Scriptless Timing Attacks onWeb Browser Privacy

[Nytro]

Scriptless Timing Attacks onWeb Browser Privacy

Mario Heiderich

Ruhr-University Bochum, Germany

mario.heiderich@rub.de

Bin Liang, Wei You, Liangkun Liu, Wenchang Shi

Renmin University of China, Beijing, P. R. China

{liangb, youwei, lacon, wenchang}@ruc.edu.cn

Abstract—The existing Web timing attack methods are

heavily dependent on executing client-side scripts to measure

the time. However, many techniques have been proposed to

block the executions of suspicious scripts recently. This paper

presents a novel timing attack method to sniff users’ browsing

histories without executing any scripts. Our method is based

on the fact that when a resource is loaded from the local

cache, its rendering process should begin earlier than when it

is loaded from a remote website. We leverage some Cascading

Style Sheets (CSS) features to indirectly monitor the rendering

of the target resource. Three practical attack vectors are

developed for different attack scenarios and applied to six

popular desktop and mobile browsers. The evaluation shows

that our method can effectively sniff users’ browsing histories

with very high precision. We believe that modern browsers

protected by script-blocking techniques are still likely to suffer

serious privacy leakage threats.

Keywords-timing attack; scriptless attack; Web privacy;

browsing history;

Download: http://www.nds.rub.de/media/nds/veroeffentlichungen/2014/07/09/DSN_paper.pdf