Port Contention Goes Portable: Port Contention Side Channels in Web Browsers

Rokicki, Thomas; Maurice, Clementine; Botvinnik, Marina; Oren, Yossi

Document type :

Communication dans un congrès avec actes

DOI :

10.1145/3488932.3517411

Title :

Port Contention Goes Portable: Port Contention Side Channels in Web Browsers

Author(s) :

Rokicki, Thomas [Auteur]
Security & PrIvaCY [SPICY]
Maurice, Clementine [Auteur]

Self-adaptation for distributed services and large software systems [SPIRALS]
Botvinnik, Marina [Auteur]
Ben-Gurion University of the Negev [BGU]
Oren, Yossi [Auteur]
Ben-Gurion University of the Negev [BGU]

Conference title :

ASIA CCS '22 - ACM Asia Conference on Computer and Communications Security

City :

Nagasaki / Virtual

Country :

Japon

Start date of the conference :

2022-05-30

Publisher :

ACM

Publication date :

2022-05-30

English keyword(s) :

Side Channel
CPU Port Contention
JavaScript
WebAssembly

HAL domain(s) :

Informatique [cs]/Cryptographie et sécurité [cs.CR]

English abstract : [en]

Microarchitectural side-channel attacks can derive secrets from the execution of vulnerable programs. Their implementation in web browsers represents a considerable extension of their attack surface, as a user simply ...
Show more >Microarchitectural side-channel attacks can derive secrets from the execution of vulnerable programs. Their implementation in web browsers represents a considerable extension of their attack surface, as a user simply browsing a malicious website, or even a malicious third-party advertisement in a benign cross-origin isolated website, can be a victim.In this paper, we present the first port contention side channel running entirely in a web browser, despite a highly challenging environment. Our attack can be used to build a cross-browser covert channel with a bit rate of 200 bit/s, one order of magnitude above the state of the art, and has a spatial resolution of 1024 native instructions in a side-channel attack, a performance on-par with Prime+Probe attacks. We provide a framework to evaluate the port contention caused by WebAssembly instructions on Intel processors, allowing to increase the portability of port contention side channels.We conclude from our work that port contention attacks are not only fast, they are also less susceptible to noise than cache attacks, and are immune to countermeasures implemented in browsers as well as most side channel countermeasures, which target the cache in their vast majority.Show less >

Language :

Anglais

Peer reviewed article :

Oui

Audience :

Internationale

Popular science :

Non

ANR Project :

Attaques sur la micro-architecture des systèmes ubiquitaires

Collections :