Implementation of covert timing channels based on HTTP cache headers in cloud file storage services

D. N. Kolegov; O. V. Broslavsky; N. E. Oleksov

Geodesic

Parcourir par

Implementation of covert timing channels based on HTTP cache headers in cloud file storage services

D. N. Kolegov ; O. V. Broslavsky ; N. E. Oleksov

Prikladnaya Diskretnaya Matematika. Supplement, no. 8 (2015), pp. 83-85.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

It is shown how covert timing channels based on HTTP cache headers can be implemented in cloud file storage services. Most of the cloud file storages like Google Drive allow users to operate with cache-control headers, particularly with files' ETags. So it is possible to implement covert timing channel based on ETag cache header. Consider two man-in-the-browser attackers, $s_1$ and $s_3$, located on different hosts, and fully trusted web server, accessible via https://drive.google.com/drive, with some file hosted on it. The only requirement for covert channel is that the file should be accessible for writing to $s_1$ and for reading to $s_3$. The attacker $s_1$ sends a request to Google Drive API (POST request to https://www.googleapis.com/drive/v2/files/fileId/touch) to modify the file's last access time (and hence ETag). Then the attacker $s_3$ sends a request to Google Drive API (GET request to https://www.googleapis.com/drive/v2/files/fileId) to get the file’s metadata including ETag. If the recieved header value is the same as before, $s_3$ considers that he get bit 1, otherwise (when file has been changed and header values do not match) $s_3$ considers that he get bit 0. This method allows to increase channel's throughput (in comparison with some other methods) and provides the anonymity for communications between attackers $s_1$ and $s_3$.

Keywords: HTTP, covert channels, web-application security, botnets.

@article{PDMA_2015_8_a30,
     author = {D. N. Kolegov and O. V. Broslavsky and N. E. Oleksov},
     title = {Implementation of covert timing channels based on {HTTP} cache headers in cloud file storage services},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {83--85},
     publisher = {mathdoc},
     number = {8},
     year = {2015},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2015_8_a30/}
}

TY  - JOUR
AU  - D. N. Kolegov
AU  - O. V. Broslavsky
AU  - N. E. Oleksov
TI  - Implementation of covert timing channels based on HTTP cache headers in cloud file storage services
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2015
SP  - 83
EP  - 85
IS  - 8
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2015_8_a30/
LA  - ru
ID  - PDMA_2015_8_a30
ER  -

%0 Journal Article
%A D. N. Kolegov
%A O. V. Broslavsky
%A N. E. Oleksov
%T Implementation of covert timing channels based on HTTP cache headers in cloud file storage services
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2015
%P 83-85
%N 8
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2015_8_a30/
%G ru
%F PDMA_2015_8_a30

D. N. Kolegov; O. V. Broslavsky; N. E. Oleksov. Implementation of covert timing channels based on HTTP cache headers in cloud file storage services. Prikladnaya Diskretnaya Matematika. Supplement, no. 8 (2015), pp. 83-85. http://geodesic.mathdoc.fr/item/PDMA_2015_8_a30/

Bibliographie
Cité par

[1] Kolegov D. N., Broslavskii O. V., Oleksov N. E., “Ob informatsionnykh potokakh po vremeni, osnovannykh na zagolovkakh keshirovaniya protokola HTTP”, Prikladnaya diskretnaya matematika. Prilozhenie, 2014, no. 7, 89–91

[2] Kolegov D. N., Broslavskii O. V., Oleksov N. E., “Issledovanie skrytykh kanalov po vremeni na osnove zagolovkov keshirovaniya protokola HTTP”, Prikladnaya diskretnaya matematika, 2015, no. 2, 71–85