Can You Tell Me the Time? Security Implications of the Server-Timing Header

Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI:10.14722/madweb.2023.23087

Vik Vanderlinden, W. Joosen, M. Vanhoef

{"title":"Can You Tell Me the Time? Security Implications of the Server-Timing Header","authors":"Vik Vanderlinden, W. Joosen, M. Vanhoef","doi":"10.14722/madweb.2023.23087","DOIUrl":null,"url":null,"abstract":"—Performing a remote timing attack typically entails the collection of many timing measurements in order to overcome noise due to network jitter. If an attacker can reduce the amount of jitter in their measurements, they can exploit timing leaks using fewer measurements. To reduce the amount of jitter, an attacker may use timing information that is made available by a server. In this paper, we exploit the use of the server-timing header, which was created for performance monitoring and in some cases exposes millisecond accurate information about server-side execution times. We show that the header is increasingly often used, with an uptick in adoption rates in recent months. The websites that use the header often host dynamic content of which the generation time can potentially leak sensitive information. Our new attack techniques, one of which collects the header timing values from an intermediate proxy, improve performance over standard attacks using roundtrip times. Experiments show that, overall, our new attacks (signiﬁcantly) decrease the number of samples required to exploit timing leaks. The attack is especially effective against geographically distant servers.","PeriodicalId":205270,"journal":{"name":"Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/madweb.2023.23087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

—Performing a remote timing attack typically entails the collection of many timing measurements in order to overcome noise due to network jitter. If an attacker can reduce the amount of jitter in their measurements, they can exploit timing leaks using fewer measurements. To reduce the amount of jitter, an attacker may use timing information that is made available by a server. In this paper, we exploit the use of the server-timing header, which was created for performance monitoring and in some cases exposes millisecond accurate information about server-side execution times. We show that the header is increasingly often used, with an uptick in adoption rates in recent months. The websites that use the header often host dynamic content of which the generation time can potentially leak sensitive information. Our new attack techniques, one of which collects the header timing values from an intermediate proxy, improve performance over standard attacks using roundtrip times. Experiments show that, overall, our new attacks (signiﬁcantly) decrease the number of samples required to exploit timing leaks. The attack is especially effective against geographically distant servers.

查看原文本刊更多论文

你能告诉我时间吗?服务器计时报头的安全含义

-执行远程定时攻击通常需要收集许多定时测量，以克服由于网络抖动引起的噪声。如果攻击者可以减少测量中的抖动量，他们就可以使用更少的测量来利用时间泄漏。为了减少抖动的数量，攻击者可以使用服务器提供的定时信息。在本文中，我们利用了服务器计时报头的使用，该报头是为性能监控而创建的，在某些情况下会暴露有关服务器端执行时间的毫秒级精确信息。我们显示，标题越来越多地被使用，最近几个月的采用率有所上升。使用标头的网站通常承载动态内容，这些内容的生成时间可能会泄露敏感信息。我们的新攻击技术(其中一种是从中间代理收集报头计时值)比使用往返时间的标准攻击提高了性能。实验表明，总的来说，我们的新攻击(显著)减少了利用时序泄漏所需的样本数量。这种攻击对地理位置较远的服务器尤其有效。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web

自引率

0.00%

发文量