“Timing Attacks on Web Privacy”, 2000-11 (; backlinks):
We describe a class of attacks that can compromise the privacy of users’ Web-browsing histories. The attacks allow a malicious Web site to determine whether or not the user has recently visited some other, unrelated Web page. The malicious page can determine this information by measuring the time the user’s browser requires to perform certain operations.
Since browsers perform various forms of caching, the time required for operations depends on the user’s browsing history; this paper shows that the resulting time variations convey enough information to compromise users’ privacy. This attack method also allows other types of information gathering by Web sites, such as a more invasive form of Web “cookies”. [Covers: HTML, email HTML, DNS, Java applets, Javascript, cookies, shared caches]
The attacks we describe can be carried out without the victim’s knowledge, and most “anonymous browsing” tools fail to prevent them. Other simple countermeasures also fail to prevent these attacks.
We describe a way [domain tagging] of reengineering browsers to prevent most of them. [Partitioning caches by domain.]
…Web technologies allow an attacker to control the sequence of data accesses on a remote machine, and hence to carry out cache-based timing attacks. An attack could be delivered by a Web page, or in an email message if the victim uses an HTML-enabled mailer.
We have described attacks that probe the contents of Web browser file caches, to learn a user’s Web browsing history, and attacks that probe DNS caches, to learn which network addresses a machine has connected to recently.
We are not aware of any practical countermeasures to these attacks. There seems to be little hope that effective countermeasures will be developed and deployed any time soon.
View PDF: