信息网络安全 ›› 2019, Vol. 19 ›› Issue (11): 49-55.doi: 10.3969/j.issn.1671-1122.2019.11.007

• 技术研究 • 上一篇    下一篇

基于统计的浏览器指纹采集技术

张良峰1,2, 汪毅1,2,3, 吴源燚2, 孔睿4()   

  1. 1.上海微系统与信息技术研究所,上海 200050
    2.上海科技大学信息学院,上海 201210
    3.中国科学院大学,北京 100029
    4.信息系统安全技术国防科技重点实验室,北京 100101
  • 收稿日期:2019-02-05 出版日期:2019-11-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:张良峰(1982—),男,山东,助理教授,博士,主要研究方向为安全多方计算、网络安全;汪毅(1995—),男,江西,硕士研究生,主要研究方向为网络安全、移动安全;吴源燚(1992—),男,江苏,硕士研究生,主要研究方向为网络安全、安卓平台安全;孔睿(1987—),女,山东,工程师,硕士,主要研究方向为网络安全。

  • 基金资助:
    国家自然科学基金[61602304]

Statistics-based Browser Fingerprint Acquisition Technology

Liangfeng ZHANG1,2, Yi WANG1,2,3, Yuanyi WU2, Rui KONG4()   

  1. 1. Shanghai Institute of Microsystem and Information Technology, Shanghai 200050, China
    2. School of Information Science and Technology of Shanghai Tech University, Shanghai 201210, China
    3. University of Chinese Academy of Sciences, Beijing 100029, China
    4. National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China
  • Received:2019-02-05 Online:2019-11-10 Published:2020-05-11

摘要:

浏览器指纹是一项识别用户浏览器的新技术,它能够通过用户使用浏览器的各种独一无二的特征来区别不同用户并标记。浏览器指纹可以被用于广告营销和对抗网络诈骗,同时也可以被攻击者用来跟踪用户。为了保护用户隐私安全,研究者们提出了多种解决方案来避免用户被跟踪。最新的防御方法是在不影响用户使用的前提下,对浏览器指纹中的关键属性随机化,破坏用户不同会话间的关联性。针对这样的防御方法,为了能够准确得到用户浏览器指纹,文章采用了统计和侧信道攻击的方法,并根据观察所得的浏览器指纹关键属性的随机值,还原出了浏览器指纹中关键属性的真实值,从而达到区分和跟踪用户的目的。实验结果表明,该方法还原浏览器指纹的精确度超过了98%。

关键词: 浏览器隐私, 设备指纹, 侧信道攻击, 随机化, 假设检验

Abstract:

Browser’s fingerprint is a new technology used as a unique identifier for the user,it can learn enough information about your browser to uniquely distinguish you from all the other visitors to that site. When it is used to marketing advertising and defend fraud, attackers use this technology to track users at the same time. To protect users’ privacy, researchers have proposed many solutions to avoid being tracked. One of the newest is randomizing key attributes of browser’s fingerprint to disruptive relevance between user’s different sessions. This paper proposed an attack on a recent proposal that randomizes browser features to defeat fingerprinting and demonstrated the attack’s effectiveness. With a statistics method and Side-channel attack method, this paper can restore the truth of the key attribute of browser’s fingerprint and distinguishdifferent users . The experimental results show that with our method, the accuracy of restore the browser’s fingerprint is more than 98%.

Key words: browser privacy, fingerprint, side-channel attack, randomize, hypothesis testing

中图分类号: