Skip to Main content Skip to Navigation
Conference papers

Attacking suggest boxes in web applications over https using stochastic side-channel algorithms

Alexander Schaub 1, 2 Emmanuel Schneider Alexandros Hollender Vinicius Calasans Laurent Jolie Robin Touillon Annelie Heuser 1, 2, 3 Sylvain Guilley 3, 2 Olivier Rioul 1, 2 
1 COMNUM - Communications Numériques
LTCI - Laboratoire Traitement et Communication de l'Information
3 SSH - Secure and Safe Hardware
LTCI - Laboratoire Traitement et Communication de l'Information
Abstract : Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client’s search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. Finally, we present some methods to mitigate such side-channel leaks.
Complete list of metadata

https://hal.telecom-paris.fr/hal-02288408
Contributor : TelecomParis HAL Connect in order to contact the contributor
Submitted on : Saturday, September 14, 2019 - 6:46:58 PM
Last modification on : Tuesday, October 19, 2021 - 11:16:44 AM

Identifiers

  • HAL Id : hal-02288408, version 1

Citation

Alexander Schaub, Emmanuel Schneider, Alexandros Hollender, Vinicius Calasans, Laurent Jolie, et al.. Attacking suggest boxes in web applications over https using stochastic side-channel algorithms. 9th International Conference on Risks and Security of Internet and Systems (CRISIS 2014), Aug 2014, Trente, Italy. ⟨hal-02288408⟩

Share

Metrics

Record views

25