ESORICS 2011

Timing is Everything:The Importance of History Detection

FISHING SITE!

Timing is Everything:The Importance of History Detection

1. Old tab has gets a handle to the new tab2. Tricks exist to detect when a user goes

to a new webpage (history detection)3. Attacker detects, and redirects page

to fishing site

Who wrote this code?Identifying the Authors of Program Binaries

Authors Programs

Who wrote which program?

Different authors different coding styles

Who wrote this code?

Idioms (push ebp | * | mov esp,ebp)

(Call) Graphlets

Byte n-grams 0x75, 0x30, 0x90, 0x0c

Use machine learning to map features to authors#Authors#Programs

93834

1911747

32203

Privacy-Preserving DNS

Client DNS Resolver

.be

ugent.be

elis.ugent.be

• ISP’s DNS• Google Public DNS• OpenDNS• …

Knows which websites are visited per user!

Privacy-Preserving DNS

Client DNS Resolver

.be

ugent.be

elis.ugent.be

BroadcastPopular domains

Mix 1 Mix 2 Mix n

Top 100/1000/… domains broadcasted Less communication

Mixing traffic through different mixers hides your identity

• Simulation of latency using real DNS traffic data• Zero latency for >=80% of lookups with broadcasting top 10.000 domains• Analysis of safety of privacy of range queries

Remote Timing Attacks Are Still Practical

OpenSSL TLS handshake withECDSA signatures

Timing of messagesMessagesSignatures

Lattice AttackA.k.a

“Magic”

Automated Information Flow Analysis of Virtualized Infrastructures

• Complex !• Manual analysis is

unfeasible