"Leakuidator: Leaky Resource Attacks and Countermeasures" by Mojtaba Zaheri and Reza Curtmola
 

Leakuidator: Leaky Resource Attacks and Countermeasures

Document Type

Conference Proceeding

Publication Date

1-1-2021

Abstract

Leaky resource attacks leverage the popularity of resource-sharing services to conduct targeted deanonymization on the web. They are simple to execute because many resource-sharing services are inherently vulnerable due to the trade-offs made between security and functionality. Even though previous work has shown that such attacks can lead to serious privacy threats, defending against this threat is an area that has remained largely unaddressed. In this work, we advance the state of the art on leaky resource attacks on both attack effectiveness and attack mitigation fronts. We first show that leaky resource attacks have a larger attack surface than what was previously believed, by showing reliable attack implementations that work across a broader range of browsers and by identifying new variants of the attack. We then propose Leakuidator, the first client-side defense that can be deployed right away, without buy-in from browser vendors and website owners. At a high level, Leakuidator identifies potentially suspicious requests made when a webpage is rendered and for each such request: (1) renders the request by first removing cookies from it, and (2) initiates a second request that is identical with the original request (i.e., contains the cookies that were removed), but does not render its response. This additional request maintains compatibility with existing web functionality, such as analytics and tracking services. We have implemented Leakuidator as a browser extension for three Chromium-based browsers. Experimental results show that Leakuidator introduces a small overhead and thus the impact on user experience is minimal. The extension also includes usability knobs, allowing users to reuse past choices and to adjust how strict is the criteria for identifying potentially suspicious requests.

Identifier

85120072476 (Scopus)

ISBN

[9783030900212]

Publication Title

Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering Lnicst

External Full Text Location

https://doi.org/10.1007/978-3-030-90022-9_8

e-ISSN

1867822X

ISSN

18678211

First Page

143

Last Page

163

Volume

399 LNICST

Grant

CNS 1801430

Fund Ref

National Science Foundation

This document is currently not available here.

Plum Print visual indicator of research metrics
PlumX Metrics
  • Citations
    • Citation Indexes: 1
  • Usage
    • Abstract Views: 1
  • Captures
    • Readers: 1
  • Mentions
    • References: 2
see details

Share

COinS