Beauty and the Beast: Diverting modern web ...
Type de document :
Communication dans un congrès avec actes
Titre :
Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints
Auteur(s) :
Laperdrix, Pierre [Auteur]
Diversity-centric Software Engineering [DiverSe]
Rudametkin, Walter [Auteur]
Université de Lille, Sciences et Technologies
Self-adaptation for distributed services and large software systems [SPIRALS]
Baudry, Benoit [Auteur]
Diversity-centric Software Engineering [DiverSe]
Diversity-centric Software Engineering [DiverSe]
Rudametkin, Walter [Auteur]
Université de Lille, Sciences et Technologies
Self-adaptation for distributed services and large software systems [SPIRALS]
Baudry, Benoit [Auteur]
Diversity-centric Software Engineering [DiverSe]
Titre de la manifestation scientifique :
37th IEEE Symposium on Security and Privacy (S&P 2016)
Ville :
San Jose
Pays :
Etats-Unis d'Amérique
Date de début de la manifestation scientifique :
2016-05-23
Mot(s)-clé(s) en anglais :
browser fingerprinting
privacy
software diversity
privacy
software diversity
Discipline(s) HAL :
Informatique [cs]/Cryptographie et sécurité [cs.CR]
Informatique [cs]/Web
Informatique [cs]/Web
Résumé en anglais : [en]
Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more ...
Lire la suite >Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more interactive web (e.g., boom of JavaScript libraries, weekly innovations in HTML5), a more available web (e.g., explosion of mobile devices), a more secure web (e.g., Flash is disappearing, NPAPI plugins are being deprecated), and a more private web (e.g., increased legislation against cookies, huge success of extensions such as Ghostery and AdBlock). Nevertheless, modern browser technologies, which provide the beauty and power of the web, also provide a darker side, a rich ecosystem of exploitable data that can be used to build unique browser fingerprints. Our work explores the validity of browser fingerprinting in today's environment. Over the past year, we have collected 118,934 fingerprints composed of 17 attributes gathered thanks to the most recent web technologies. We show that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user's system. In addition, we show that browser fingerprinting is as effective on mobile devices as it is on desktops and laptops, albeit for radically different reasons due to their more constrained hardware and software environments. We also evaluate how browser fingerprinting could stop being a threat to user privacy if some technological evolutions continue (e.g., disappearance of plugins) or are embraced by browser vendors (e.g., standard HTTP headers).Lire moins >
Lire la suite >Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more interactive web (e.g., boom of JavaScript libraries, weekly innovations in HTML5), a more available web (e.g., explosion of mobile devices), a more secure web (e.g., Flash is disappearing, NPAPI plugins are being deprecated), and a more private web (e.g., increased legislation against cookies, huge success of extensions such as Ghostery and AdBlock). Nevertheless, modern browser technologies, which provide the beauty and power of the web, also provide a darker side, a rich ecosystem of exploitable data that can be used to build unique browser fingerprints. Our work explores the validity of browser fingerprinting in today's environment. Over the past year, we have collected 118,934 fingerprints composed of 17 attributes gathered thanks to the most recent web technologies. We show that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user's system. In addition, we show that browser fingerprinting is as effective on mobile devices as it is on desktops and laptops, albeit for radically different reasons due to their more constrained hardware and software environments. We also evaluate how browser fingerprinting could stop being a threat to user privacy if some technological evolutions continue (e.g., disappearance of plugins) or are embraced by browser vendors (e.g., standard HTTP headers).Lire moins >
Langue :
Anglais
Comité de lecture :
Oui
Audience :
Internationale
Vulgarisation :
Non
Collections :
Source :
Fichiers
- https://hal.inria.fr/hal-01285470v2/document
- Accès libre
- Accéder au document
- https://hal.inria.fr/hal-01285470v2/document
- Accès libre
- Accéder au document
- https://hal.inria.fr/hal-01285470v2/document
- Accès libre
- Accéder au document
- document
- Accès libre
- Accéder au document
- beauty-sp16.pdf
- Accès libre
- Accéder au document