eBiltegia

    • Zer da eBiltegia? 
    •   eBiltegiari buruz
    •   Argitaratu irekian zure ikerketa
    • Sarbide Irekia MUn 
    •   Zer da Zientzia Irekia?
    •   Mondragon Unibertsitatearen dokumentu zientifikoetara eta irakaskuntza-materialetara Sarbide Irekia izateko politika instituzionala
    •   Mondragon Unibertsitatearen ikerketa-datuetara Sarbide Irekia izateko Politika instituzionala
    •   Babes digitalerako jarraibideak
    •   Zure argitalpenak jaso eta zabaldu egiten ditu Bibliotekak
    • Euskara
    • Español
    • English

Laguntzailea:

  • Kontaktua
  • Euskara 
    • Euskara
    • Español
    • English
  • eBiltegia buruz  
    • Zer da eBiltegia? 
    •   eBiltegiari buruz
    •   Argitaratu irekian zure ikerketa
    • Sarbide Irekia MUn 
    •   Zer da Zientzia Irekia?
    •   Mondragon Unibertsitatearen dokumentu zientifikoetara eta irakaskuntza-materialetara Sarbide Irekia izateko politika instituzionala
    •   Mondragon Unibertsitatearen ikerketa-datuetara Sarbide Irekia izateko Politika instituzionala
    •   Babes digitalerako jarraibideak
    •   Zure argitalpenak jaso eta zabaldu egiten ditu Bibliotekak
  • Hasi saioa
Ikusi itema 
  •   eBiltegia MONDRAGON UNIBERTSITATEA
  • Ikerketa-Artikuluak
  • Artikuluak-Ingeniaritza
  • Ikusi itema
  •   eBiltegia MONDRAGON UNIBERTSITATEA
  • Ikerketa-Artikuluak
  • Artikuluak-Ingeniaritza
  • Ikusi itema
JavaScript is disabled for your browser. Some features of this site may not work without it.
Thumbnail
Ikusi/Ireki
Cookies from the Past Timing Server-Side Request Processing Code for History Sniffing.pdf (752.2Kb)
Erregistro osoa
Eragina

Web of Science   

Google Scholar
Partekatu
EmailLinkedinFacebookTwitter
Gorde erreferentzia
Mendely

Zotero

untranslated

Mets

Mods

Rdf

Marc

Exportar a BibTeX
Izenburua
Cookies from the Past: Timing Server-Side Request Processing Code for History Sniffing
Egilea
Santos Grueiro, Igor
Egilea (beste erakunde batekoa)
Sanchez-Rola, Iskander
Balzarotti, Davide
Ikerketa taldea
Análisis de datos y ciberseguridad
Beste instituzio
Universidad de Deusto
https://ror.org/0114r0003
https://ror.org/00sse7z02
Bertsioa
Postprinta
Eskubideak
© 2020 The Authors
Sarbidea
Sarbide irekia
URI
https://hdl.handle.net/20.500.11984/6566
Argitaratzailearen bertsioa
https://doi.org/10.1145/3419473
Non argitaratua
Digital Threats: Research and Practice  Vol 1. N. 4. Article No.: 24. Pp 1–24. December, 2020
Argitaratzailea
ACM
Gako-hitzak
Security and privacy
Browser security
user privacy
browser cookies ... [+]
Security and privacy
Browser security
user privacy
browser cookies
history sniffing [-]
Laburpena
Cookies were originally introduced as a way to provide state awareness to websites, and are now one of the backbones of the current web. However, their use is not limited to store the login informatio ... [+]
Cookies were originally introduced as a way to provide state awareness to websites, and are now one of the backbones of the current web. However, their use is not limited to store the login information or to save the current state of user browsing. In several cases, third-party cookies are deliberately used for web tracking, user analytics, and for online advertisement, with the subsequent privacy loss for the end users. However, cookies are not the only technique capable of retrieving the users’ browsing history. In fact, history sniffing techniques are capable of tracking the users’ browsing history without relying on any specific code in a third-party website, but only on code executed within the visited site. Many sniffing techniques have been proposed to date, but they usually have several limitations and they are not able to differentiate between multiple possible states within the target application. We propose BakingTimer, a new history sniffing technique based on timing the execution of server-side request processing code. This method is capable of retrieving partial or complete user browsing history, it does not require any permission, and it can be performed through both first and third-party scripts. We studied the impact of our timing side-channel attack to detect prior visits to websites, and discovered that it was capable of detecting the users’ state in more than half of the 10K websites analyzed, which is the largest test performed to date to test this type of techniques. We additionally performed a manual analysis to check the capabilities of the attack to differentiate between three states: never accessed, accessed and logged in. Moreover, we performed a set of stability tests, to verify that our time measurements are robust with respect to changes both in the network RTT and in the servers workload. This extended version additionally includes a comprehensive analysis of existing countermeasures, starting from its evolution/adoption, and finishing with a large-scale experiment to asset the repercussions on the presented technique. [-]
Bildumak
  • Artikuluak - Ingeniaritza [742]

Zerrendatu honako honen arabera

eBiltegia osoaKomunitateak & bildumakArgitalpen dataren araberaEgileakIzenburuakMateriakIkerketa taldeakNon argitaratuaBilduma hauArgitalpen dataren araberaEgileakIzenburuakMateriakIkerketa taldeakNon argitaratua

Nire kontua

SartuErregistratu

Estatistikak

Ikusi erabilearen inguruko estatistikak

Nork bildua:

OpenAIREBASERecolecta

Nork balioztatua:

OpenAIRERebiun
MONDRAGON UNIBERTSITATEA | Biblioteka
Kontaktua | Iradokizunak
DSpace
 

 

Nork bildua:

OpenAIREBASERecolecta

Nork balioztatua:

OpenAIRERebiun
MONDRAGON UNIBERTSITATEA | Biblioteka
Kontaktua | Iradokizunak
DSpace