Sciweavers

CCS
2015
ACM

The Clock is Still Ticking: Timing Attacks in the Modern Web

8 years 6 months ago
The Clock is Still Ticking: Timing Attacks in the Modern Web
Web-based timing attacks have been known for over a decade, and it has been shown that, under optimal network conditions, an adversary can use such an attack to obtain information on the state of a user in a cross-origin website. In recent years, desktop computers have given way to laptops and mobile devices, which are mostly connected over a wireless or mobile network. These connections often do not meet the optimal conditions that are required to reliably perform cross-site timing attacks. In this paper, we show that modern browsers expose new side-channels that can be used to acquire accurate timing measurements, regardless of network conditions. Using several real-world examples, we introduce four novel web-based timing attacks against modern browsers and describe how an attacker can use them to obtain personal information based on a user’s state on a cross-origin website. We evaluate our proposed attacks and demonstrate that they significantly outperform current attacks in term...
Tom van Goethem, Wouter Joosen, Nick Nikiforakis
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Tom van Goethem, Wouter Joosen, Nick Nikiforakis
Comments (0)