@inproceedings{a6ccd2fd1fe847c39623c7917a8c104e,
title = "Attacking suggest boxes in web applications over HTTPS using side-channel stochastic algorithms",
abstract = "Web applications are subject to several types of attacks. In particular, side-channel attacks consist in performing a statistical analysis of the web traffic to gain sensitive information about a client. In this paper, we investigate how side-channel leaks can be used on search engines such as Google or Bing to retrieve the client{\textquoteright}s search query. In contrast to previous works, due to payload randomization and compression, it is not always possible to uniquely map a search query to a web traffic signature and hence stochastic algorithms must be used. They yield, for the French language, an exact recovery of search word in more than 30\% of the cases. Finally, we present some methods to mitigate such side-channel leaks.",
keywords = "HTTPS, Side-channel leak, Stochastic algorithms, Suggest box, Web application",
author = "Alexander Schaub and Emmanuel Schneider and Alexandros Hollender and Vinicius Calasans and Laurent Jolie and Robin Touillon and Annelie Heuser and Sylvain Guilley and Olivier Rioul",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014 ; Conference date: 27-08-2014 Through 29-08-2014",
year = "2015",
month = jan,
day = "1",
doi = "10.1007/978-3-319-17127-2\_8",
language = "English",
isbn = "9783319171265",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "116--130",
editor = "Indrajit Ray and Bruno Crispo and Javier Lopez",
booktitle = "Risks and Security of Internet and Systems - 9th International Conference, CRiSIS 2014, Revised Selected Papers",
}