Attacking suggest boxes in web applications over https using stochastic side-channel algorithms - Télécom Paris Accéder directement au contenu
Communication Dans Un Congrès Année : 2014

Attacking suggest boxes in web applications over https using stochastic side-channel algorithms

Résumé

Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client’s search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. Finally, we present some methods to mitigate such side-channel leaks.
Fichier principal
Vignette du fichier
201408schschholcalljoltouheuguirio.pdf.pdf (1.5 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-02288408 , version 1 (10-08-2022)

Identifiants

Citer

Alexander Schaub, Emmanuel Schneider, Alexandros Hollender, Vinicius Calasans, Laurent Jolie, et al.. Attacking suggest boxes in web applications over https using stochastic side-channel algorithms. 9th International Conference on Risks and Security of Internet and Systems (CRISIS 2014), Aug 2014, Trente, Italy. ⟨10.1007/978-3-319-17127-2_8⟩. ⟨hal-02288408⟩
54 Consultations
25 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More