Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms

机译：使用侧通道随机算法通过HTTPS攻击Web应用程序中的建议框

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client's search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. They yield, for the French language, an exact recovery of search word in more than 30% of the cases. Finally, we present some methods to mitigate such side-channel leaks.

机译：Web应用程序会遭受几种类型的攻击。尤其是，边信道攻击在于对Web流量进行统计分析，以获得有关客户端的敏感信息。在本文中，我们研究了如何在搜索引擎（例如Google或Bing）上使用侧渠道泄漏来检索客户端的搜索查询。与以前的工作相比，由于有效载荷随机化和压缩，并非总是能够将搜索查询唯一地映射到网络流量签名，因此必须使用随机算法。对于法语，它们可以在30％以上的情况下准确恢复搜索词。最后，我们提出了一些减轻此类侧通道泄漏的方法。

著录项

来源
《International Conference on Risks and Security of Internet and Systems》|2015年|116-130|共15页
会议地点
作者
Alexander Schaub; Emmanuel Schneider; Alexandros Hollender; Vinicius Calasans; Laurent Jolie; Robin Touillon; Annelie Heuser; Sylvain Guilley; Olivier Rioul;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Side-channel leak; Web application; Suggest box; Stochastic algorithms; HTTPS;

机译：侧通道泄漏; Web应用程序;建议框;随机算法; HTTPS;

相似文献

外文文献
中文文献
专利

1. Decentralized Zeroth-Order Constrained Stochastic Optimization Algorithms: Frank–Wolfe and Variants With Applications to Black-Box Adversarial Attacks [J] . Sahu Anit Kumar, Kar Soummya Proceedings of the IEEE . 2020,第11期

机译：分散的零顺序约束随机优化算法：弗兰克 - 沃尔夫和含有应用于黑盒对抗攻击的变体
2. Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request [J] . Nguyen Manh Thang Programming and Computer Software . 2020,第5期

机译：提高Web应用程序防火墙的效率，以检测随机林法和分析属性HTTP请求的代码注入攻击
3. Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling [J] . Jazi Hossein Hadian, Gonzalez Hugo, Stakhanova Natalia, Computer networks . 2017,第Jula5期

机译：在存在采样的情况下检测Web服务器上基于HTTP的应用程序层DoS攻击
4. Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms [C] . Alexander Schaub, Emmanuel Schneider, Alexandros Hollender, International Conference on Risks and Security of Internet and Systems . 2015

机译：使用侧通道随机算法攻击在HTTPS上的Web应用程序中的建议框
5. Novel Side-Channel Attacks on Emerging Cryptographic Algorithms and Computing Systems [D] . Luo, Chao. 2018

机译：新兴加密算法和计算系统的新型侧面频攻击
6. A Compact and Low Power RO PUF with High Resilience to the EM Side-Channel Attack and the SVM Modelling Attack of Wireless Sensor Networks [O] . Yuan Cao, Xiaojin Zhao, Wenbin Ye, 2018

机译：紧凑低功耗的RO PUF对无线传感器网络的EM边通道攻击和SVM建模攻击具有很高的恢复能力
7. Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms? [O] . Er Schaub, Emmanuel Schneider, Ros Hollender, 2015

机译：使用边通道随机算法攻击HTTps上的Web应用程序中的建议框？

Attacking Suggest Boxes in Web Applications Over HTTPS Using Side-Channel Stochastic Algorithms

摘要

著录项

相似文献

相关主题

期刊订阅