The Spy in the Sandbox

Oren, Yossi; Kemerlis, Vasileios P.; Sethumadhavan, Simha; Keromytis, Angelos D.

doi:10.1145/2810103.2813708

Cited by 184 publications

(45 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We evaluate D F based on the following metrics: [26]; "Clock-edge-m": an modified version of "Clock-edge"; "Img (S)": the image loading sidechannel attack [45] inferring two files with S size difference; "Script (S)": the script parsing side-channel attack [45] inferring two files with S size difference; "Script-implicitClock (2M)": a modified version of "Script (2M)" using setInter al as an implicit clock; "Cache attack": a side-channel attack [38]; "Cache-m": a covert channel modified from "Cache attack"; "SVG Filtering": the SVG filter attack from Stone [44]. )…”

Section: Discussionmentioning

confidence: 99%

“…Timing attacks have continuously posed a threat to modern web browsers, violating users' privacy. For example, an adversary can infer the size of an external, cross-site resource based on the loading time [45,46]; a website can fingerprint the type of the browser based on the performance of JavaScript [33,34]; two adversaries can talk to each other via a covert channel [38,45].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Deterministic Browser

Cao

Chen

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Timing attacks have been a continuous threat to users' privacy in modern browsers. To mitigate such attacks, existing approaches, such as Tor Browser and Fermata, add jitters to the browser clock so that an attacker cannot accurately measure an event. However, such defenses only raise the bar for an attacker but do not fundamentally mitigate timing attacks, i.e., it just takes longer than previous to launch a timing attack.In this paper, we propose a novel approach, called deterministic browser, which can provably prevent timing attacks in modern browsers. Borrowing from Physics, we introduce several concepts, such as an observer and a reference frame. Specifically, a snippet of JavaScript, i.e., an observer in JavaScript reference frame, will always obtain the same, fixed timing information so that timing attacks are prevented; at contrast, a user, i.e., an oracle observer, will perceive the JavaScript differently and do not experience the performance slowdown. We have implemented a prototype called D F and our evaluation shows that the prototype can defend against browser-related timing attacks. CCS CONCEPTS• Security and privacy → Browser security; Web application security;

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Deterministic Browser

Cao

Chen

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…The result is XORed with the round key x round . These three operations [8] SoC (single core) L1 Cache Spy process 16000 Xinjie et al [9] SoC (single core) L1 Cache Spy process 350 Liu et al [11] Bus-based MPSoC LLC -L3 Cache Spy process 33600 Oren et al [12] Bus-based MPSoC LLC -L3 Cache Browser process 5000 Yao et al [14] NoC-based MPSoC NoC Spy process Not mentioned Wassel [15] NoC-based MPSoC NoC Spy process Not mentioned Sepúlveda et al [16] NoC-based MPSoC NoC Spy process Not mentioned This work NoC-based MPSoC NoC (Shared Cache) Spy process 80 are pre-computed and stored in four tables (T 0 , T 1 , T 2 , T 3 ). Therefore, given a 16-byte plaintext p = (p 0 , .., p 15 ), encryption proceeds by computing a 16-byte intermediate state at each round r as presented by equation 1: …”

Section: B Memory Access In Aesmentioning

confidence: 99%

“…The typical timing leakage used by attackers are the cache memory, taking advantage that a cache miss and cache hit responses results in a huge difference on delay, where even the software can observe it. Previous Advanced Encryption Standard (AES) timing attacks focused on cache access monitoring are shown in [4][5] [6] [7][8] [9][10] [11] [12]. One of the most efficient timing attack technique is the Prime+Probe, proposed by Osvik et al [8].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Side channel attack on NoC-based MPSoCs are practical: NoC Prime+Probe attack

Reinbrecht¹,

Susin²,

Bossuet³

et al. 2016

2016 29th Symposium on Integrated Circuits and Systems Design (SBCCI)

View full text Add to dashboard Cite

Many authors have shown how to break the AES cryptographic algorithm with side channel attacks, specially the timing attacks oriented to caches, like Prime+Probe. In this paper, we present a practical timing attack on NoC that improves Prime+Probe technique. Our attack targets the communication between an ARM Cortex-A9 core and a shared cache memory. Furthermore, we evaluate a secure enhanced NoC applied as a countermeasure of the timing attack. Finally, we demonstrate that attacks on MPSoCs through the NoC are a real threat and need to be further explored.

show abstract