Sciweavers

CCS
2000
ACM

Timing attacks on Web privacy

14 years 4 months ago
Timing attacks on Web privacy
We describe a class of attacks that can compromise the privacy of users’ Web-browsing histories. The attacks allow a malicious Web site to determine whether or not the user has recently visited some other, unrelated Web page. The malicious page can determine this information by measuring the time the user’s browser requires to perform certain operations. Since browsers perform various forms of caching, the time required for operations depends on the user’s browsing history; this paper shows that the resulting time variations convey enough information to compromise users’ privacy. This attack method also allows other types of information gathering by Web sites, such as a more invasive form of Web “cookies”. The attacks we describe can be carried out without the victim’s knowledge, and most “anonymous browsing” tools fail to prevent them. Other simple countermeasures also fail to prevent these attacks. We describe a way of reengineering browsers to prevent most of them...
Edward W. Felten, Michael A. Schneider
Added 02 Aug 2010
Updated 02 Aug 2010
Type Conference
Year 2000
Where CCS
Authors Edward W. Felten, Michael A. Schneider
Comments (0)