首页> 外文会议>IEEE International Conference on Industrial and Information Systems >Implementing a proven-secure and cost-effective countermeasure against the compression ratio info-leak mass exploitation (CRIME) attack

【24h】

Implementing a proven-secure and cost-effective countermeasure against the compression ratio info-leak mass exploitation (CRIME) attack

机译：实施针对压缩率信息泄漏大规模利用（CRIME）攻击的行之有效的安全且具有成本效益的对策

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Header compression is desirable for network applications as it saves bandwidth and reduces latency. However, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. In web requests, headers contain secret web cookies. Therefore, compression of headers before encryption will reveal the information about the secret web cookies. This side-channel has led to Compression Ratio Info-leak Made Easy (CRIME) attack on web traffic protected by the SSL/TLS protocols. In order to mitigate the CRIME attack, compression is completely disabled at the TLS/SSL layer, which in return increases the bandwidth consumption and latency. In a previous work (Financial Cryptography and Data Security 2015), two countermeasures are presented with formal security proofs, against compression side-channel attacks, namely (l)-separating secret cookies from user inputs and (2)-using a static compression dictionary. In this work we create a test environment to replicate the CRIME attack and verify the attack. Moreover, we implement a proven-secure countermeasure against the CRIME attack, in a real world client/server setup, following the aforementioned two countermeasures. Our implementation achieves better compression ratio (closer to the original TLS/SSL compression), and hence reduces the bandwidth usage and latency significantly (therefore cost-effective). To the best of our knowledge, this is the first proven-secure and cost-effective countermeasure implementation against the CRIME attack.

机译：报头压缩对于网络应用程序是理想的，因为它可以节省带宽并减少延迟。但是，当数据在加密之前被压缩时，压缩量会泄漏有关明文中冗余量的信息。在Web请求中，标头包含秘密Web Cookie。因此，在加密之前对头进行压缩将揭示有关秘密Web cookie的信息。此辅助渠道导致对受SSL / TLS协议保护的Web流量的“压缩率信息泄漏”（CRIME）攻击。为了减轻CRIME攻击，在TLS / SSL层上完全禁用了压缩，这反过来又增加了带宽消耗和延迟。在以前的工作（金融密码学和数据安全性2015）中，针对压缩侧通道攻击，提出了两种带有正式安全证明的对策，即（l）从用户输入中分离秘密cookie，以及（2）使用静态压缩字典。在这项工作中，我们创建一个测试环境来复制CRIME攻击并验证攻击。此外，我们遵循上述两个对策，在真实的客户端/服务器设置中实施了针对CRIME攻击的可靠安全对策。我们的实现实现了更好的压缩率（接近于原始的TLS / SSL压缩），因此显着减少了带宽使用和延迟（因此具有成本效益）。据我们所知，这是第一个针对CRIME攻击的行之有效的安全且具有成本效益的对策实施。

著录项

来源
《IEEE International Conference on Industrial and Information Systems 》|2017年|1-6|共6页
会议地点
作者
Jayamine Alupotha; Sanduni Prasadi; Janaka Alawatugoda; Roshan Ragel; Mohamed Fawsan;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Bandwidth; Side-channel attacks; Dictionaries; Servers; Data compression;

机译：带宽;侧信道攻击;词典;服务器;数据压缩;

相似文献

外文文献
中文文献
专利

1. Design and implementation of hybrid integration of cognitive learning and chaotic countermeasures for side channel attacks [J] . Illuri Babu, Jose Deepa Journal of ambient intelligence and humanized computing . 2021 ,第5期

机译：认知学习混合集成的设计与实现，对侧渠攻击的混沌对策
2. Logic-Level Analysis of Fault Attacks and a Cost-Effective Countermeasure Design [J] . Masahiro KAMINAGA, Takashi WATANABE, Takashi ENDO, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences . 2008 ,第7期

机译：故障攻击的逻辑级别分析和具有成本效益的对策设计
3. Novel Test-Mode-Only Scan Attack and Countermeasure for Compression-Based Scan Architectures [J] . Ali Sk Subidh, Saeed Samah M., Sinanoglu Ozgur, Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on . 2015 ,第5期

机译：基于压缩的扫描架构的新型仅测试模式的扫描攻击和对策
4. Implementing a proven-secure and cost-effective countermeasure against the compression ratio info-leak mass exploitation (CRIME) attack [C] . Jayamine Alupotha, Sanduni Prasadi, Janaka Alawatugoda, IEEE International Conference on Industrial and Information Systems . 2017

机译：实施验证的安全和经济效益的对策，防止压缩比信息泄漏批量剥削（犯罪）攻击
5. Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks [D] . Yu, Weize. 2017

机译：开发片上稳压器以应对功率分析攻击
6. Time Integrated Flux Analysis: Exploiting the Concentration Measurements Directly for Cost-Effective Metabolic Network Flux Analysis [O] . Rui M. C. Portela, Anne Richelle, Patrick Dumas, 2019

机译：时间积分通量分析：直接利用浓度测量法进行具有成本效益的代谢网络通量分析
7. nyk of the Lviv University. Series Law KEYWORDS abuse of authority, abuse of power, abuse of official status, abuse of office acts of the European Union, international legal regulation, employment, right to free movement advocacy, advocate activity, advocacy science, advocatologie, theory of advocacy appeal proceeding, grounds to judgement revision, inconsistency of the court’s findings at first instance with the actual circumstances of the criminal proceedings, cancellation or alteration of the judgment charity organization, founder, assets of charity organization, constituent documents criminal proceedings, subjects of criminal proceedings, the suspect, the suspect law, criminal procedure, international standards employer’s duty, right to the moral injury compensation, social insurance from an industrial accident, social need, labour dispute forms of the legal actions of the collective of employees historical and legal science department, scientific activity law enforcement equipment, individual legal act, the means of forming the content of the enforcement act, requirements for registration of individual legal act attributes (properties) of acts of law legal formula (construction), qualified corpus delicti of a crime, degree of social danger, crime-forming feature legal social community legal technique, technology, legal act, legal system, lawmaking legitimacy, investigation of crime, concept of criminalistics, criminalistics recommendations, tactical methods measures aimed at providing criminal proceedings, procedural sanction, monetary penalty, pre-trial investigation national implementation, forms of implementation, implementation practice, European states, international treaties participant, shareholder, partnership, acquisition, changing, suspension proof, probability, likelihood, credibility in evidence, reliability scientific school, research, development land, agricultural and environmental law, Lviv Scientific School land, agricultural and environmental law the High Council of Justice of Ukraine, the National Council of Justice of the Republic of Poland, judges’ independence, international standards of the judiciary the presumption of the labor legal personality OPEN JOURNAL SYSTEMS Journal Help USER Username Password Remember me Login NOTIFICATIONS View Subscribe LANGUAGE Select LanguageSubmit JOURNAL CONTENT Search Search Scope Search Browse By Issue By Author By Title Other Journals FONT SIZE Make font size smallerMake font size defaultMake font size larger INFORMATION For Readers For Authors For Librarians HOME ABOUT LOGIN REGISTER SEARCH CURRENT ARCHIVES ANNOUNCEMENTS Home > No 67 (2018) > Марін ONCE AGAIN ON THE RETROACTIVE EFFECT OF THE CRIMINAL LAW IN TIME IN THE ASPECT OF INDIRECT CRIMINALIZATION [O] . Oleksandr Marin 2018

机译：LVIV大学的尼克。系列律师关键词滥用权威，滥用权力，滥用官方地位，滥用欧盟办公室行为，国际法律监管，就业，自由运动倡导，倡导活动，倡导科学，倡导性宣传理论，倡导呼吁的理论，理由修改，法院调查结果的不一致事实，判决慈善组织的实际情况，取消或改变判决慈善机构，慈善组织的创始人，慈善机构资产，组成文件刑事诉讼，刑事诉讼主题，嫌疑人，嫌疑法，刑事诉讼，国际标准雇主的责任，道德伤害赔偿权，社会保险从工业事故，社会需求，劳动争端形式的员工历史和法律科学部的法律行为，科学活动执法设备，个人法律法案，制定执法法案的内容，法律法律公式（建设）行为的个人法律法案（属性），犯罪的合格犯罪，社会危险程度，犯罪形成特征法律社会社会法律技术，技术，法律法，法律制度，立法合法性，犯罪调查，犯罪概念，犯罪建议，战术方法旨在提供刑事诉讼，程序制裁，货币罚款，预审调查预审国家实施，执行形式，实施实践，欧洲国家，国际条约参与者，股东，伙伴关系，收购，不断变化，暂停证明，概率，可能性，可信度在证据，可靠性科学学校，研究，开发土地，农业和环境法，利沃科学校园，农业和环境法律议理乌克兰的冰，波兰共和国国家司法委员会，法官的独立，国际标准的司法部门劳动法人的推定开放期刊系统期刊帮助用户用户名密码记住我登录通知查看订阅语言选择lobsumberubmit期刊内容搜索搜索范围搜索按问题浏览作者标题在间接刑事定罪方面，再次对刑法的追溯效应及时
8. Countermeasure Concepts for Use Against Urban Mass Fires from Nuclear Weapon Attack [R] . Shelberg, W. E., Tracy, E. T. 1967

机译：核武器攻击对抗城市大规模火灾的对策概念

Implementing a proven-secure and cost-effective countermeasure against the compression ratio info-leak mass exploitation (CRIME) attack

摘要

著录项

相似文献

相关主题

期刊订阅