Add reference for cache timing attacks
This commit is contained in:
parent
8972590585
commit
6787090629
30
methods.tex
30
methods.tex
@ -677,21 +677,21 @@ party web sites.
|
||||
\subsection{Cache Timing}
|
||||
\label{subsec:cache timing}
|
||||
|
||||
Cache timing attacks are another form of history stealing which enables an
|
||||
attacker to probe for already visited \glspl{URL} by timing how long it takes a
|
||||
client to fetch a resource. Timing attacks are most commonly used in
|
||||
cryptography to indirectly observe the generation or usage of a cipher key by
|
||||
measuring cpu noises, frequencies, power usage or other properties that allow
|
||||
conclusions to be drawn about the key. This type of attack is referred to as a
|
||||
side-channel attack. Cache timing exploits the fact that it takes time to load
|
||||
assets for a web site. It works by measuring the time a client takes to access a
|
||||
specified resource. If the time is short, the resource has most likely been
|
||||
served from the cache and has thus been downloaded before, implying a visit to a
|
||||
web site which uses that resource. If it takes longer than a cache hit would, on
|
||||
the other hand, the resource did not exist before and has to be downloaded now,
|
||||
suggesting that no other web site using that resource has been visited before. In
|
||||
practice an attack might look like this (taken from
|
||||
\cite[p.~2]{feltenTimingAttacksWeb2000}):
|
||||
Cache timing attacks \cite{feltenTimingAttacksWeb2000} are another form of
|
||||
history stealing which enables an attacker to probe for already visited
|
||||
\glspl{URL} by timing how long it takes a client to fetch a resource. Timing
|
||||
attacks are most commonly used in cryptography to indirectly observe the
|
||||
generation or usage of a cipher key by measuring cpu noises, frequencies, power
|
||||
usage or other properties that allow conclusions to be drawn about the key. This
|
||||
type of attack is referred to as a side-channel attack. Cache timing exploits
|
||||
the fact that it takes time to load assets for a web site. It works by measuring
|
||||
the time a client takes to access a specified resource. If the time is short,
|
||||
the resource has most likely been served from the cache and has thus been
|
||||
downloaded before, implying a visit to a web site which uses that resource. If
|
||||
it takes longer than a cache hit would, on the other hand, the resource did not
|
||||
exist before and has to be downloaded now, suggesting that no other web site
|
||||
using that resource has been visited before. In practice an attack might look
|
||||
like this (taken from \cite[p.~2]{feltenTimingAttacksWeb2000}):
|
||||
|
||||
\begin{enumerate}
|
||||
\item Alice visits a web site from Bob called \texttt{bob.com}.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user