Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

Original languageEnglish
Title of host publicationFinancial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers
PublisherSpringer Verlag Wien
Pages247-267
Number of pages21
Volume10322 LNCS
ISBN (Print)9783319709710
DOIs
Publication statusPublished - 1 Jan 2017
Event21st International Conference on Financial Cryptography and Data Security, FC 2017 - Sliema, Malta
Duration: 3 Apr 20177 Apr 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10322 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference21st International Conference on Financial Cryptography and Data Security, FC 2017
CountryMalta
CitySliema
Period3/04/177/04/17

Fingerprint

JavaScript
Websites
High Resolution
Attack
Dynamic random access storage
Timing
Computer networks
Application programs
Computer hardware
Timing Attack
Covert Channel
Virtual Machine
Cache
Demonstrate
Exceed
Hardware
Range of data
Virtual machine
Side channel attack

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Schwarz, M., Maurice, C., Gruss, D., & Mangard, S. (2017). Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. In Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers (Vol. 10322 LNCS, pp. 247-267). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10322 LNCS). Springer Verlag Wien. https://doi.org/10.1007/978-3-319-70972-7_13

Fantastic timers and where to find them : High-resolution microarchitectural attacks in javascript. / Schwarz, Michael; Maurice, Clémentine; Gruss, Daniel; Mangard, Stefan.

Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Vol. 10322 LNCS Springer Verlag Wien, 2017. p. 247-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10322 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Schwarz, M, Maurice, C, Gruss, D & Mangard, S 2017, Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. in Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. vol. 10322 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10322 LNCS, Springer Verlag Wien, pp. 247-267, 21st International Conference on Financial Cryptography and Data Security, FC 2017, Sliema, Malta, 3/04/17. https://doi.org/10.1007/978-3-319-70972-7_13
Schwarz M, Maurice C, Gruss D, Mangard S. Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript. In Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Vol. 10322 LNCS. Springer Verlag Wien. 2017. p. 247-267. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-70972-7_13
Schwarz, Michael ; Maurice, Clémentine ; Gruss, Daniel ; Mangard, Stefan. / Fantastic timers and where to find them : High-resolution microarchitectural attacks in javascript. Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Vol. 10322 LNCS Springer Verlag Wien, 2017. pp. 247-267 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5f5b020b8fba4243a6e2725df004057b,
title = "Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript",
abstract = "Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.",
author = "Michael Schwarz and Cl{\'e}mentine Maurice and Daniel Gruss and Stefan Mangard",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-70972-7_13",
language = "English",
isbn = "9783319709710",
volume = "10322 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag Wien",
pages = "247--267",
booktitle = "Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers",

}

TY - GEN

T1 - Fantastic timers and where to find them

T2 - High-resolution microarchitectural attacks in javascript

AU - Schwarz, Michael

AU - Maurice, Clémentine

AU - Gruss, Daniel

AU - Mangard, Stefan

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

AB - Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

UR - http://www.scopus.com/inward/record.url?scp=85039147539&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-70972-7_13

DO - 10.1007/978-3-319-70972-7_13

M3 - Conference contribution

SN - 9783319709710

VL - 10322 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 247

EP - 267

BT - Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers

PB - Springer Verlag Wien

ER -