ESORICS 2011
ESORICS 2011
Feb 23, 2016
ESORICS 2011. Timing is Everything : The Importance of History Detection. FISHING SITE!. Timing is Everything : The Importance of History Detection. Old tab has gets a handle to the new tab Tricks exist to detect when a user goes to a new webpage ( history detection ) - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ESORICS 2011
Timing is Everything:The Importance of History Detection
FISHING SITE!
Timing is Everything:The Importance of History Detection
1. Old tab has gets a handle to the new tab2. Tricks exist to detect when a user goes
to a new webpage (history detection)3. Attacker detects, and redirects page
to fishing site
Who wrote this code?Identifying the Authors of Program Binaries
Authors Programs
Who wrote which program?
Different authors different coding styles
Who wrote this code?
Idioms (push ebp | * | mov esp,ebp)
(Call) Graphlets
Byte n-grams 0x75, 0x30, 0x90, 0x0c
Use machine learning to map features to authors#Authors#Programs
93834
1911747
32203
Privacy-Preserving DNS
Client DNS Resolver
.be
ugent.be
elis.ugent.be
• ISP’s DNS• Google Public DNS• OpenDNS• …
Knows which websites are visited per user!
Privacy-Preserving DNS
Client DNS Resolver
.be
ugent.be
elis.ugent.be
BroadcastPopular domains
Mix 1 Mix 2 Mix n
Top 100/1000/… domains broadcasted Less communication
Mixing traffic through different mixers hides your identity
• Simulation of latency using real DNS traffic data• Zero latency for >=80% of lookups with broadcasting top 10.000 domains• Analysis of safety of privacy of range queries
Remote Timing Attacks Are Still Practical
OpenSSL TLS handshake withECDSA signatures
Timing of messagesMessagesSignatures
Lattice AttackA.k.a
“Magic”
Automated Information Flow Analysis of Virtualized Infrastructures
• Complex !• Manual analysis is
unfeasible
Related Documents
