Attacking suggest boxes in web applications over https using stochastic side-channel algorithms

Alexander Schaub; Emmanuel Schneider; Alexandros Hollender; Vinicius Calasans; Laurent Jolie; Robin Touillon; Annelie Heuser; Sylvain Guilley; Olivier Rioul

doi:10.1007/978-3-319-17127-2_8

Conference Papers Year : 2014

Attacking suggest boxes in web applications over https using stochastic side-channel algorithms

(1, 2) , , , , , , (1, 2, 3) , (3, 2) , (1, 2)

1
2
3

Alexander Schaub

Function : Author

Communications Numériques

Département Communications & Electronique

Emmanuel Schneider

Function : Author

Alexandros Hollender

Function : Author

Vinicius Calasans

Function : Author

Laurent Jolie

Function : Author

Robin Touillon

Function : Author

Annelie Heuser

Function : Author
PersonId : 10704
IdHAL : annelie-heuser

Communications Numériques

Département Communications & Electronique

Secure and Safe Hardware

Sylvain Guilley

Function : Author
PersonId : 16208
IdHAL : sylvain-guilley
ORCID : 0000-0002-5044-3534
IdRef : 116845953

Secure and Safe Hardware

Département Communications & Electronique

Olivier Rioul

Function : Author
PersonId : 173699
IdHAL : rioul
ORCID : 0000-0002-8681-8916

Communications Numériques

Département Communications & Electronique

Abstract

Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client’s search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. Finally, we present some methods to mitigate such side-channel leaks.

Domains

Computer Science [cs] Cryptography and Security [cs.CR] Mathematics [math] Information Theory [math.IT]

Fichier principal

201408schschholcalljoltouheuguirio.pdf.pdf (1.5 Mo)

Origin : Files produced by the author(s)

TelecomParis HAL : Connect in order to contact the contributor

https://hal.telecom-paris.fr/hal-02288408

Submitted on : Wednesday, August 10, 2022-1:29:42 PM

Last modification on : Tuesday, February 28, 2023-3:36:24 PM

Long-term archiving on: Friday, November 11, 2022-6:46:01 PM

Dates and versions

hal-02288408 , version 1 (10-08-2022)

Identifiers

HAL Id : hal-02288408 , version 1
DOI : 10.1007/978-3-319-17127-2_8

Cite

Alexander Schaub, Emmanuel Schneider, Alexandros Hollender, Vinicius Calasans, Laurent Jolie, et al.. Attacking suggest boxes in web applications over https using stochastic side-channel algorithms. 9th International Conference on Risks and Security of Internet and Systems (CRISIS 2014), Aug 2014, Trente, Italy. ⟨10.1007/978-3-319-17127-2_8⟩. ⟨hal-02288408⟩

Export

BibTeX TEI Dublin Core DC Terms EndNote Datacite

Collections

INSTITUT-TELECOM INSMI PARISTECH LTCI COMELEC COMNUM SSH

52 View

8 Download

Attacking suggest boxes in web applications over https using stochastic side-channel algorithms

Abstract

Domains

Dates and versions

Identifiers

Cite

Export

Collections

Altmetric

Share