Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Michael Schwarz; Clémentine Maurice; Daniel Gruss; Stefan Mangard

doi:10.1007/978-3-319-70972-7_13

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Michael Schwarz^*, Clémentine Maurice, Daniel Gruss, Stefan Mangard

^*Korrespondierende/r Autor/-in für diese Arbeit

Technische Universität Graz (90000)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

Originalsprache	englisch
Titel	Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers
Herausgeber (Verlag)	Springer Verlag Wien
Seiten	247-267
Seitenumfang	21
Band	10322 LNCS
ISBN (Print)	9783319709710
DOIs	https://doi.org/10.1007/978-3-319-70972-7_13
Publikationsstatus	Veröffentlicht - 1 Jan. 2017
Veranstaltung	21st International Conference on Financial Cryptography and Data Security, FC 2017 - Sliema, Malta Dauer: 3 Apr. 2017 → 7 Apr. 2017

Publikationsreihe

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band	10322 LNCS
ISSN (Print)	0302-9743
ISSN (elektronisch)	1611-3349

Konferenz

Konferenz	21st International Conference on Financial Cryptography and Data Security, FC 2017
Land/Gebiet	Malta
Ort	Sliema
Zeitraum	3/04/17 → 7/04/17

ASJC Scopus subject areas

Theoretische Informatik
Informatik (insg.)

Zugriff auf Dokument

10.1007/978-3-319-70972-7_13

fantastictimersAkzeptiertes Autorenmanuskript, 1,33 MB

Andere Dateien und Links

http://www.scopus.com/inward/record.url?scp=85039147539&partnerID=8YFLogxK

EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
Mangard, S.
1/09/16 → 31/08/21
Projekt: Forschungsprojekt

Dieses zitieren

Schwarz, M., Maurice, C., Gruss, D., & Mangard, S. (2017). Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. in Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers (Band 10322 LNCS, S. 247-267). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 10322 LNCS). Springer Verlag Wien. https://doi.org/10.1007/978-3-319-70972-7_13

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. / Schwarz, Michael; Maurice, Clémentine; Gruss, Daniel et al.
Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Band 10322 LNCS Springer Verlag Wien, 2017. S. 247-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 10322 LNCS).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Schwarz, M, Maurice, C, Gruss, D & Mangard, S 2017, Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. in Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Bd. 10322 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bd. 10322 LNCS, Springer Verlag Wien, S. 247-267, 21st International Conference on Financial Cryptography and Data Security, FC 2017, Sliema, Malta, 3/04/17. https://doi.org/10.1007/978-3-319-70972-7_13

Schwarz M, Maurice C, Gruss D , Mangard S. Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. in Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Band 10322 LNCS. Springer Verlag Wien. 2017. S. 247-267. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-70972-7_13

Schwarz, Michael ; Maurice, Clémentine ; Gruss, Daniel et al. / Fantastic timers and where to find them : High-resolution microarchitectural attacks in javascript. Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Band 10322 LNCS Springer Verlag Wien, 2017. S. 247-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5f5b020b8fba4243a6e2725df004057b,

title = "Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript",

abstract = "Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.",

author = "Michael Schwarz and Cl{\'e}mentine Maurice and Daniel Gruss and Stefan Mangard",

year = "2017",

month = jan,

day = "1",

doi = "10.1007/978-3-319-70972-7_13",

language = "English",

isbn = "9783319709710",

volume = "10322 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag Wien",

pages = "247--267",

booktitle = "Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers",

note = "21st International Conference on Financial Cryptography and Data Security, FC 2017 ; Conference date: 03-04-2017 Through 07-04-2017",

}

TY - GEN

T1 - Fantastic timers and where to find them

T2 - 21st International Conference on Financial Cryptography and Data Security, FC 2017

AU - Schwarz, Michael

AU - Maurice, Clémentine

AU - Gruss, Daniel

AU - Mangard, Stefan

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

AB - Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

UR - http://www.scopus.com/inward/record.url?scp=85039147539&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-70972-7_13

DO - 10.1007/978-3-319-70972-7_13

M3 - Conference paper

AN - SCOPUS:85039147539

SN - 9783319709710

VL - 10322 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 247

EP - 267

BT - Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers

PB - Springer Verlag Wien

Y2 - 3 April 2017 through 7 April 2017

ER -

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Abstract

Publikationsreihe

Konferenz

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Projekte

EU - SOPHIA - Absicherung von Software gegen Physische Angriffe

Dieses zitieren