{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T21:36:06Z","timestamp":1757540166395,"version":"3.40.3"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319896403"},{"type":"electronic","value":"9783319896410"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-89641-0_11","type":"book-chapter","created":{"date-parts":[[2018,4,10]],"date-time":"2018-04-10T07:23:34Z","timestamp":1523345014000},"page":"189-203","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Path Leaks of HTTPS Side-Channel by Cookie Injection"],"prefix":"10.1007","author":[{"given":"Fuqing","family":"Chen","sequence":"first","affiliation":[]},{"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[]},{"given":"Xiaofeng","family":"Zheng","sequence":"additional","affiliation":[]},{"given":"Jian","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Jianjun","family":"Chen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,4,11]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Barth, A.: HTTP state management mechanism. IETF RFC 6265 (2011). https:\/\/tools.ietf.org\/html\/rfc6265","DOI":"10.17487\/rfc6265"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. IETF RFC 5246 (2008). https:\/\/tools.ietf.org\/html\/rfc5246","DOI":"10.17487\/rfc5246"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Barth, A.: The web origin concept. IETF RFC 6454 (2011). https:\/\/tools.ietf.org\/html\/rfc6454","DOI":"10.17487\/rfc6454"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Hodges, J., Jackson, C., Barth, A.: HTTP strict transport security (HSTS). IETF RFC 6797 (2012). https:\/\/tools.ietf.org\/html\/rfc6797","DOI":"10.17487\/rfc6797"},{"key":"11_CR5","unstructured":"Johnston, P., Moore, R.: Multiple browser cookie injection vulnerabilities (2004). http:\/\/www.westpoint.ltd.uk\/advisories\/wp-04-0001.txt"},{"key":"11_CR6","doi-asserted-by":"publisher","unstructured":"Chen, S., Ziqing, M., Yi-Min, W., Ming, Z.: Pretty-bad-proxy: an overlooked adversary in browsers\u2019 HTTPS deployments. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, pp. 347\u2013359. IEEE Computer Society (2009). https:\/\/doi.org\/10.1109\/SP.2009.12","DOI":"10.1109\/SP.2009.12"},{"key":"11_CR7","unstructured":"Zheng, X., Jiang, J., Liang, J., Duan, H., Chen, S., Wan, T., Weaver, N.: Cookies lack integrity: real-world implications. In: 24th USENIX Security Symposium, USENIX Security 2015, Washington, D.C., pp. 707\u2013721 (2015)"},{"key":"11_CR8","unstructured":"Vranken, G.: HTTPS bicycle attack (2015). https:\/\/guidovranken.wordpress.com\/2015\/12\/30\/https-bicycle-attack\/"},{"key":"11_CR9","unstructured":"Coull, S.E., Collins, M.P., Monrose, F., Reiter, M.K., Wright, C.V.: On web browsing privacy in anonymized NetFlows. In: 16th USENIX Security Symposium, pp. 339\u2013352 (2007)"},{"key":"11_CR10","unstructured":"Danezis, G. Traffic analysis of the HTTP protocol over TLS (2008). http:\/\/www.cs.ucl.ac.uk\/staff\/G.Danezis\/papers\/TLSanon.pdf"},{"key":"11_CR11","unstructured":"Luo, X., Zhou, P., Chan, E.W.W., Lee, W., Chang, R.K.C., Perdisci, R.: HTTPOS: sealing information leaks with browser-side obfuscation of encrypted flows. In: Proceedings of the Network and Distributed Systems Symposium (NDSS), San Diego, California, USA (2011)"},{"key":"11_CR12","unstructured":"Wright, C.V., Coull, S.E., Monrose, F.: Traffic morphing: an efficient defense against statistical traffic analysis. In: Proceedings of the Network and Distributed Systems Symposium (NDSS), pp. 237\u2013250. IEEE (2009)"},{"key":"11_CR13","unstructured":"Rizzo, J., Duong, T.: The CRIME attack. In: Ekoparty Security Conference (2012)"},{"key":"11_CR14","unstructured":"Gluck, Y., Harris, N., Prado, A.: BREACH: reviving the CRIME attack (2013). http:\/\/breachattack.com\/resources\/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf"},{"key":"11_CR15","volume-title":"The Tangled Web: A Guide to Securing Modern Web Applications","author":"M Zalewski","year":"2012","unstructured":"Zalewski, M.: The Tangled Web: A Guide to Securing Modern Web Applications. No Starch Press, San Francisco (2012)"},{"key":"11_CR16","unstructured":"Apache: apache core features (2017). http:\/\/httpd.apache.org\/docs\/2.4\/mod\/core.html#limitrequestfieldsize"}],"container-title":["Lecture Notes in Computer Science","Constructive Side-Channel Analysis and Secure Design"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-89641-0_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T15:20:23Z","timestamp":1709824823000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-89641-0_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319896403","9783319896410"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-89641-0_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"11 April 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"COSADE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Constructive Side-Channel Analysis and Secure Design","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 April 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 April 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cosade2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cosade.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}