{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,9]],"date-time":"2025-05-09T16:30:39Z","timestamp":1746808239074,"version":"3.40.5"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031514753"},{"type":"electronic","value":"9783031514760"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-51476-0_1","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:02:29Z","timestamp":1704870149000},"page":"3-22","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Time Will Tell: Exploiting Timing Leaks Using HTTP Response Headers"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6142-8057","authenticated-orcid":false,"given":"Vik","family":"Vanderlinden","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6846-9081","authenticated-orcid":false,"given":"Tom Van","family":"Goethem","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8971-9470","authenticated-orcid":false,"given":"Mathy","family":"Vanhoef","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"1_CR1","unstructured":"Alex Christensen: Reduce resolution of performance.now. https:\/\/bugs.webkit.org\/show_bug.cgi?id=146531 (2015)"},{"key":"1_CR2","unstructured":"Boris Zbarsky: Chromium: window.performance.now does not support sub-millisecond precision on windows. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=158234#c110 (2015)"},{"key":"1_CR3","unstructured":"Zbarsky, B.: Clamp the resolution of performance.now() calls to 5us because otherwise we allow various timing attacks that depend on high accuracy timers (2015). https:\/\/hg.mozilla.org\/integration\/mozilla-inbound\/rev\/48ae8b5e62ab"},{"key":"1_CR4","doi-asserted-by":"publisher","unstructured":"Bortz, A., Boneh, D., Nandy, P.: Exposing private information by timing web applications. In: 16th International World Wide Web Conference, WWW2007, pp. 621\u2013628 (2007). https:\/\/doi.org\/10.1145\/1242572.1242656","DOI":"10.1145\/1242572.1242656"},{"key":"1_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-642-23822-2_20","volume-title":"Computer Security \u2013 ESORICS 2011","author":"BB Brumley","year":"2011","unstructured":"Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355\u2013371. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23822-2_20"},{"key":"1_CR6","doi-asserted-by":"publisher","unstructured":"Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Networks 48(5), 701\u2013716 (2005). https:\/\/doi.org\/10.1016\/j.comnet.2005.01.010, https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S1389128605000125","DOI":"10.1016\/j.comnet.2005.01.010"},{"key":"1_CR7","unstructured":"Cox, B.: Splitting the ping (2022). https:\/\/blog.benjojo.co.uk\/post\/ping-with-loss-latency-split"},{"key":"1_CR8","doi-asserted-by":"publisher","unstructured":"Crosby, S.A., Wallach, D.S., Riedi, R.H.: Opportunities and limits of remote timing attacks. ACM Trans. Inf. Syst. Secur. 12(3), 1\u201329 (2009). https:\/\/doi.org\/10.1145\/1455526.1455530, https:\/\/dl.acm.org\/doi\/10.1145\/1455526.1455530","DOI":"10.1145\/1455526.1455530"},{"key":"1_CR9","unstructured":"EUSPA: European GNSS Service Centre. https:\/\/www.gsc-europa.eu\/. Accessed 28 May 2023"},{"key":"1_CR10","doi-asserted-by":"publisher","unstructured":"Felten, E.W., Schneider, M.A.: Timing attacks on Web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security - CCS 2000, New York, New York, USA, pp. 25\u201332. ACM Press (2000). https:\/\/doi.org\/10.1145\/352600.352606, http:\/\/portal.acm.org\/citation.cfm?doid=352600.352606","DOI":"10.1145\/352600.352606"},{"key":"1_CR11","doi-asserted-by":"publisher","unstructured":"Gelernter, N., Herzberg, A.: Cross-Site Search Attacks. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. vol. 2015-October, New York, NY, USA, pp. 1394\u20131405. ACM (2015). https:\/\/doi.org\/10.1145\/2810103.2813688, https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813688","DOI":"10.1145\/2810103.2813688"},{"key":"1_CR12","unstructured":"van Goethem, T., P\u00f6pper, C., Joosen, W., Vanhoef, M.: Timeless timing attacks: Exploiting concurrency to leak secrets over remote connections. In: Proceedings of the 29th USENIX Security Symposium, pp. 1985\u20132002 (2020)"},{"key":"1_CR13","unstructured":"van Goethem, T., Vanhoef, M., Piessens, F., Joosen, W.: Request and conquer: exposing cross-origin resource size. In: Proceedings of the 25th USENIX Security Symposium, pp. 447\u2013462 (2016)"},{"key":"1_CR14","unstructured":"HTTP Archive Contributors: The HTTP Archive. https:\/\/httparchive.org\/. Accessed 28 May 2023"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"PC Kocher","year":"1996","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104\u2013113. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_9"},{"key":"1_CR16","doi-asserted-by":"publisher","unstructured":"Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczy\u0144ski, M., Joosen, W.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: Proceedings of the 26th Annual Network and Distributed System Security Symposium. NDSS 2019 (2019). https:\/\/doi.org\/10.14722\/ndss.2019.23386","DOI":"10.14722\/ndss.2019.23386"},{"key":"1_CR17","unstructured":"LiteSpeed Technologies Inc.: LiteSpeed Web Server. https:\/\/www.litespeedtech.com\/products\/litespeed-web-server. Accessed 04 Jun 2023"},{"key":"1_CR18","unstructured":"MDN contributors: Same-origin policy (2023). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy"},{"key":"1_CR19","unstructured":"Mehta, A., Alzayat, M., de\u00a0Viti, R., Brandenburg, B.B., Druschel, P., Garg, D.: Pacer: network side-channel mitigation in the cloud (2019). http:\/\/arxiv.org\/abs\/1908.11568"},{"key":"1_CR20","unstructured":"Mills, D., Martin, B., Kasch: A Border Gateway Protocol 4 (BGP-4). RFC\u00a05905, RFC Editor, June 2010. https:\/\/www.rfc-editor.org\/rfc\/rfc5905.txt"},{"key":"1_CR21","doi-asserted-by":"publisher","unstructured":"Murdoch, S.J.: Hot or not: revealing hidden services by their clock skew, pp. 27\u201336. ACM Press (2006). https:\/\/doi.org\/10.1145\/1180405.1180410, http:\/\/dl.acm.org\/citation.cfm?doid=1180405.1180410","DOI":"10.1145\/1180405.1180410"},{"key":"1_CR22","unstructured":"Network Time Foundation: Clock discipline algorithm (2022). https:\/\/www.ntp.org\/documentation\/4.2.8-series\/discipline\/"},{"key":"1_CR23","unstructured":"Network Time Foundation: IEEE 1588 precision time protocol (PTP) (2022). https:\/\/www.ntp.org\/reflib\/ptp\/. Accessed 28 May 2023"},{"key":"1_CR24","unstructured":"Nginx Contributors: Nginx. https:\/\/nginx.org\/en\/. Accessed 28 May 2023"},{"key":"1_CR25","unstructured":"OpenJS Foundation: Express - Node.js web application framework. https:\/\/expressjs.com\/. Accessed 04 Jun 2023"},{"key":"1_CR26","doi-asserted-by":"publisher","unstructured":"Pucha, H., Zhang, Y., Mao, Z.M., Hu, Y.C.: Understanding network delay changes caused by routing events. ACM SIGMETRICS Perform. Eval. Rev. 35(1), 73\u201384 (2007). https:\/\/doi.org\/10.1145\/1269899.1254891, https:\/\/dl.acm.org\/doi\/10.1145\/1269899.1254891","DOI":"10.1145\/1269899.1254891"},{"key":"1_CR27","unstructured":"Python Contributors: Welcome to Flask. https:\/\/flask.palletsprojects.com\/en\/2.3.x\/. Accessed 04 Jun 2023"},{"key":"1_CR28","unstructured":"Fielding, R., Nottingham, M., Reschke, J.: Rfc 9110: Http semantics-date\/time formats. https:\/\/www.rfc-editor.org\/rfc\/rfc9110#http.date"},{"key":"1_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-319-70972-7_13","volume-title":"Financial Cryptography and Data Security","author":"M Schwarz","year":"2017","unstructured":"Schwarz, M., Maurice, C., Gruss, D., Mangard, S.: Fantastic timers and where to find them: high-resolution microarchitectural attacks in JavaScript. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 247\u2013267. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70972-7_13"},{"key":"1_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1007\/978-3-030-29959-0_14","volume-title":"Computer Security \u2013 ESORICS 2019","author":"M Schwarz","year":"2019","unstructured":"Schwarz, M., Schwarzl, M., Lipp, M., Masters, J., Gruss, D.: NetSpectre: read arbitrary memory over network. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 279\u2013299. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-29959-0_14"},{"key":"1_CR31","unstructured":"Smith, M., Disselkoen, C., Narayan, S., Brown, F., Stefan, D.: Browser history revisited. In: 12th USENIX Workshop on Offensive Technologies, WOOT 2018, co-located with USENIX Security 2018 (1) (2018)"},{"key":"1_CR32","unstructured":"The Apache Foundation: The Apache HTTP Server Project. https:\/\/httpd.apache.org\/. Accessed 28 May 2023"},{"key":"1_CR33","unstructured":"United States Space Force: GPS: The Global Positioning System. https:\/\/www.gps.gov\/. Accessed 28 May 2023"},{"key":"1_CR34","doi-asserted-by":"publisher","unstructured":"Van Goethem, T., Joosen, W., Nikiforakis, N.: The clock is still ticking: timing attacks in the modern web. In: Proceedings of the ACM Conference on Computer and Communications Security, vol. 2015-October, pp. 1382\u20131393 (2015). https:\/\/doi.org\/10.1145\/2810103.2813632","DOI":"10.1145\/2810103.2813632"},{"key":"1_CR35","doi-asserted-by":"publisher","unstructured":"Vanderlinden, V., Joosen, W., Vanhoef, M.: Can you tell me the time? Security implications of the server-timing header. In: Proceedings 2023 Workshop on Measurements, Attacks, and Defenses for the Web. No. March, Internet Society (2023). https:\/\/doi.org\/10.14722\/madweb.2023.23087, https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2023\/02\/madweb2023-23087-paper.pdf","DOI":"10.14722\/madweb.2023.23087"},{"key":"1_CR36","unstructured":"whatwg contributors: Fetch standard: Cors protocol (2023). https:\/\/fetch.spec.whatwg.org\/#http-cors-protocol"},{"key":"1_CR37","unstructured":"Zander, S., Murdoch, S.: An improved clock-skew measurement technique for revealing hidden services (2008)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-51476-0_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:02:39Z","timestamp":1704870159000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-51476-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031514753","9783031514760"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-51476-0_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}