Side Channel Attack
Is your browser data really safe?
This new type of attack uses machine learning to identify the websites you browse and the credentials you use to access those websites, such as usernames and passwords. As the attack's name implies, it does not directly target the communication channels between your browser and the remote server. Instead, it observes computer behavior, such as temperature changes, interrupts that occur in other processes, and the computer's timer values at fixed intervals while a certain website is being visited. Hackers use this data to determine the website being accessed by running machine learning algorithms on their already collected data.
This type of attack is almost similar to a burglar who tries to break into a safe with a stethoscope. In a side channel attack, the hacker attempts to decode information by collecting device behavioral data in the same way a burglar tries to open a safe by guessing the number combination based on the sounds the safe makes when the number wheel turns.
Another well-known attack, called a website fingerprint attack, is a type of side channel attack that solely depends on the number of memory accesses as a certain website loads. Machine learning is then used to figure out the website being accessed.
Image is from : What is a Side Channel Attack?/
Fight Back Strategies
Create Browser Extensions: Develop browser extensions that generate random interrupts, such as random pings to various websites while a certain website is being visited. This makes the data collected from side channels by hackers useless. Although this method can drop the attack's accuracy from 96% to 62%, it may significantly slow down computer performance.
Adjust Device Timer: Set the device timer to return a close value instead of the actual value, making it much harder to measure the computer's activity over an interval. This method can reduce the attack's accuracy from 96% to 1% without slowing down computer performance.
Comments
Post a Comment