debreach: Selective Dictionary Compression to Prevent BREACH and CRIME
2017-07
Loading...
View/Download File
Persistent link to this item
Statistics
View StatisticsJournal Title
Journal ISSN
Volume Title
Title
debreach: Selective Dictionary Compression to Prevent BREACH and CRIME
Authors
Published Date
2017-07
Publisher
Type
Thesis or Dissertation
Abstract
Compression side-channel attacks like CRIME and BREACH have made compression a liability even though it is a powerful tool for improving efficiency. We present debreach, a step towards a general and robust mitigation for these attacks. A modified DEFLATE compressor with output that is fully backwards-compatible with existing decompressors, debreach has the ability to mitigate compression side-channels by excluding from compression sensitive data (e.g., security tokens, emails) identified either by explicit byte ranges or through string matching. In terms of usability, security, and efficiency, we find that string matching is well-suited to the task of protecting security tokens, but we also find that existing approaches to token security work equally as well. On the other hand, we find explicit byte ranges are well-suited to protect arbitrary content, whereas existing approaches lack in either efficiency or generality. When compared to the widely-used and insecure zlib in realistic scenarios, explicit byte ranges reduce throughput in networked connections by 16-24% on popular website's data, though this still results in a 106-269% improvement over not compressing depending on the available bandwidth. While the reduction is significant, we show that debreach can still improve throughput on connections between 112-208 Mb/s. We end with a discussion of practical use cases for debreach along with suggestions for their implementation and potential improvements to the algorithm.
Keywords
Description
University of Minnesota M.S. thesis. July 2017. Major: Computer Science. Advisor: Peter Peterson. 1 computer file (PDF); vi, 81 pages.
Related to
Replaces
License
Series/Report Number
Funding information
Isbn identifier
Doi identifier
Previously Published Citation
Suggested citation
Paulsen, Brandon. (2017). debreach: Selective Dictionary Compression to Prevent BREACH and CRIME. Retrieved from the University Digital Conservancy, https://hdl.handle.net/11299/190584.
Content distributed via the University Digital Conservancy may be subject to additional license and use restrictions applied by the depositor. By using these files, users agree to the Terms of Use. Materials in the UDC may contain content that is disturbing and/or harmful. For more information, please see our statement on harmful content in digital repositories.