Next Article in Journal
SERS Taper-Fiber Nanoprobe Modified by Gold Nanoparticles Wrapped with Ultrathin Alumina Film by Atomic Layer Deposition
Next Article in Special Issue
Approximate Sensory Data Collection: A Survey
Previous Article in Journal
Hybrid ARQ Scheme with Autonomous Retransmission for Multicasting in Wireless Sensor Networks
Previous Article in Special Issue
A Mobility-Aware Adaptive Duty Cycling Mechanism for Tracking Objects during Tunnel Excavation
Article Menu
Issue 3 (March) cover image

Export Article

Open AccessArticle
Sensors 2017, 17(3), 464; doi:10.3390/s17030464

Toward Exposing Timing-Based Probing Attacks in Web Applications

1
School of Electronic and Information Engineering, Beihang University, 37 Xueyuan Road, Beijing 100191, China
2
Department of Computer Science, National University of Singapore, 13 Computing Drive, Singapore 117417, Singapore
This paper is an extended version of our paper published in the 11th International Conference on Wireless Algorithms, Systems, and Applications (WASA’16).
*
Author to whom correspondence should be addressed.
Academic Editor: Dongkyun Kim
Received: 31 October 2016 / Revised: 23 January 2017 / Accepted: 16 February 2017 / Published: 25 February 2017
View Full-Text   |   Download PDF [2454 KB, uploaded 28 February 2017]   |  

Abstract

Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users’ browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach. View Full-Text
Keywords: side channel; probing attack; web security; privacy side channel; probing attack; web security; privacy
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Mao, J.; Chen, Y.; Shi, F.; Jia, Y.; Liang, Z. Toward Exposing Timing-Based Probing Attacks in Web Applications. Sensors 2017, 17, 464.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top