Next Article in Journal
SERS Taper-Fiber Nanoprobe Modified by Gold Nanoparticles Wrapped with Ultrathin Alumina Film by Atomic Layer Deposition
Next Article in Special Issue
Approximate Sensory Data Collection: A Survey
Previous Article in Journal
Hybrid ARQ Scheme with Autonomous Retransmission for Multicasting in Wireless Sensor Networks
Previous Article in Special Issue
A Mobility-Aware Adaptive Duty Cycling Mechanism for Tracking Objects during Tunnel Excavation
Open AccessArticle

Toward Exposing Timing-Based Probing Attacks in Web Applications

1
School of Electronic and Information Engineering, Beihang University, 37 Xueyuan Road, Beijing 100191, China
2
Department of Computer Science, National University of Singapore, 13 Computing Drive, Singapore 117417, Singapore
*
Author to whom correspondence should be addressed.
This paper is an extended version of our paper published in the 11th International Conference on Wireless Algorithms, Systems, and Applications (WASA’16).
Academic Editor: Dongkyun Kim
Sensors 2017, 17(3), 464; https://doi.org/10.3390/s17030464
Received: 31 October 2016 / Revised: 23 January 2017 / Accepted: 16 February 2017 / Published: 25 February 2017
Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users’ browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach. View Full-Text
Keywords: side channel; probing attack; web security; privacy side channel; probing attack; web security; privacy
Show Figures

Figure 1

MDPI and ACS Style

Mao, J.; Chen, Y.; Shi, F.; Jia, Y.; Liang, Z. Toward Exposing Timing-Based Probing Attacks in Web Applications. Sensors 2017, 17, 464.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop