Protecting encrypted cookies from compression side-channel attacks
| Data(s) |
2015
|
|---|---|
| Resumo |
Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques - heuristic separation of secrets and fixed-dictionary compression|for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve. |
| Formato |
application/pdf |
| Identificador | |
| Publicador |
Sprinegr |
| Relação |
http://eprints.qut.edu.au/80079/1/__staffhome.qut.edu.au_staffgroupm%24_meaton_Desktop_Authors%20draft_Stebila.pdf DOI:10.1007/978-3-662-47854-7_6 Alawatugoda, Janaka, Stebila, Douglas, & Boyd, Colin (2015) Protecting encrypted cookies from compression side-channel attacks. In Financial Cryptography and Data Security: 19th International Conference, FC 2015, Revised Selected Papers [Lecture Notes in Computer Science, Volume 8975], Sprinegr, San Juan, Puerto Rico, The United States of America, pp. 86-106. http://purl.org/au-research/grants/ARC/DP130104304 |
| Direitos |
Copyright 2015 [please consult the authors] |
| Fonte |
School of Electrical Engineering & Computer Science; Science & Engineering Faculty |
| Tipo |
Conference Paper |
