2021-07-07, 15:20–15:55, Zoom room
In this presentation, we present the evolution and current situation of timing attacks in browsers, as well as statistical tools to characterize available timers. Our goal is to present a clear view of the attack surface and understand what are the main prerequisites and classes of browser-based timing attacks and what are the main countermeasures. We focus on determining to what extent the changes on timing-based countermeasures impact browser security. In particular, we show that the shift in protecting against transient execution attacks has re-enabled other attacks such as microarchitectural side-channel attacks with a higher bandwidth than what was possible just two years ago.
This research was done in collaboration with Clémentine Maurice and Pierre Laperdrix, and was published at the EuroS&P 2021 conference.
Variations of computation time can reveal information about the state of a system. Research has uncovered a variety of side and covert channels, allowing potential attackers to extract secrets or track user behavior. Timing attacks can aim at different components of the microarchitecture, e.g., cache, DRAM, and are purely software-based. These attacks have two common prerequisites: they run code on the victim's hardware, and they rely on high-resolution timers that can distinguish small timing variations in the order of 100ns. Most of the timing attacks are implemented in native code, allowing the attacker to have great control over the memory and cycle-accurate timers.