Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Michael Schwarz; Clémentine Maurice; Daniel Gruss; Stefan Mangard

doi:10.1007/978-3-319-70972-7_13

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Michael Schwarz^*, Clémentine Maurice, Daniel Gruss, Stefan Mangard

^*Corresponding author for this work

Graz University of Technology (90000)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

Original language	English
Title of host publication	Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers
Publisher	Springer Verlag Wien
Pages	247-267
Number of pages	21
Volume	10322 LNCS
ISBN (Print)	9783319709710
DOIs	https://doi.org/10.1007/978-3-319-70972-7_13
Publication status	Published - 1 Jan 2017
Event	21st International Conference on Financial Cryptography and Data Security, FC 2017 - Sliema, Malta Duration: 3 Apr 2017 → 7 Apr 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10322 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Financial Cryptography and Data Security, FC 2017
Country/Territory	Malta
City	Sliema
Period	3/04/17 → 7/04/17

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-70972-7_13

fantastictimersAccepted author manuscript, 1.33 MB

Cite this

Schwarz, M., Maurice, C., Gruss, D., & Mangard, S. (2017). Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. In Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers (Vol. 10322 LNCS, pp. 247-267). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10322 LNCS). Springer Verlag Wien. https://doi.org/10.1007/978-3-319-70972-7_13

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. / Schwarz, Michael; Maurice, Clémentine; Gruss, Daniel et al.
Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Vol. 10322 LNCS Springer Verlag Wien, 2017. p. 247-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10322 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Schwarz, M, Maurice, C, Gruss, D & Mangard, S 2017, Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. in Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. vol. 10322 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10322 LNCS, Springer Verlag Wien, pp. 247-267, 21st International Conference on Financial Cryptography and Data Security, FC 2017, Sliema, Malta, 3/04/17. https://doi.org/10.1007/978-3-319-70972-7_13

Schwarz M, Maurice C, Gruss D , Mangard S. Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. In Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Vol. 10322 LNCS. Springer Verlag Wien. 2017. p. 247-267. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-70972-7_13

Schwarz, Michael ; Maurice, Clémentine ; Gruss, Daniel et al. / Fantastic timers and where to find them : High-resolution microarchitectural attacks in javascript. Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Vol. 10322 LNCS Springer Verlag Wien, 2017. pp. 247-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5f5b020b8fba4243a6e2725df004057b,

title = "Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript",

abstract = "Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.",

author = "Michael Schwarz and Cl{\'e}mentine Maurice and Daniel Gruss and Stefan Mangard",

year = "2017",

month = jan,

day = "1",

doi = "10.1007/978-3-319-70972-7_13",

language = "English",

isbn = "9783319709710",

volume = "10322 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag Wien",

pages = "247--267",

booktitle = "Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers",

note = "21st International Conference on Financial Cryptography and Data Security, FC 2017 ; Conference date: 03-04-2017 Through 07-04-2017",

}

TY - GEN

T1 - Fantastic timers and where to find them

T2 - 21st International Conference on Financial Cryptography and Data Security, FC 2017

AU - Schwarz, Michael

AU - Maurice, Clémentine

AU - Gruss, Daniel

AU - Mangard, Stefan

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

AB - Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

UR - http://www.scopus.com/inward/record.url?scp=85039147539&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-70972-7_13

DO - 10.1007/978-3-319-70972-7_13

M3 - Conference paper

AN - SCOPUS:85039147539

SN - 9783319709710

VL - 10322 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 247

EP - 267

BT - Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers

PB - Springer Verlag Wien

Y2 - 3 April 2017 through 7 April 2017

ER -

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

EU - SOPHIA - Securing Software against Physical Attacks

Cite this

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

EU - SOPHIA - Securing Software against Physical Attacks

Cite this