AppSec Europe 2016 has ended
Back To Schedule
Thursday, June 30 • 15:00 - 15:45
The Timing Attacks They Are a-Changin'

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

An interesting class of attacks is one where an adversary tries to obtain secret information not by directly abusing a programming flaw, but rather by inferring the secret from certain side-effects of applications. These so-called side-channel attacks originate from the world of cryptography, where side-effects such as power consumption or electromagnetic radiation are shown to sometimes leak information about a secret key. Interestingly, these attacks are not just limited to cryptosystems, but can be applied in the context of the web as well. However, the side-effects that can be observed in the context of the web, are often substantially different from what can be observed in cryptosystems. For instance, it can be generally assumed that an adversary does not have physical access to targeted machine, making attacks such as power-analysis, acoustic cryptanalysis and electromagnetic attacks impossible. 

Nevertheless, a side-effect that can be observed, and may leak private data, is timing information. By measuring the time required to perform certain actions, attackers can leverage this information to extract information that should be kept private. Although timing attacks in the web have been discovered well over a decade ago, they have received relatively little attention. The most probable reason for that is that these classic timing attacks may be quite unreliable as the timing measurements fully depend on the condition of the victim's network connection. This means that any network irregularity, or variation in latency at the side of the victim may prevent an attacker from learning any personal information using timing attacks. 

In our research, we explored methods that can be used by adversaries to perform timing attacks that are not limited to the restrictions of these classic timing attacks. More concretely, we found that various browser features expose sensitive timing information related to the size of resources when these are parsed. Furthermore, since the size of certain resources often reflect the state of the user, this new class of timing attacks allows adversaries to rapidly obtain information on a victim's state at numerous websites. Because the timing measurement starts _after_ a resource has been downloaded, the measurement is no longer influenced by network irregularities, resulting in a significantly improved performance. 

To evaluate the gravity of this new class of timing attacks, we evaluated several popular web services for the presence of timing attacks, as well as their ramifications. We found that an adversary can easily discover the personal interests, search history, and demographics (age, geographical location, gender, ...) of any unwitting victim within a few seconds. In our evaluation, we describe various attack scenarios where adversaries can leverage timing information on resources provided by some of the most popular websites to obtain this personal information from any user visiting an attacker-controlled web page. 

Finally, motivated by the severe consequences of these new timing attacks, we explored possible mitigations. We point out that countermeasures can be applied either on the side of the client, or that of the server. Unfortunately, the presence of the timing side-channels in browsers is inherent to their design, i.e. browsers are designed to process resources as soon as possible, and trigger an event to notify the completion. As a result, eradicating timing attacks at the browser-level would most likely require a drastic redesign of the browser architecture, which is unlikely to happen in the near future. Alternatively, mitigating timing attacks on the server side is currently a more viable option. By making the observation that, in essence, timing attacks are strongly related to cross-site request forgery (CSRF) attacks, one can prevent them in a similar fashion.

avatar for Tom Van Goethem

Tom Van Goethem

imec-DistriNet - KU Leuven

Thursday June 30, 2016 15:00 - 15:45 CEST
Room C (Tiziano Ballroom Sec. 2)