Mutexion: Mutually Exclusive Compression System for Mitigating Compression Side-Channel Attacks

Abstract

To enhance the performance of web services, web servers often compress data to be delivered. Unfortunately, the data compression technique has also introduced a side effect called compression side-channel attacks (CSCA) . CSCA allows eavesdroppers to unveil secret strings included in the encrypted traffic by observing the length of data. A promising defense technique called Debreach was recently proposed to mitigate CSCA by excluding all secret data in a web page during the compression process. Although Debreach has proven to be safe against CSCA and outperforms other approaches, the exclusion of all secret data from compression eventually resulted in a decreased compression efficiency. In this paper, we present a highly efficient CSCA mitigation system called “Mutexion” ( Mut ually ex clusive compress ion ) which allows us to fully take advantage of compression over an entire web page, including secret data. The key idea behind Mutexion is to fully take advantage of all the matching subsequences within a web page except only for those between secret data and user-controlled data (potentially controlled by an attacker) during the compression process. This approach of Mutexion effectively prevents side-channel leaks of secret data under CSCA misusing user-controlled data in a web page while minimizing the degradation in compression efficiency. It is required for our compressor to trace both secret data and user-controlled data in its compression process of web pages. To meet this requirement, we provide techniques to enable automated annotation of secret and user-controlled data in web pages. We implemented Mutexion as a fully working system to test live web pages and evaluated its performance with respect to security and compression efficiency. Our evaluation results demonstrated that Mutexion effectively prevents CSCA and also achieves almost the same compression ratio as the original zlib, which is vulnerable to CSCA, with a slight increase (0.032 milliseconds (7.9%) on average) in execution time.