Title :
An Independent Evaluation of Web Timing Attack and its Countermeasure
Author :
Nagami, Yoshitaka ; Miyamoto, Daisuke ; Hazeyama, Hiroaki ; Kadobayashi, Youki
Author_Institution :
Grad. Sch. of Inf. Sci., Nara Inst. of Sci. & Technol., Nara
Abstract :
Web timing have attacks become a new threat on the Internet because they enable attackers to reveal users´ private information. In this paper, we evaluate the threat of a web timing attack and its countermeasure. Our contribution is to investigate the occurrence conditions of a web timing attack. We also verify the effectiveness of our countermeasure, whose significant feature is fixing the authentication time whereas previous work fixes the response time. For our evaluation, we measure response times of several web applications, and analyze the result with statistical testing. We find that it is difficult to reveal the of username in some types of applications, and we confirm that our countermeasure can thwart web timing attacks.
Keywords :
Internet; security of data; statistical testing; Internet; Web timing attack; private information; statistical testing; Authentication; Availability; Delay; Information science; Information security; Internet; Performance loss; Statistical analysis; Testing; Timing; Countermeasure; Web Application Security; Web Timing Attack;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.111
