramatically. Apart from these well known attacks, it has been shown that side-channel leaks in web applications can be used to infer sensitive user information - [5]. For example, a side-channel attack may use the packet traffic pattern between client and server to gain sensitive information about the user. We explore the practicality of one such side-channel attack where the attacker deduces what was entered in the search suggest box (auto complete user input) by just observing the sizes of the packets exchanged between a user and an access point. All packets are exchanged between the two entities in a WPA/WPA2 secured WiFi network. The attack succeeds despite the packets being encrypted. We present complete details of our attack and report its effectiveness on well known sites such as Google, YouTube and Wikipedia.