Communications of the ACM
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Timing analysis of keystrokes and timing attacks on SSH
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Efficient Cache Attacks on AES, and Countermeasures
Journal of Cryptology
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Proceedings of the 17th ACM conference on Computer and communications security
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Cache-collision timing attacks against AES
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
With the proliferation of web applications and web services, attacks such as cross-site scripting (XSS), SQL injection etc have increased dramatically. Apart from these well known attacks, it has been shown that side-channel leaks in web applications can be used to infer sensitive user information - [5]. For example, a side-channel attack may use the packet traffic pattern between client and server to gain sensitive information about the user. We explore the practicality of one such side-channel attack where the attacker deduces what was entered in the search suggest box (auto complete user input) by just observing the sizes of the packets exchanged between a user and an access point. All packets are exchanged between the two entities in a WPA/WPA2 secured WiFi network. The attack succeeds despite the packets being encrypted. We present complete details of our attack and report its effectiveness on well known sites such as Google, YouTube and Wikipedia.