Distributed computingas a client-side attackDEFCON Russia, DCG-781221/02/2013 Saint-Petersburg, Yandex
Browsers security basics● Same Origin Policy● Content Security Policy● SSL/PKI features  ...● And what about PC resources ?
Resources which availableto site through browser● CPU/GPU utilization● RAM● Local storages● Network connections
Resources which availableto site through browser● CPU/GPU utilization● RAM● Local storages● Network connections <- nothing...
Distributed computing inbrowsers not so new theme● Browser-based distributed evolutionary computation:  performance and sc...
But its may be used as aclient-side attack● XSS● CSRF● SWF malware via ad-networks● Cache-poisoning● CDN hacks
CPU/GPU usagerestrictions● Max execution time per page● Freeze timeouts● Problems for user (cursor freeze, etc)
CPU/GPU usagerestrictions bypasses● Web workers● Low content transferring● Distracting users attention (i.e. video)
● Classic COOKIES● Web Storage (HTML5, localStorage,  sessionStorage objects)● FileAPI (HTML5)● Flash Local Shared Objects...
Local storages restrictions
Local storages restrictions● Flash Local Shared Objects (LSO, flash  cookies): 50Kb per domain● Freeze timeout● Problems f...
Where i can store myrainbows?● 100000 subdomains  ○ 10000 * 50Kb = 5Gb per each clients    browser (5-10 minutes to fill i...
How fast JavaScript?● MD5 (http://jsperf.com/md5-shootout)● MacBook Air mid 2011 http://support.apple.  com/kb/SP631
JavaScript vs HD6990● AMD Radeon HD6990 + oclHashcat-lite:  ○ 11*10^9 ops/sec● MacBook Air mid 2011 + jkm JS + Chrome  24....
How fast Flash?http://www.blooddy.by/ru/crypto/benchmark/● SHA-256  ○ mx.utils.SHA256  ○ as3corelib  ○ blooddy● MD5  ○ as3...
How fast Flash?http://www.blooddy.by/ru/crypto/benchmark/● SHA-256  ○ mx.utils.SHA256  ○ as3corelib  ○ blooddy [x8 faster]...
How fast Flash?
How fast Flash?Make it faster using optimization! Or not :)))● None - 1,7*10^5 ops/sec● Level 1 - 1,7*10^5● Level 2 - 1,7*...
???@ONsec_Lab [http://lab.ONsec.ru]@d0znppd0znpp@onsec.ru
Upcoming SlideShare
Loading in...5
×

Distributed computing in browsers as client side attack

2,205

Published on

3 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total Views
2,205
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
17
Comments
3
Likes
3
Embeds 0
No embeds

No notes for slide

Distributed computing in browsers as client side attack

  1. 1. Distributed computingas a client-side attackDEFCON Russia, DCG-781221/02/2013 Saint-Petersburg, Yandex
  2. 2. Browsers security basics● Same Origin Policy● Content Security Policy● SSL/PKI features ...● And what about PC resources ?
  3. 3. Resources which availableto site through browser● CPU/GPU utilization● RAM● Local storages● Network connections
  4. 4. Resources which availableto site through browser● CPU/GPU utilization● RAM● Local storages● Network connections <- nothing new
  5. 5. Distributed computing inbrowsers not so new theme● Browser-based distributed evolutionary computation: performance and scaling behavior [2007] ○ http://dl.acm.org/citation.cfm?id=1274083● Unwitting distributed genetic programming via asynchronous JavaScript and XML [2007] ○ http://dl.acm.org/citation.cfm?id=1277282
  6. 6. But its may be used as aclient-side attack● XSS● CSRF● SWF malware via ad-networks● Cache-poisoning● CDN hacks
  7. 7. CPU/GPU usagerestrictions● Max execution time per page● Freeze timeouts● Problems for user (cursor freeze, etc)
  8. 8. CPU/GPU usagerestrictions bypasses● Web workers● Low content transferring● Distracting users attention (i.e. video)
  9. 9. ● Classic COOKIES● Web Storage (HTML5, localStorage, sessionStorage objects)● FileAPI (HTML5)● Flash Local Shared Objects (LSO, flash cookies)
  10. 10. Local storages restrictions
  11. 11. Local storages restrictions● Flash Local Shared Objects (LSO, flash cookies): 50Kb per domain● Freeze timeout● Problems for user (cursor freeze, etc)
  12. 12. Where i can store myrainbows?● 100000 subdomains ○ 10000 * 50Kb = 5Gb per each clients browser (5-10 minutes to fill it)● 500 unique visitors on your blog ○ 500 * 5Gb = 2.5Tb data for you ;)
  13. 13. How fast JavaScript?● MD5 (http://jsperf.com/md5-shootout)● MacBook Air mid 2011 http://support.apple. com/kb/SP631
  14. 14. JavaScript vs HD6990● AMD Radeon HD6990 + oclHashcat-lite: ○ 11*10^9 ops/sec● MacBook Air mid 2011 + jkm JS + Chrome 24.0.1312 ○ 2,4*10^5 ops/sec (less than 5*10^4 times) = x 50000
  15. 15. How fast Flash?http://www.blooddy.by/ru/crypto/benchmark/● SHA-256 ○ mx.utils.SHA256 ○ as3corelib ○ blooddy● MD5 ○ as3corelib ○ blooddy
  16. 16. How fast Flash?http://www.blooddy.by/ru/crypto/benchmark/● SHA-256 ○ mx.utils.SHA256 ○ as3corelib ○ blooddy [x8 faster]● MD5 ○ as3corelib ○ blooddy [x10 faster]
  17. 17. How fast Flash?
  18. 18. How fast Flash?Make it faster using optimization! Or not :)))● None - 1,7*10^5 ops/sec● Level 1 - 1,7*10^5● Level 2 - 1,7*10^5
  19. 19. ???@ONsec_Lab [http://lab.ONsec.ru]@d0znppd0znpp@onsec.ru
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×