TY - GEN
T1 - Practical Keystroke Timing Attacks in Sandboxed JavaScript
AU - Lipp, Moritz
AU - Gruss, Daniel
AU - Schwarz, Michael
AU - Bidner, David
AU - Maurice, Clémentine
AU - Mangard, Stefan
PY - 2017
Y1 - 2017
N2 - Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user fingerprints. While keystroke timing attacks are considered harmful, they typically require native code execution to exploit the side channels and, thus, may not be practical in many scenarios. In this paper, we present the first generic keystroke timing attack in sandboxed JavaScript, targeting arbitrary other tabs, processes and programs. This violates same-origin policy, HTTPS security model, and process isolation. Our attack is based on the interrupt-timing side channel which has previously only been exploited using native code. In contrast to previous attacks, we do not require the victim to run a malicious binary or interact with the malicious website. Instead, our attack runs in a background tab, possibly in a minimized browser window, displaying a malicious online advertisement. We show that we can observe the exact inter-keystroke timings for a user’s PIN or password, infer URLs entered by the user, and distinguish different users time-sharing a computer. Our attack works on personal computers, laptops and smartphones, with different operating systems and browsers. As a solution against all known JavaScript timing attacks, we propose a fine-grained permission model.
AB - Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user fingerprints. While keystroke timing attacks are considered harmful, they typically require native code execution to exploit the side channels and, thus, may not be practical in many scenarios. In this paper, we present the first generic keystroke timing attack in sandboxed JavaScript, targeting arbitrary other tabs, processes and programs. This violates same-origin policy, HTTPS security model, and process isolation. Our attack is based on the interrupt-timing side channel which has previously only been exploited using native code. In contrast to previous attacks, we do not require the victim to run a malicious binary or interact with the malicious website. Instead, our attack runs in a background tab, possibly in a minimized browser window, displaying a malicious online advertisement. We show that we can observe the exact inter-keystroke timings for a user’s PIN or password, infer URLs entered by the user, and distinguish different users time-sharing a computer. Our attack works on personal computers, laptops and smartphones, with different operating systems and browsers. As a solution against all known JavaScript timing attacks, we propose a fine-grained permission model.
KW - Fingerprint
KW - Interrupt
KW - JavaScript
KW - Keystroke
KW - Side channel
UR - http://www.scopus.com/inward/record.url?scp=85029485172&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-66399-9_11
DO - 10.1007/978-3-319-66399-9_11
M3 - Conference paper
AN - SCOPUS:85029485172
SN - 9783319663982
VL - 10493 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 191
EP - 209
BT - Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings
PB - Springer-Verlag Italia
T2 - 22nd European Symposium on Research in Computer Security, ESORICS 2017
Y2 - 11 September 2017 through 15 September 2017
ER -