Deterministic Browser

TL;DR

The paper introduces a deterministic browser approach that provably prevents timing attacks by ensuring consistent timing information for JavaScript observers, without impacting user experience.

Contribution

It proposes a physics-inspired deterministic browser model that fundamentally mitigates timing attacks, unlike existing jitter-based defenses.

Findings

Prototype DeterFox defends against timing attacks

Consistent timing information for JavaScript observers

No noticeable slowdown for users

Abstract

Timing attacks have been a continuous threat to users' privacy in modern browsers. To mitigate such attacks, existing approaches, such as Tor Browser and Fermata, add jitters to the browser clock so that an attacker cannot accurately measure an event. However, such defenses only raise the bar for an attacker but do not fundamentally mitigate timing attacks, i.e., it just takes longer than previous to launch a timing attack. In this paper, we propose a novel approach, called deterministic browser, which can provably prevent timing attacks in modern browsers. Borrowing from Physics, we introduce several concepts, such as an observer and a reference frame. Specifically, a snippet of JavaScript, i.e., an observer in JavaScript reference frame, will always obtain the same, fixed timing information so that timing attacks are prevented; at contrast, a user, i.e., an oracle observer, will perceive the JavaScript differently and do not experience the performance slowdown. We have implemented a prototype called DeterFox and our evaluation shows that the prototype can defend against browser-related timing attacks.