Abstract
Cache Timing Attacks (CTAs) have been shown to leak Web browsing history. Until recently, they were deemed a limited threat to individuals’ privacy because of their narrow attack surface and vectors, and a lack of robustness and efficiency. Our attack implementation exploits the Web Worker APIs to parallelise cache probing (300 requests/second) and applies time-outs on cache requests to prevent cache pollution. We demonstrate robust cache attacks at the browser, operating system and Web proxy level. Private browsing sessions, HTTPS and corporate intranets are vulnerable. Through case studies of (1) anti-phishing protection in online banking, (2) Web search using the address bar in browsers, (3) publishing of personal images in social media, and (4) use of desktop search, we show that CTAs can seriously compromise privacy and security of individuals and organisations. Options for protection from CTAs are limited. The lack of effective defence, and the ability to mount attacks without cooperation of other websites, makes the improved CTAs serious contenders for cyber-espionage and a broad consumer and corporate surveillance.
Chapter PDF
References
Mozilla Developer Network and individual contributors, Same-origin policy (2014). https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
Gomer, R., Rodrigues, E.M., Milic-Frayling, N., Schraefel, M.: Network analysis of third party tracking: User exposure to tracking cookies through search. In: IEEE/WIC/ACM Int. J. Conf. on Web Intelligence and Intelligent Agent Tech. (2013)
Carrascal, J.P., Riederer, C., Erramilli, V., Cherubini, M., de Oliveira, R.: Your browsing behavior for a big mac: economics of personal information online. In: Proceedings of the 22nd International Conference on World Wide Web (WWW 2013) (2013)
TRUSTe, Behavioral Targeting: Not that Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting, March 4, 2009. http://www.truste.com/about-TRUSTe/press-room/news_truste_behavioral_targeting_survey
Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (2000)
Jackson, C., Bortz, A., Boneh, D., Mitchell, J.C.: Protecting browser state from web privacy attacks. In: Proc. of the 15th Int. Conf. on World Wide Web (WWW) (2006)
Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A Practical attack to de-anonymize social network users. In: IEEE Symposium on Security and Privacy (SP) (2010)
Jackson, C.: SafeCache: Add-ons for Firefox (2006). https://addons.mozilla.org/en-US/firefox/addon/safecache/
Jia, Y., Dongy, X., Liang, Z., Saxena, P.: I Know Where You’ve Been: Geo-Inference Attacks via the Browser Cache. IEEE Internet Computing (2014) (forthcoming)
Yan, G., Chen, G., Eidenbenz, S., Li, N.: Malware propagation in online social networks: nature, dynamics, and defense implications. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2011)
Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N: The ghost in the browser: analysis of web-based malware. In: First Workshop on Hot Topics in Understanding Botnets (HotBots) (2007)
Zalewski, M.: Chrome & Opera PoC: rapid history extraction through non-destructive cache timing, December 2011. http://lcamtuf.coredump.cx/cachetime/chrome.html
Youll, J.: Fraud vulnerabilities in sitekey security at Bank of America (2006). www.cr-labs.com/publications/SiteKey-20060718.pdf
Alexa Internet, Inc., Top Sites in United States (2014). http://www.alexa.com/topsites/countries/US
Facebook, Company Info | Facebook Newsroom (2014). https://newsroom.fb.com/company-info/
Bonneau, J., Preibusch, S.: The privacy jungle: on the market for data protection in social networks. In: Eighth Workshop on the Economics of Information Security (WEIS 2009) (2009)
Pironti, A., Strub, P.-Y., Bhargavan, K.: Identifying Website Users by TLS Traffic Analysis: New Attacks and Effective Countermeasures. INRIA (2012)
Chen, S., Wang, R., Wang, X., Zhang, K.: Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In: IEEE Symposium on Security and Privacy (SP 2010) (2010)
The BIG browser benchmark (January 2013 edition). http://www.zdnet.com/the-big-browser-benchmark-january-2013-edition-7000009776/
Datanyze.com, CDN market share in the Alexa top 1K (2014). http://www.datanyze.com/market-share/cdn/?selection=3
MSDN, HTTPS Caching and Internet Explorer - IEInternals (2010). http://blogs.msdn.com/b/ieinternals/archive/2010/04/21/internet-explorer-may-bypass-cache-for-cross-domain-https-content.aspx
MozillaZine Knowledge base, Browser.cache.disk cache ssl (2014). http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
W3C, Resource Timing (2014). http://www.w3.org/TR/resource-timing
Acar, G., Juarez, M., Nikiforakis, N., Diaz, C., Gürses, S., Piessens, F., Preneel, B.: FPDetective: dusting the web for fingerprinters. In: ACM SIGSAC Conference on Computer and Communications Security (CCS) (2013)
Holter, M.: KISSmetrics Settles ETags Tracking Class Action Lawsuit. Top Class Actions LLC, October 22, 2012. http://topclassactions.com/lawsuit-settlements/lawsuit-news/2731-kissmetrics-settles-etags-tracking-class-action-lawsuit/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bansal, C., Preibusch, S., Milic-Frayling, N. (2015). Cache Timing Attacks Revisited: Efficient and Repeatable Browser History, OS and Network Sniffing. In: Federrath, H., Gollmann, D. (eds) ICT Systems Security and Privacy Protection. SEC 2015. IFIP Advances in Information and Communication Technology, vol 455. Springer, Cham. https://doi.org/10.1007/978-3-319-18467-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-18467-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18466-1
Online ISBN: 978-3-319-18467-8
eBook Packages: Computer ScienceComputer Science (R0)