Cache Timing Attacks Revisited: Efficient and Repeatable Browser History, OS and Network Sniffing

Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 455)


Cache Timing Attacks (CTAs) have been shown to leak Web browsing history. Until recently, they were deemed a limited threat to individuals’ privacy because of their narrow attack surface and vectors, and a lack of robustness and efficiency. Our attack implementation exploits the Web Worker APIs to parallelise cache probing (300 requests/second) and applies time-outs on cache requests to prevent cache pollution. We demonstrate robust cache attacks at the browser, operating system and Web proxy level. Private browsing sessions, HTTPS and corporate intranets are vulnerable. Through case studies of (1) anti-phishing protection in online banking, (2) Web search using the address bar in browsers, (3) publishing of personal images in social media, and (4) use of desktop search, we show that CTAs can seriously compromise privacy and security of individuals and organisations. Options for protection from CTAs are limited. The lack of effective defence, and the ability to mount attacks without cooperation of other websites, makes the improved CTAs serious contenders for cyber-espionage and a broad consumer and corporate surveillance.


Privacy Cache timing attacks Cyber-security Cyber-espionage Browser history sniffing 


  1. 1.
    Mozilla Developer Network and individual contributors, Same-origin policy (2014).
  2. 2.
    Gomer, R., Rodrigues, E.M., Milic-Frayling, N., Schraefel, M.: Network analysis of third party tracking: User exposure to tracking cookies through search. In: IEEE/WIC/ACM Int. J. Conf. on Web Intelligence and Intelligent Agent Tech. (2013)Google Scholar
  3. 3.
    Carrascal, J.P., Riederer, C., Erramilli, V., Cherubini, M., de Oliveira, R.: Your browsing behavior for a big mac: economics of personal information online. In: Proceedings of the 22nd International Conference on World Wide Web (WWW 2013) (2013)Google Scholar
  4. 4.
    TRUSTe, Behavioral Targeting: Not that Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting, March 4, 2009.
  5. 5.
    Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (2000)Google Scholar
  6. 6.
    Jackson, C., Bortz, A., Boneh, D., Mitchell, J.C.: Protecting browser state from web privacy attacks. In: Proc. of the 15th Int. Conf. on World Wide Web (WWW) (2006)Google Scholar
  7. 7.
    Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A Practical attack to de-anonymize social network users. In: IEEE Symposium on Security and Privacy (SP) (2010)Google Scholar
  8. 8.
    Jackson, C.: SafeCache: Add-ons for Firefox (2006).
  9. 9.
    Jia, Y., Dongy, X., Liang, Z., Saxena, P.: I Know Where You’ve Been: Geo-Inference Attacks via the Browser Cache. IEEE Internet Computing (2014) (forthcoming)Google Scholar
  10. 10.
    Yan, G., Chen, G., Eidenbenz, S., Li, N.: Malware propagation in online social networks: nature, dynamics, and defense implications. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2011)Google Scholar
  11. 11.
    Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N: The ghost in the browser: analysis of web-based malware. In: First Workshop on Hot Topics in Understanding Botnets (HotBots) (2007)Google Scholar
  12. 12.
    Zalewski, M.: Chrome & Opera PoC: rapid history extraction through non-destructive cache timing, December 2011.
  13. 13.
    Youll, J.: Fraud vulnerabilities in sitekey security at Bank of America (2006).
  14. 14.
    Alexa Internet, Inc., Top Sites in United States (2014).
  15. 15.
    Facebook, Company Info | Facebook Newsroom (2014).
  16. 16.
    Bonneau, J., Preibusch, S.: The privacy jungle: on the market for data protection in social networks. In: Eighth Workshop on the Economics of Information Security (WEIS 2009) (2009)Google Scholar
  17. 17.
    Pironti, A., Strub, P.-Y., Bhargavan, K.: Identifying Website Users by TLS Traffic Analysis: New Attacks and Effective Countermeasures. INRIA (2012)Google Scholar
  18. 18.
    Chen, S., Wang, R., Wang, X., Zhang, K.: Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In: IEEE Symposium on Security and Privacy (SP 2010) (2010)Google Scholar
  19. 19.
  20. 20., CDN market share in the Alexa top 1K (2014).
  21. 21.
  22. 22.
    MozillaZine Knowledge base, Browser.cache.disk cache ssl (2014).
  23. 23.
    W3C, Resource Timing (2014).
  24. 24.
    Acar, G., Juarez, M., Nikiforakis, N., Diaz, C., Gürses, S., Piessens, F., Preneel, B.: FPDetective: dusting the web for fingerprinters. In: ACM SIGSAC Conference on Computer and Communications Security (CCS) (2013)Google Scholar
  25. 25.
    Holter, M.: KISSmetrics Settles ETags Tracking Class Action Lawsuit. Top Class Actions LLC, October 22, 2012.

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  1. 1.Microsoft ResearchBangaloreIndia
  2. 2.Microsoft ResearchCambridgeUK

Personalised recommendations