I Know Where You've Been: Geo-Inference Attacks via the Browser Cache

Jia, Yaoqi; Dong, Xinshu; Liang, Zhenkai; Saxena, Prateek

doi:10.1109/mic.2014.103

Cited by 30 publications

(29 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The selected experiment results shown in Figure 1 demonstrate that probing websites inevitably invoked some APIs to accumulate privacy information. For example, during the period of our measurement, Date.getTime() is invoked 860 times by a site preforming geo-location inference [18] Therefore, the challenge is to distinguish the repetitive behavior of timing probing attacks, from that of legitimate web applications. From the generalized attack behavior described above, we can see that the distinguishing feature of timing-based probing attacks is the repetition of a group of behaviors (T 1 , W, T 2 ), including a pair of actions to obtain the time and activities for the task.…”

Section: Challengementioning

confidence: 99%

“…We illustrate the basic principle of the cache-based probing attack in Figure 6. To evaluate the effectiveness of the web caching-based attack, we use the attack proposed by Jia et al [18] as the test case. In this attack, a malicious web page needs to measure the loading time of image files, so it is required to call the Date.getTime function after the image is loaded.…”

Section: Web Caching-based Timing Probing Attackmentioning

confidence: 99%

“…Therefore, considering this calibration step, the average probability of a successful attack, P, should be P = n−4 m . In the practical attack discussed by Jia et al [18], the amount of map tiles of New York City is 4646, that is m = 4646. The probability of a successful attack with n times probing is shown in Figure 14.…”

Section: Web Caching-based Timing Probing Attackmentioning

confidence: 99%

See 2 more Smart Citations

Toward Exposing Timing-Based Probing Attacks in Web Applications

Mao

Chen

Shi

et al. 2016

Wireless Algorithms, Systems, and Applications

Self Cite

View full text Add to dashboard Cite

Abstract:Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users' browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach.

show abstract

Section: Challengementioning

confidence: 99%

Section: Web Caching-based Timing Probing Attackmentioning

confidence: 99%

Section: Web Caching-based Timing Probing Attackmentioning

confidence: 99%

See 1 more Smart Citation

Toward Exposing Timing-Based Probing Attacks in Web Applications

Mao

Chen

Shi

et al. 2016

Wireless Algorithms, Systems, and Applications

Self Cite

View full text Add to dashboard Cite

show abstract

“…In an inference attack, when any of the adversarial peers is the responder/initiator of a request, the adversary can definitely determine which peer is the initiator/responder of the request. By profiling a user's browsing history and preferences with the inference attack, the adversary can infer the victim's digital identity [72] and precise geolocation [52], as well as further abuse the sensitive information for spear phishing, personally targeted advertisements, or even social engineering attacks [54]. Inference attacks in peer-assisted CDNs have not been carefully studied.…”

Section: Inference Attacks and Real-world Examplesmentioning

confidence: 99%

“…For example, a user's digital identity can be revealed when visiting social network websites [72]; visiting map service/political websites reflects a user's geolocation/political orientation [52]. Revealing a user's browsing history will significantly leak the user's privacy.…”

Section: Introductionmentioning

confidence: 99%

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Jia

Bai

Saxena

et al. 2016

Proceedings on Privacy Enhancing Technologies

Self Cite

View full text Add to dashboard Cite

Abstract:The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peerassisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peerassisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains.

show abstract

Rotten Cellar: Security and Privacy of the Browser Cache Revisited

2019

View full text Add to dashboard Cite

Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and allow Web pages to load faster. Content such as scripts, images, and style sheets, which are static most of the time or shared across multiple websites, are stored and loaded locally when recurring requests ask for cached resources. This behaviour can be exploited if the cache is based on a naive implementation. This paper summarises possible attacks on the browser cache and shows through extensive experiments that even modern web browsers still do not provide enough safeguards to protect their users. Moreover, the available built-in as well as addable cache controls offer rather limited functionality in terms of protection and ease of use. Due to the volatile and inhomogeneous APIs for controlling the cache in modern browsers, the development of enhanced user-centric cache controls remains-until further notice-in the hands of browser manufacturers.

show abstract

I Know Where You've Been: Geo-Inference Attacks via the Browser Cache

Cited by 30 publications

References 9 publications

Toward Exposing Timing-Based Probing Attacks in Web Applications

Toward Exposing Timing-Based Probing Attacks in Web Applications

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Rotten Cellar: Security and Privacy of the Browser Cache Revisited

Contact Info

Product

Resources

About