The slides explain what this is for much better than the README. The goal is to exfiltrate data from a compromised endpoint in a "high-security enterprise" in a way that's difficult to detect.
The "sender" makes requests (or doesn't make them, to send 0 vs. 1) on a pre-determined schedule to an unpopular resource on a popular, unaffiliated third-party server. The "receiver" can request the same resource a few seconds later, and can determine based on the cache-related HTTP headers returned whether the page was generated recently or just now, with the current request. This of course requires the server to expose information about server-side caching via the headers; the example given is that the Expires header may be used to infer the original generation time.
A much better attack is the timing channel: A page which accesses resources from disk will be faster if someone else has accessed it recently. I don't know why they missed that...
5 comments
[ 3.1 ms ] story [ 19.7 ms ] threadThe above quote stood out in light of: "Python 2.7 Retirement Countdown" ~ https://news.ycombinator.com/item?id=11793857
The "sender" makes requests (or doesn't make them, to send 0 vs. 1) on a pre-determined schedule to an unpopular resource on a popular, unaffiliated third-party server. The "receiver" can request the same resource a few seconds later, and can determine based on the cache-related HTTP headers returned whether the page was generated recently or just now, with the current request. This of course requires the server to expose information about server-side caching via the headers; the example given is that the Expires header may be used to infer the original generation time.