Implementation of covert timing channels based on http cache headers in cloud file storage services
It is shown how covert timing channels based on HTTP cache headers can be implemented in cloud file storage services. Most of the cloud file storages like Google Drive allow users to operate with cache-control headers, particularly with files' ETags. So it is possible to implement covert timing channel based on ETag cache header. Consider two man-in-the-browser attackers, s 1 and s 3, located on different hosts, and fully trusted web server, accessible via https://drive.google.com/drive/, with some file hosted on it. The only requirement for covert channel is that the file should be accessible for writing to s 1 and for reading to s 3. The attacker s 1 sends a request to Google Drive API (POST request to https://www.googleapis.com/drive/v2/files/fileId/touch) to modify the file's last access time (and hence ETag). Then the attacker s 3 sends a request to Google Drive API (GET request to https://www.googleapis.com/drive/v2/files/fileId) to get the file's metadata including ETag. If the recieved header value is the same as before, s 3 considers that he get bit 1, otherwise (when file has been changed and header values do not match) s 3 considers that he get bit 0. This method allows to increase channel's throughput (in comparison with some other methods) and provides the anonymity for communications between attackers s 1 and s 3.
Keywords
botnets, web-application security, covert channels, HTTP, бот-сети, безопасность веб-приложений, скрытые каналы, HTTPAuthors
| Name | Organization | |
| Kolegov D. N. | Tomsk State University | d.n.kolegov@gmail.com |
| Broslavsky O. V. | Tomsk State University | o.v.broslavsky@gmail.com |
| Oleksov N. E. | Tomsk State University | n.e.oleksov@gmail.com |
References
Implementation of covert timing channels based on http cache headers in cloud file storage services | Applied Discrete Mathematics. Supplement. 2015. № 8.