22.06.2026
An Attack So Effective, you can Teach it to Undergrads: The Story of the Targeted Deanonymization Side Channel Attack
What is the targeted deanonymization side-channel attack? Why hasn’t it been fixed yet? Will somebody volunteer for the live demo?
Abstract
They are remotely programmable, they are installed on every computer and every phone, and they process a huge amount of extremely sensitive information. This combination makes web browsers a permanent target for attackers in general, and for side-channel analysts in particular.
This talk will survey one such attack, targeted deanonymization. I will explain the attack, talk about its evolution from desktop to mobile to classroom, discuss defenses against the attack, and try to understand, together with the audience, why it still exists four years after it was disclosed to Google. If a suitable volunteer is found, the talk will also include a live demo on one of the attendees’ personal devices.
Joint work with Tapan Basak, Robert Blacha, Mojtaba Zaheri, Reza Curtmola and Hai Phan.
Bio
Prof. Yossi Oren is an Associate Professor in the Institute for Software, Systems and Security (S³) at the Stein Faculty of Computer and Information Science at Ben Gurion University of the Negev, and a member of BGU’s Cyber Security Research Center. Prior to joining BGU, Yossi was a Post-Doctoral Research Scientist in the Network Security Lab at Columbia University in the City of New York and a member of the security lab at Samsung Research Israel. He holds a Ph.D. in Electrical Engineering from Tel-Aviv University (thesis), and an M.Sc. in Computer Science from the Weizmann Institute of Science (thesis).
His research interests include implementation security (side-channel attacks, micro-architectural attacks, power analysis and other hardware attacks and countermeasures; low-resource cryptographic constructions for lightweight computers) and cryptography in the real world (consumer and voter privacy in the digital era; web application security). He has been recognized by The Register as a Top Boffin.
Photo provided by speaker
Abstract
They are remotely programmable, they are installed on every computer and every phone, and they process a huge amount of extremely sensitive information. This combination makes web browsers a permanent target for attackers in general, and for side-channel analysts in particular.
This talk will survey one such attack, targeted deanonymization. I will explain the attack, talk about its evolution from desktop to mobile to classroom, discuss defenses against the attack, and try to understand, together with the audience, why it still exists four years after it was disclosed to Google. If a suitable volunteer is found, the talk will also include a live demo on one of the attendees’ personal devices.
Joint work with Tapan Basak, Robert Blacha, Mojtaba Zaheri, Reza Curtmola and Hai Phan.
Bio
Prof. Yossi Oren is an Associate Professor in the Institute for Software, Systems and Security (S³) at the Stein Faculty of Computer and Information Science at Ben Gurion University of the Negev, and a member of BGU’s Cyber Security Research Center. Prior to joining BGU, Yossi was a Post-Doctoral Research Scientist in the Network Security Lab at Columbia University in the City of New York and a member of the security lab at Samsung Research Israel. He holds a Ph.D. in Electrical Engineering from Tel-Aviv University (thesis), and an M.Sc. in Computer Science from the Weizmann Institute of Science (thesis).
His research interests include implementation security (side-channel attacks, micro-architectural attacks, power analysis and other hardware attacks and countermeasures; low-resource cryptographic constructions for lightweight computers) and cryptography in the real world (consumer and voter privacy in the digital era; web application security). He has been recognized by The Register as a Top Boffin.
Photo provided by speaker