Practical Keystroke Timing Attacks in Sandboxed JavaScript

Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clémentine Maurice, Stefan Mangard

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user fingerprints. While keystroke timing attacks are considered harmful, they typically require native code execution to exploit the side channels and, thus, may not be practical in many scenarios. In this paper, we present the first generic keystroke timing attack in sandboxed JavaScript, targeting arbitrary other tabs, processes and programs. This violates same-origin policy, HTTPS security model, and process isolation. Our attack is based on the interrupt-timing side channel which has previously only been exploited using native code. In contrast to previous attacks, we do not require the victim to run a malicious binary or interact with the malicious website. Instead, our attack runs in a background tab, possibly in a minimized browser window, displaying a malicious online advertisement. We show that we can observe the exact inter-keystroke timings for a user’s PIN or password, infer URLs entered by the user, and distinguish different users time-sharing a computer. Our attack works on personal computers, laptops and smartphones, with different operating systems and browsers. As a solution against all known JavaScript timing attacks, we propose a fine-grained permission model.

Originalspracheenglisch
TitelComputer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings
Herausgeber (Verlag)Springer-Verlag Italia
Seiten191-209
Seitenumfang19
Band10493 LNCS
ISBN (Print)9783319663982
DOIs
PublikationsstatusVeröffentlicht - 2017
Veranstaltung22nd European Symposium on Research in Computer Security, ESORICS 2017 - Oslo, Norwegen
Dauer: 11 Sep 201715 Sep 2017

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band10493 LNCS
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Konferenz

Konferenz22nd European Symposium on Research in Computer Security, ESORICS 2017
LandNorwegen
OrtOslo
Zeitraum11/09/1715/09/17

    Fingerprint

Schlagwörter

    ASJC Scopus subject areas

    • !!Theoretical Computer Science
    • !!Computer Science(all)

    Dieses zitieren

    Lipp, M., Gruss, D., Schwarz, M., Bidner, D., Maurice, C., & Mangard, S. (2017). Practical Keystroke Timing Attacks in Sandboxed JavaScript. in Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings (Band 10493 LNCS, S. 191-209). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 10493 LNCS). Springer-Verlag Italia. https://doi.org/10.1007/978-3-319-66399-9_11