Attacking suggest boxes in web applications over https using stochastic side-channel algorithms

Abstract :

Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client’s search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. Finally, we present some methods to mitigate such side-channel leaks.

Complete list of metadatas

https://hal.telecom-paristech.fr/hal-02288408
Contributor : Telecomparis Hal <>
Submitted on : Saturday, September 14, 2019 - 6:46:58 PM
Last modification on : Monday, September 16, 2019 - 9:20:15 AM

Identifiers

  • HAL Id : hal-02288408, version 1

Citation

Alexander Schaub, Emmanuel Schneider, Alexandros Hollender, Vinicius Calasans, Laurent Jolie, et al.. Attacking suggest boxes in web applications over https using stochastic side-channel algorithms. 9th International Conference on Risks and Security of Internet and Systems (CRISIS 2014), Aug 2014, Trente, Italy. ⟨hal-02288408⟩

Share

Metrics

Record views

9