Skip to Main content Skip to Navigation
Conference papers

Attacking suggest boxes in web applications over https using stochastic side-channel algorithms

Alexander Schaub 1, 2 Emmanuel Schneider Alexandros Hollender Vinicius Calasans Laurent Jolie Robin Touillon Annelie Heuser 1, 2, 3 Sylvain Guilley 3, 2 Olivier Rioul 1, 2
1 COMNUM - Communications Numériques
LTCI - Laboratoire Traitement et Communication de l'Information
2 COMELEC - Département Communications & Electronique
3 SSH - Secure and Safe Hardware
LTCI - Laboratoire Traitement et Communication de l'Information
Abstract : Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client’s search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. Finally, we present some methods to mitigate such side-channel leaks.
Document type :
Conference papers
Complete list of metadata
https://hal.telecom-paris.fr/hal-02288408
Contributor : Telecomparis Hal <>
Submitted on : Saturday, September 14, 2019 - 6:46:58 PM
Last modification on : Tuesday, September 21, 2021 - 2:16:05 PM

Identifiers

  • HAL Id : hal-02288408, version 1

Collections

INSMI | LTCI | PARISTECH | INSTITUT-TELECOM | COMELEC | COMNUM | SSH

Citation

Alexander Schaub, Emmanuel Schneider, Alexandros Hollender, Vinicius Calasans, Laurent Jolie, et al.. Attacking suggest boxes in web applications over https using stochastic side-channel algorithms. 9th International Conference on Risks and Security of Internet and Systems (CRISIS 2014), Aug 2014, Trente, Italy. ⟨hal-02288408⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

43