Cross-origin pixel stealing: timing attacks using CSS filters

Authors:
Robert Kotcher;Yutong Pei;Pranjal Jumde;Collin Jackson
Affiliations:
Carnegie Mellon University, Pittsburgh, USA;Carnegie Mellon University, Pittsburgh, USA;Carnegie Mellon University, Pittsburgh, USA;Carnegie Mellon University - Silicon Valley, Moffett Field, USA
Venue:
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Year:
2013

Citing 5
Cited 0

Timing attacks on Web privacy

Proceedings of the 7th ACM conference on Computer and communications security
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Protecting browser state from web privacy attacks

Proceedings of the 15th international conference on World Wide Web
Exposing private information by timing web applications

Proceedings of the 16th international conference on World Wide Web
I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Timing attacks rely on systems taking varying amounts of time to process different input values. This is usually the result of either conditional branching in code or differences in input size. Using CSS default filters, we have discovered a variety of timing attacks that work in multiple browsers and devices. The first attack exploits differences in time taken to render various DOM trees. This knowledge can be used to determine boolean values such as whether or not a user has an account with a particular website. Second, we introduce pixel stealing. Pixel stealing attacks can be used to sniff user history and read text tokens.