FIESTA: an HTTPS side-channel party
Jose Selvi at AppSec EU 2018
In the past few years, several attacks exploiting side-channel issues in TLS traffic have been launched with the aim of extracting information protected by HTTPS. CRIME, BREACH,, and TIME are all good examples of such attacks. But they are known, and most Internet sites have introduced countermeasures to protect against them. Unfortunately, this is not enough to protect sensitive online information. HTTPS traffic has other side-channels that could be exploited in a similar way, exposing private information. It this paper, we present a new tool, called FIESTA, that will help us test this kind of issues. In addition, we release a new side-channel not used before, affecting the most important technology companies in the Internet.