Skip to main content
SpringerLink
Log in

The Risks of WebGL: Analysis, Evaluation and Detection

  • Conference paper
  • First Online:
Computer Security – ESORICS 2019 (ESORICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11736))

Included in the following conference series:

Abstract

WebGL is a browser feature that enables JavaScript-based control of the graphics processing unit (GPU) to render interactive 3D and 2D graphics, without the use of plug-ins. Exploiting WebGL for attacks will affect billions of users since browsers serve as the main interaction mechanism with the world wide web. This paper explores the potential threats derived from the recent move by browsers from WebGL 1.0 to the more powerful WebGL 2.0. We focus on the possible abuses of this feature in the context of distributed cryptocurrency mining. Our evaluation of the attacks also includes the practical aspects of successful attacks, such as stealthiness and user-experience. Considering the danger of WebGL abuse, as observed in the experiments, we designed and evaluated a proactive defense. We implemented a Chrome extension that proved itself effective in detecting and blocking WebGL. We demonstrate the major improvements of WebGL 2.0 and our results show that it is possible to use WebGL 2.0 in distributed attacks under real-world conditions. Although WebGL 2.0 shows similar hash rates as CPU-based techniques, WebGL 2.0 proved to be significantly harder to detect and has a lesser effect on user experience.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AdBlock Extension. https://getadblock.com/

  2. Coinhive – Monero JavaScript Mining. https://coinhive.com/

  3. CryptoNote - the next generation cryptocurrency. https://cryptonote.org/

  4. Keccak Team. https://keccak.team/keccak.html

  5. MongoDB. https://www.mongodb.com/

  6. Node.js. https://nodejs.org

  7. The Skein Hash Function Family. http://www.skein-hash.info/

  8. WebAssembly High-Level Goals. https://github.com/WebAssembly/design/blob/master/HighLevelGoals.md

  9. Home—Monero - secure, private, untraceable (2014). https://getmonero.org/

  10. Alcantara, D.A., et al.: Real-time parallel hashing on the GPU. ACM Trans. Grap. (TOG) 28(5), 154 (2009)

    Google Scholar 

  11. Belkin, A., Gelernter, N., Cidon, I.: The risks of WebGL: analysis, evaluation and detection (2019). https://arxiv.org/abs/1904.13071

  12. Blanchou, M.: Harnessing GPUs building better browser based botnets. Black Hat Europe (2013)

    Google Scholar 

  13. Blockgeeks: What Is Hashing? Under the Hood of Blockchain (2017). https://blockgeeks.com/guides/what-is-hashing/

  14. Dorsey, B.: Browser as botnet, or the coming war on your web browser (2018). https://medium.com/@brannondorsey/browser-as-botnet-or-the-coming-war-on-your-web-browser-be920c4f718

  15. Krebs, B.: Who and What Is Coinhive? (2018). https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/

  16. Check Point Research Team: Crypto Miners - The Silent CPU Killer of 2017 (2017). https://blog.checkpoint.com/2017/10/23/crypto-miners-the-silent-cpu-killer-of-2017

  17. CryptoNote: CryptoNight Hash Function (2013). https://cryptonote.org/cns/cns008.txt

  18. Jackson, D.: WebGL 1.0 specification, October 2014. https://www.khronos.org/registry/webgl/specs/1.0/

  19. Jackson, D., Gilbert, J.: WebGL 2.0 specification, November 2016. https://www.khronos.org/registry/webgl/specs/latest/2.0/

  20. Gómez, E.: Monero (XMR) on the rise following its inclusion in the darknet market AlphaBay (2016). https://themerkle.com/monero-xmr-on-the-rise-following-its-inclusion-in-the-darknet-market-alphabay/

  21. Erkkilä, J.P.: Websocket security analysis, pp. 2–3. Aalto University School of Science (2012)

    Google Scholar 

  22. Federal Information Processing Standards Publication 197, NIST: Announcing the Advanced Encryption Standard (2001). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf

  23. Gelernter, N., Grinstein, Y., Herzberg, A.: Cross-site framing attacks. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 161–170. ACM (2015)

    Google Scholar 

  24. Goethem, T.V., Vanhoef, M., Piessens, F., Joosen, W.: Request and conquer: exposing cross-origin resource size. In: 25th USENIX Security Symposium (USENIX Security 2016), Austin, TX, USA, pp. 447–462, August 2016

    Google Scholar 

  25. Groestl Team: Hash function Groestl - SHA-3 candidate. http://www.groestl.info/

  26. Hong, G., et al.: How you get shot in the back: a systematical study about cryptojacking in the real world (2018)

    Google Scholar 

  27. Wu, H.: Hash Function JH. http://www3.ntu.edu.sg/home/wuhj/research/jh/index.html

  28. Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld, O.: Digging into browser-based crypto mining (2018)

    Google Scholar 

  29. Grunzweig, J.: The rise of the cryptocurrency miners (2018). https://researchcenter.paloaltonetworks.com/2018/06/unit42-rise-cryptocurrency-miners/

  30. JP Buntinx: The early history of Monero in 500 words (2017). https://themerkle.com/the-early-history-of-monero-in-500-words/

  31. Segura, J.: Persistent drive-by cryptomining coming to a browser near you (2017). https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/

  32. Konoth, R.K., et al.: MineSweeper: an in-depth look into drive-by cryptocurrency mining and its defense (2018)

    Google Scholar 

  33. Kudelski Security: The BLAKE2 cryptographic hash and message authentication code (2015). https://tools.ietf.org/html/rfc7693

  34. Lam, V., Antonatos, S., Akritidis, P., Anagnostakis, K.G.: Puppetnets: misusing web browsers as a distributed attack infrastructure. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 221–234. ACM (2006)

    Google Scholar 

  35. Lee, S., Kim, H., Kim, J.: Identifying cross-origin resource status using application cache. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015 (2015)

    Google Scholar 

  36. Xu, L., Intel Corporation: Securing the enterprise with Intel AES-NI (2010). https://www.intel.com/content/dam/doc/white-paper/enterprise-security-aes-ni-white-paper.pdf

  37. Nadeau, M.: What is cryptojacking? How to prevent, detect, and recover from it. https://www.csoonline.com/article/3253572/internet/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html

  38. Mozilla Developer Network: Cache API. https://developer.mozilla.org/en-US/docs/Web/API/Cache

  39. Mozilla Developer Network: Using web workers. https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers

  40. Mozilla Developer Network: WebGL. https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API

  41. Gelernter, N.: Timing attacks have never been so practical: advanced cross-site search attacks. Black Hat USA (2016)

    Google Scholar 

  42. Papadopoulos, P., Ilia, P., Polychronakis, M., Markatos, E.P., Ioannidis, S., Vasiliadis, G.: Master of web puppets: abusing web browsers for persistent and stealthy computation (2018)

    Google Scholar 

  43. Pellegrino, G., Rossow, C., Ryba, F.J., Schmidt, T.C., Wählisch, M.: Cashing out the great cannon? On browser-based DDoS attacks and economics. In: 9th USENIX Workshop on Offensive Technologies (WOOT 2015) (2015)

    Google Scholar 

  44. Hackett, R.: Popular google chrome extension caught mining cryptocurrency on thousands of computers (2018). http://fortune.com/2018/01/02/google-chrome-extension-cryptocurrency-mining-monero/

  45. Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based cryptojacking (2018)

    Google Scholar 

  46. Taylor, M.B.: Bitcoin and the age of bespoke silicon. In: Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, p. 16. IEEE Press (2013)

    Google Scholar 

  47. Van Goethem, T., Joosen, W., Nikiforakis, N.: The clock is still ticking: timing attacks in the modern web. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1382–1393. ACM (2015)

    Google Scholar 

  48. W3C: Service Workers, June 2015. https://www.w3.org/TR/service-workers/

  49. W3C: Web Notifications, October 2015. https://www.w3.org/TR/notifications/

  50. WASM: WebAssembly. https://webassembly.org/

Download references

Acknowledgements

This research was supported by a grant from the Ministry of Science and Technology, Israel.

Author information

Authors and Affiliations

  1. Technion University, Israel Institute of Technology, Haifa, Israel

    Alex Belkin & Israel Cidon

  2. The College of Management Academic Studies, Rishon LeZion, Israel

    Nethanel Gelernter

Authors
  1. Alex Belkin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nethanel Gelernter
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Israel Cidon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alex Belkin .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Belkin, A., Gelernter, N., Cidon, I. (2019). The Risks of WebGL: Analysis, Evaluation and Detection. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29962-0_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29961-3

  • Online ISBN: 978-3-030-29962-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation