Projects per year
Abstract
Inferring user activities on a computer from network traffic is a well-studied attack vector. Previous work has shown that they can infer websites visited, videos watched, and even user actions within specific applications. However, all of these attacks require a scenario where the attacker can observe the (possibly encrypted) network traffic, e.g., through a person-in-the-middle (PITM) attack or sitting in physical proximity to monitor WiFi packets.
In this paper, we present SnailLoad, a new side-channel attack where the victim loads an asset, e.g., a file or an image, from an attacker-controlled server, exploiting the victim’s network latency as a side channel tied to activities on the victim system, e.g., watching videos or websites. SnailLoad requires no JavaScript, no form of code execution on the victim system, and no user interaction but only a constant exchange of network packets, e.g., a network connection in the background. SnailLoad measures the latency to the victim system and infers the network activity on the victim system from the latency variations. We demonstrate SnailLoad in a non-PITM video-fingerprinting attack, where we use a single SnailLoad trace to infer what video a victim user is watching momentarily. For our evaluation, we focused on a set of 10 YouTube videos the victim watches, and show that SnailLoad reaches classification F1 scores of up to 98 %. We also evaluated SnailLoad in an open-world top 100 website fingerprinting attack, resulting in an F1 score of 62.8 %. This shows that numerous prior works, based on network traffic observations in PITM attack scenarios, could potentially be lifted to non-PITM remote attack scenarios.
In this paper, we present SnailLoad, a new side-channel attack where the victim loads an asset, e.g., a file or an image, from an attacker-controlled server, exploiting the victim’s network latency as a side channel tied to activities on the victim system, e.g., watching videos or websites. SnailLoad requires no JavaScript, no form of code execution on the victim system, and no user interaction but only a constant exchange of network packets, e.g., a network connection in the background. SnailLoad measures the latency to the victim system and infers the network activity on the victim system from the latency variations. We demonstrate SnailLoad in a non-PITM video-fingerprinting attack, where we use a single SnailLoad trace to infer what video a victim user is watching momentarily. For our evaluation, we focused on a set of 10 YouTube videos the victim watches, and show that SnailLoad reaches classification F1 scores of up to 98 %. We also evaluated SnailLoad in an open-world top 100 website fingerprinting attack, resulting in an F1 score of 62.8 %. This shows that numerous prior works, based on network traffic observations in PITM attack scenarios, could potentially be lifted to non-PITM remote attack scenarios.
Original language | English |
---|---|
Title of host publication | USENIX Security Symposium 2024 |
Place of Publication | Philadelphia, PA |
Publisher | USENIX Association |
Pages | 2315-2332 |
ISBN (Electronic) | 978-1-939133-44-1 |
Publication status | Published - Aug 2024 |
Event | 33rd USENIX Security Symposium: USENIX Security 2024 - Philadelphia Marriott Downtown, Philadelphia, United States Duration: 14 Aug 2024 → 16 Aug 2024 https://www.usenix.org/conference/usenixsecurity24 |
Conference
Conference | 33rd USENIX Security Symposium: USENIX Security 2024 |
---|---|
Abbreviated title | USENIX |
Country/Territory | United States |
City | Philadelphia |
Period | 14/08/24 → 16/08/24 |
Internet address |
ASJC Scopus subject areas
- Computer Science (miscellaneous)
Fields of Expertise
- Information, Communication & Computing
Fingerprint
Dive into the research topics of 'SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript'. Together they form a unique fingerprint.Projects
- 3 Active
-
-
Special Research Area (SFB) F85 Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
1/01/23 → 31/12/26
Project: Research project
-
FWF - NeRAM - Next-Generation Rowhammer Attacks and Mitigations
1/12/22 → 30/11/25
Project: Research project
-
SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript
Stefan Gast (Speaker)
15 Aug 2024Activity: Talk or presentation › Talk at conference or symposium › Science to science
-
SnailLoad: Anyone on the Internet Can Learn What You're Doing
Stefan Gast (Speaker) & Daniel Gruss (Speaker)
7 Aug 2024Activity: Talk or presentation › Invited talk at conference or symposium › Science to public