Proceedings of the 7th ACM conference on Computer and communications security
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
Exposing private information by timing web applications
Proceedings of the 16th international conference on World Wide Web
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
Timing attacks rely on systems taking varying amounts of time to process different input values. This is usually the result of either conditional branching in code or differences in input size. Using CSS default filters, we have discovered a variety of timing attacks that work in multiple browsers and devices. The first attack exploits differences in time taken to render various DOM trees. This knowledge can be used to determine boolean values such as whether or not a user has an account with a particular website. Second, we introduce pixel stealing. Pixel stealing attacks can be used to sniff user history and read text tokens.