Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms?

Er Schaub; Emmanuel Schneider; Ros Hollender; Vinicius Calasans; Laurent Jolie; Robin Touillon; Annelie Heuser; Sylvain Guilley; Olivier Rioul

text

oai:CiteSeerX.psu:10.1.1.691.1189

Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms?

Authors: Er Schaub
Emmanuel Schneider
Ros Hollender
Vinicius Calasans
Laurent Jolie
Robin Touillon
Annelie Heuser
Sylvain Guilley
Olivier Rioul
Publication date: 14 November 2015
Publisher
Doi

Abstract

Abstract. Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical anal-ysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client’s search query. In contrast to previous works, due to payload randomization and compres-sion, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. They yield, for the French language, an exact recovery of search word in more than 30 % of the cases. Finally, we present some methods to mitigate such side-channel leaks

Similar works

Full text

CiteSeerX

oai:CiteSeerX.psu:10.1.1.691.1...

Last time updated on 29/10/2017

This paper was published in CiteSeerX.

Having an issue?

Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.