Cross-site Search Attacks: Practical Side-channel Privacy Attacks on Web Services
Amir Herzberg, Bar Ilan University
July 27, 2015 2:30pm, in DC 1304
Cross-site search (XS-search) attacks circumvent the same-origin policy and extract sensitive information, by using the time it takes for the browser to receive responses to search queries. This side-channel is usually considered impractical, due to the limited attack duration and high variability of delays. This may be true for naive XS-search attacks; however, we show that the use of better tools facilitates effective XS-search attacks, exposing information efficiently and precisely.
We present and evaluate three types of tools: (1) appropriate statistical tests, (2) amplification of the timing side-channel, by `inflating' communication or computation, and (3) optimized, tailored divide-and-conquer algorithms, to identify terms from large `dictionaries'. These techniques may be applicable in other scenarios.
We implemented and evaluated the attacks against the popular Gmail and Bing services, in several environments and ethical experiments, taking careful, IRB-approved measures to avoid exposure of personal information. Try a demo of the attack that efficiently extracts the name of authenticated Gmail user online in http://xssearch.weebly.com/.
Joint work with Nethanel Gelernter.
Prof. Amir Herzberg is a tenured professor in the department of computer science, Bar Ilan university. He received B.Sc. (1982, Computer Engineering), M.Sc. (1987, Electrical Engineering) and D.Sc. (1991, Computer Science), all from the Technion, Israel. His current research interests include Network security, Applied cryptography, Privacy, anonymity and covert communication, Cyber-security, Usable security and social-engineering attacks, Financial cryptography, Trust management, Network protocols and distributed algorithms, Security of and using new network paradigms.
He filled research and management positions in IBM Research, Israeli Defense Forces and several companies, and is consulting when time allows.