Академический Документы
Профессиональный Документы
Культура Документы
Problem Statement
The problem states: How can user’s browsing information and privacy be secured from timing
attacks usually done when they visit attackers’ sites?
Impact
Firstly, this paper sensitizes deeply on how vulnerable ones browsing information is to
subtle untraceable attacks.
Secondly, it enlightens greatly about how the cache works and how its core strength
which in providing fast access to already visited information is a key weakness to the
security of the user’s browsing history and privacy.
Tools that provide anonymous web browsing do not even help prevent these types of
attacks and could rather be helping the attacks. With this knowledge, a user will not be
wasting time putting his information at even greater risks by installing these tools.
Strengths
The paper proposes a robust and more deterministic approach to browser information
security by redesigning the browser. I think this solution is most suitable because the
problem is due to inherent properties of all core browser design.
The paper also highlights a common phenomenon is engineering solutions. At times the
best solution to one problem, poses a new kind of problem. Caching makes access to
recently visited webpages and files faster. However, it introduced vulnerability in ones
browsing history because using access timing, an attacker can keep track of ones
browsing history which can be used in very undesirable ways without the user’s
knowledge nor consent.
Date: 22/09/2018
NAME: Kizito Nyuytiymbiy Andrew ID: knyuytiy Paper Review_#: 4
The researchers did preliminary testing to indicate that their results and conclusions were
not affected by the choice of browser used in the research [1]. They used Netscape
Navigator 4.5 and tested too with Internet Explorer.
The researchers distinguished their experimental conditions and results from what is
likely to be in practice. Like in the cache hits and misses they observed while running test
where the server and the client are in one network, they said in practical circumstances,
miss times would be longer, giving the attacker even higher measurement accuracy than
our experiments show.
Weaknesses
The experiments were done in one departmental network which hosts both the Web
server and the client browser. This proximity setup made cache miss times to be much
lower than they would be in practice, thereby making it artificially difficult to distinguish
hits from misses [1]. The real-world problem was therefore not directly replicated but
from this inadequate setup, logical projections and inductions were made.
References
Date: 22/09/2018