Practical Keystroke Timing Attacks in Sandboxed JavaScript

Transcription

1 Practical Keystroke Timing Attacks in Sandboxed JavaScript M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Sep 11, 2017 ESORICS 17 Graz University of Technology

2 Motivation Keystroke timing attacks infer typed words, passphrases or create user fingerprints 2 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

3 Motivation Keystroke timing attacks infer typed words, passphrases or create user fingerprints Typically require native code execution 2 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

4 Motivation Keystroke timing attacks infer typed words, passphrases or create user fingerprints Typically require native code execution First JavaScript-based keystroke timing attack 2 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

5 Motivation Keystroke timing attacks infer typed words, passphrases or create user fingerprints Typically require native code execution First JavaScript-based keystroke timing attack Build classifiers to detect visited websites or to identify users and a covert channel 2 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

6 Motivation Keystroke timing attacks infer typed words, passphrases or create user fingerprints Typically require native code execution First JavaScript-based keystroke timing attack Build classifiers to detect visited websites or to identify users and a covert channel Runs in the background and can monitor on other tabs and applications 2 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

7 Background

8 Keystroke Timing Attacks Acquire accurate timestamps of keystrokes for input sequences 3 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

9 Keystroke Timing Attacks Acquire accurate timestamps of keystrokes for input sequences Depend on bigrams, syllables, words, keyboard layout and typing experience 3 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

10 Keystroke Timing Attacks Acquire accurate timestamps of keystrokes for input sequences Depend on bigrams, syllables, words, keyboard layout and typing experience Exploit timing characteristics to learn information about the user or the input Infer typed sentences Recover passphrases 3 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

11 Keystroke Timing Attacks Many ways to obtain keystroke timings have been presented: SSH leaks inter-keystroke timings in interactive mode [Son+01] Network latency with significant traffic [Hog+01] Instruction and stack pointer, interrupt, network packet statistics [Zha+09] CPU usage [Jan+12] Wi-Fi Signals [Ali+15] /proc/interrupts [Dia+16] JavaScript Sensor API [Meh+16] 4 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

12 Interrupt-timing Attacks Idea: Continuously acquire a high-resolution timestamp and monitor differences between subsequent timestamps [Sch+17] 5 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

13 Interrupt-timing Attacks Idea: Continuously acquire a high-resolution timestamp and monitor differences between subsequent timestamps [Sch+17] Requires unprivileged code execution and an accurate timing source (e.g., rdtsc) 5 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

14 Interrupt-timing Attacks 1 int now = rdtsc(); 2 while (true) { 3 int last = now; 4 now = rdtsc(); 5 if ((now - last) > threshold) { 6 reportevent(now, now - last); 7 } 8 } 6 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

15 Interrupt-timing Attacks 1 int now = rdtsc(); 2 while (true) { 3 int last = now; 4 now = rdtsc(); 5 if ((now - last) > threshold) { 6 reportevent(now, now - last); 7 } 8 } Look at how much time has passed since the last measurement 6 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

16 Interrupt-timing Attacks 1 int now = rdtsc(); 2 while (true) { 3 int last = now; 4 now = rdtsc(); 5 if ((now - last) > threshold) { 6 reportevent(now, now - last); 7 } 8 } Look at how much time has passed since the last measurement Significant differences occur when the process is interrupted 6 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

17 Interrupt-timing Attacks 1 int now = rdtsc(); 2 while (true) { 3 int last = now; 4 now = rdtsc(); 5 if ((now - last) > threshold) { 6 reportevent(now, now - last); 7 } 8 } Look at how much time has passed since the last measurement Significant differences occur when the process is interrupted More time the operating system consumes to handle the interrupt higher timing difference 6 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

18 Interrupt-timing Attacks p a s s w o r d Delta [cycles] Runtime [cycles] M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

19 Timing Attacks in Sandboxed JavaScript High Resolution Time API (performance.now) 8 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

20 Timing Attacks in Sandboxed JavaScript High Resolution Time API (performance.now) Utilized to mount various attacks: Page deduplication [Gru+15] Cache attacks [Ore+15] 8 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

21 Timing Attacks in Sandboxed JavaScript High Resolution Time API (performance.now) Utilized to mount various attacks: Page deduplication [Gru+15] Cache attacks [Ore+15] W3C standard now recommends a resolution of 5 µs 8 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

22 Sandboxed Keystroke Timing Attacks without High-Resolution Timers

23 Sandboxed Keystroke Timing Attacks w/o High-Resolution Timers Two phases: 9 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

24 Sandboxed Keystroke Timing Attacks w/o High-Resolution Timers Two phases: Online phase: Acquire timing traces 9 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

25 Sandboxed Keystroke Timing Attacks w/o High-Resolution Timers Two phases: Online phase: Acquire timing traces Offline phase: Post-processing and evaluation 9 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

26 Online phase How can we mount the attack in JavaScript? 10 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

27 Online phase How can we mount the attack in JavaScript? Native instruction (rdtsc) not available 10 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

28 Online phase How can we mount the attack in JavaScript? Native instruction (rdtsc) not available performance.now limited resolution 10 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

29 Online phase How can we mount the attack in JavaScript? Native instruction (rdtsc) not available performance.now limited resolution Implement a monotonic clock 10 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

30 Online phase How can we mount the attack in JavaScript? Native instruction (rdtsc) not available performance.now limited resolution Implement a monotonic clock Constantly increment a value 10 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

31 Online phase How can we mount the attack in JavaScript? Native instruction (rdtsc) not available performance.now limited resolution Implement a monotonic clock Constantly increment a value Number of increments is proportional to the time the function is scheduled Interrupt lower increments 10 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

32 Online phase Single-threaded event loop 11 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

33 Online phase Single-threaded event loop Browsers do not allow endless loops and warn the user 11 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

34 Online phase Single-threaded event loop Browsers do not allow endless loops and warn the user settimeout/setinterval enforce a minimum pause of 4 ms 11 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

35 Cooperative endless-loop slicing Slice endless loop into smaller finite loops 12 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

36 Cooperative endless-loop slicing Slice endless loop into smaller finite loops Every loop as an execution time of 4 ms 12 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

37 Cooperative endless-loop slicing Slice endless loop into smaller finite loops Every loop as an execution time of 4 ms Before running the loop, we schedule the next loop with a timeout of 4 ms 12 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

38 Cooperative endless-loop slicing Slice endless loop into smaller finite loops Every loop as an execution time of 4 ms Before running the loop, we schedule the next loop with a timeout of 4 ms The next slice of the loop is executed immediately after the current slice 12 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

39 Cooperative endless-loop slicing Slice endless loop into smaller finite loops Every loop as an execution time of 4 ms Before running the loop, we schedule the next loop with a timeout of 4 ms The next slice of the loop is executed immediately after the current slice Higher priority events (user inputs) can still be processed browser remains responsive 12 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

40 Cooperative endless-loop slicing Slice endless loop into smaller finite loops Every loop as an execution time of 4 ms Before running the loop, we schedule the next loop with a timeout of 4 ms The next slice of the loop is executed immediately after the current slice Higher priority events (user inputs) can still be processed browser remains responsive Minimum timeout is reduced to 1000 ms if the user switches the tab 12 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

41 Cooperative endless-loop slicing Slice endless loop into smaller finite loops Every loop as an execution time of 4 ms Before running the loop, we schedule the next loop with a timeout of 4 ms The next slice of the loop is executed immediately after the current slice Higher priority events (user inputs) can still be processed browser remains responsive Minimum timeout is reduced to 1000 ms if the user switches the tab Utilize Web Worker API to execute code in background 12 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

42 Cooperative endless-loop slicing 1 function measure_time(id) { 2 settimeout(measure_time, 0, id + 1); 3 counter = 0; 4 begin = window.performance.now(); 5 while ((window.performance.now() - begin) < 5) { 6 counter = counter + 1; 7 } 8 publish(id, counter); 9 } 13 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

43 Cooperative endless-loop slicing 1 function measure_time(id) { 2 settimeout(measure_time, 0, id + 1); 3 counter = 0; 4 begin = window.performance.now(); 5 while ((window.performance.now() - begin) < 5) { 6 counter = counter + 1; 7 } 8 publish(id, counter); 9 } Low impact on the system and browser performance 13 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

44 Cooperative endless-loop slicing 1 function measure_time(id) { 2 settimeout(measure_time, 0, id + 1); 3 counter = 0; 4 begin = window.performance.now(); 5 while ((window.performance.now() - begin) < 5) { 6 counter = counter + 1; 7 } 8 publish(id, counter); 9 } Low impact on the system and browser performance Less than 256 bytes of code 13 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

45 Cooperative endless-loop slicing 1 function measure_time(id) { 2 settimeout(measure_time, 0, id + 1); 3 counter = 0; 4 begin = window.performance.now(); 5 while ((window.performance.now() - begin) < 5) { 6 counter = counter + 1; 7 } 8 publish(id, counter); 9 } Low impact on the system and browser performance Less than 256 bytes of code Can be hidden in modern JavaScript frameworks or online advertisements 13 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

46 Interrupt-timing Attack in JavaScript 10 5 Delta [counter] y a h o o. c o m Runtime [s] 14 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

47 Offline phase Process and analyze traces of the online phase 15 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

48 Offline phase Process and analyze traces of the online phase Filter the measured trace to reduce noise 15 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

49 Offline phase Process and analyze traces of the online phase Filter the measured trace to reduce noise Detect threshold for keystroke events 15 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

50 Offline phase Process and analyze traces of the online phase Filter the measured trace to reduce noise Detect threshold for keystroke events Features of recorded measurements are strong enough that simple techniques (k-nearest neighbours (KNN)) allow to build an efficient and accurate classifier 15 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

51 Practical Attacks and Evaluation

52 URL Classification Infer URLs a user enters into the browsers address bar Intel i7-6700k and Firefox M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

53 URL Classification Infer URLs a user enters into the browsers address bar Intel i7-6700k and Firefox 52.0 Train a classifier with the input sequences of the top 10 most visited websites 16 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

54 URL Classification Small timing variations when the user starts typing and whenever the user presses a key 17 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

55 URL Classification Small timing variations when the user starts typing and whenever the user presses a key Compute the correlation for different alignments 17 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

56 URL Classification Small timing variations when the user starts typing and whenever the user presses a key Compute the correlation for different alignments Evaluate classifier using k-fold cross-validation 17 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

57 URL Classification Actual URL amazon.com baidu.com facebook.com google.co.in google.co.jp google.com qq.com wikipedia.org yahoo.com youtube.com amazon.com baidu.com facebook.com google.co.in google.co.jp google.com qq.com wikipedia.org yahoo.com youtube.com Predicted URL Figure 1: Confusion matrix for URL input. 18 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

58 User Classification P1 P2 P3 P P1 P2 P3 Actual User P4 Predicted User Figure 2: Confusion matrix for input by different users. 19 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

59 Touchscreen Interactions Evaluate attack on mobile devices 20 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

60 Touchscreen Interactions 4,000 Delta [counter] 3,000 2,000 tap tap swipe tap Runtime [s] Figure 3: Keystroke timing attack running in a native app on the Google Nexus M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

61 Touchscreen Interactions Delta [counter] 2,000 1,000 0 tap tap swipe tap Runtime [s] Figure 4: Keystroke timing attack running in JavaScript on the Google Nexus M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

62 Touchscreen Interactions 4,500 Delta [counter] 4,000 3,500 tap tap swipe tap 3, Runtime [s] Figure 5: Keystroke timing attack running in JavaScript on the Xiaomi Redmi Note M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

63 Spying on other applications and PIN unlock Attack allows monitoring of every other event triggering interrupts 24 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

64 Spying on other applications and PIN unlock Attack allows monitoring of every other event triggering interrupts Allows to monitor keystrokes in different tabs and other applications 24 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

65 Keystroke timing attack on different tab Delta [counter] 10,000 8,000 6,000 4,000 2,000 tap menu new tab tap swipe tap switch tab select tab activate tab redraw incognito tab redraw redraw redraw redraw Runtime [s] Figure 6: Keystroke timing attack running while switching to a different tab in the Chrome browser on the Xiaomi Redmi Note M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

66 PIN input 10,000 slide tap Delta [counter] 5,000 0 screen off redraw redraw Runtime [s] Figure 7: Keystroke timing attack running in the Firefox browser on the Xiaomi Redmi Note 3. While the user locked the screen, the application still detects keystrokes as long as it is executed on the last used tab. 26 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

67 Touchscreen Interactions Device SoC Keystrokes Screen lock Google Nexus 5 Qualcomm MSM8974 Snapdragon Xiaomi Redmi Note 3 Mediatek MT6795 Helio X10 Homtom HT3 MediaTek MTK6580 Samsung Galaxy S6 Samsung Exynos OnePlus One Qualcomm MSM8974AC Snapdragon 801 OnePlus 3T Qualcomm MSM8996 Snapdragon Table 1: Mobile test devices. 27 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

68 Covert channel Establish a unidirectional covert channel 28 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

69 Covert channel Establish a unidirectional covert channel Sending a 1: Issue interrupt 28 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

70 Covert channel Establish a unidirectional covert channel Sending a 1: Issue interrupt Sending a 0: Idle 28 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

71 Covert channel Establish a unidirectional covert channel Sending a 1: Issue interrupt Sending a 0: Idle Utilize XMLHttpRequest to fetch a network resource from an invalid URL to implicitly issue an interrupt 28 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

72 Covert channel Cross-tab 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

73 Covert channel Cross-tab Breaks Same-Origin policy (SOP) 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

74 Covert channel Cross-tab Breaks Same-Origin policy (SOP) Breaks HTTP Strict Transport Security (HSTS) policy 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

75 Covert channel Cross-tab Breaks Same-Origin policy (SOP) Breaks HTTP Strict Transport Security (HSTS) policy Cross-browser 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

76 Covert channel Cross-tab Breaks Same-Origin policy (SOP) Breaks HTTP Strict Transport Security (HSTS) policy Cross-browser Circumvents process-per-site or process-per-tab policy 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

77 Covert channel Cross-tab Breaks Same-Origin policy (SOP) Breaks HTTP Strict Transport Security (HSTS) policy Cross-browser Circumvents process-per-site or process-per-tab policy Transmission from Firefox to Chrome 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

78 Covert channel Cross-tab Breaks Same-Origin policy (SOP) Breaks HTTP Strict Transport Security (HSTS) policy Cross-browser Circumvents process-per-site or process-per-tab policy Transmission from Firefox to Chrome Established with browsers running in incognito mode 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

79 Covert channel Cross-tab Breaks Same-Origin policy (SOP) Breaks HTTP Strict Transport Security (HSTS) policy Cross-browser Circumvents process-per-site or process-per-tab policy Transmission from Firefox to Chrome Established with browsers running in incognito mode Transmission rate Raw transmission rate of 25 bps using a sample interval of 40 ms 29 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

80 Countermeasures

81 Countermeasures 30 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

82 Countermeasures Generic Countermeasures 30 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

83 Countermeasures Generic Countermeasures Inject phantom keystrokes that will be intercepted by malware [Mye17] 30 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

84 Countermeasures Generic Countermeasures Inject phantom keystrokes that will be intercepted by malware [Mye17] Analyze the statistical properties of noise necessary to impede real keystroke detection [Ort12] 30 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

85 Countermeasures Generic Countermeasures Inject phantom keystrokes that will be intercepted by malware [Mye17] Analyze the statistical properties of noise necessary to impede real keystroke detection [Ort12] Do not prevent interrupt-timing attacks 30 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

86 Countermeasures Generic Countermeasures Inject phantom keystrokes that will be intercepted by malware [Mye17] Analyze the statistical properties of noise necessary to impede real keystroke detection [Ort12] Do not prevent interrupt-timing attacks Fine-grained Permission Model for JavaScript 30 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

87 Countermeasures Generic Countermeasures Inject phantom keystrokes that will be intercepted by malware [Mye17] Analyze the statistical properties of noise necessary to impede real keystroke detection [Ort12] Do not prevent interrupt-timing attacks Fine-grained Permission Model for JavaScript Per-page level access control to APIs, e.g., web workers 30 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

88 Conclusion

89 Conclusion 31 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

90 Conclusion First JavaScript-based keystroke timing attack 31 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

91 Conclusion First JavaScript-based keystroke timing attack independent of browser and operating system 31 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

92 Conclusion First JavaScript-based keystroke timing attack independent of browser and operating system Infer accurate timestamps of keystrokes as well as taps and swipes 31 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

93 Conclusion First JavaScript-based keystroke timing attack independent of browser and operating system Infer accurate timestamps of keystrokes as well as taps and swipes Built classifiers to detect visited websites and identify users and a covert channel 31 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

94 Conclusion First JavaScript-based keystroke timing attack independent of browser and operating system Infer accurate timestamps of keystrokes as well as taps and swipes Built classifiers to detect visited websites and identify users and a covert channel Highly practical, as it runs in background to spy on other tabs and applications 31 M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Graz University of Technology

95 Practical Keystroke Timing Attacks in Sandboxed JavaScript M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Sep 11, 2017 ESORICS 17 Graz University of Technology