Statistics-based Browser Fingerprint Acquisition Technology

doi:10.3969/j.issn.1671-1122.2019.11.007

Abstract

Abstract:

Browser’s fingerprint is a new technology used as a unique identifier for the user,it can learn enough information about your browser to uniquely distinguish you from all the other visitors to that site. When it is used to marketing advertising and defend fraud, attackers use this technology to track users at the same time. To protect users’ privacy, researchers have proposed many solutions to avoid being tracked. One of the newest is randomizing key attributes of browser’s fingerprint to disruptive relevance between user’s different sessions. This paper proposed an attack on a recent proposal that randomizes browser features to defeat fingerprinting and demonstrated the attack’s effectiveness. With a statistics method and Side-channel attack method, this paper can restore the truth of the key attribute of browser’s fingerprint and distinguishdifferent users . The experimental results show that with our method, the accuracy of restore the browser’s fingerprint is more than 98%.

Key words: browser privacy, fingerprint, side-channel attack, randomize, hypothesis testing

CLC Number:

TP309

Liangfeng ZHANG, Yi WANG, Yuanyi WU, Rui KONG. Statistics-based Browser Fingerprint Acquisition Technology[J]. Netinfo Security, 2019, 19(11): 49-55.

Figures/Tables 2

References 17

[1]	WU Quan, LAI Bin. New Network Technology Standards of the Changes Brought[J]. Computer Knowledge and Technology, 2010, 6(15): 3937-3938.
	吴权,赖斌.浅谈新网络技术标准带来的改变[J].电脑知识与技术,2010,6(15):3937-3938.
[2]	JIANG Pengfei.The Browser User Behavior Recognition Technology Research[D]. Xi’an: Xi’an University of Technology, 2016.
	蒋鹏飞. 浏览器用户行为识别技术的研究[D]. 西安:西安理工大学,2016.
[3]	SHEN Jianmiao. Watch out for New Security Issues Caused by HTML5[N]. Computer World, 2010-9-6(S7).
	沈建苗.警惕 HTML5 引发新的安全问题[N]. 计算机世界,2010-9-6(S7).
[4]	ZHANG Yuqing, WANG Weiping, WANG Wei.Identification of Changed Browser Fingerprint[J]. Computer Engineering and Applications, 2018, 54(7): 102-106.
	张雨清,王伟平,王维. 一种面向渐变浏览器指纹的识别方法[J]. 计算机工程与应用,2018,54(7):102-106.
[5]	ECKERSLEY P.How Unique Is Your Web Browser?[C]//PETS. Privacy Enhancing Technologies, 10th International Symposium, July 21-23, 2010, Berlin, Germany. New York: Springer, 2010: 1-18.
[6]	LAPERDRIX P, RUDAMETKIN W, BAUDRY B.Mitigating Browser Fingerprint Tracking: Multi-level Reconfiguration and Diversification[C]//IEEE. Software Engineering for Adaptive and Self-Managing Systems(SEAMS), May 18-19, 2015, Firenze, Italia. New York: IEEE, 2015: 98-108.
[7]	NIKIFORAKIS N, KAPRAVELOS A, JOOSEN W, et al.Cookieless Monster: Exploring the Ecosystem of Web Based Device Fingerprinting[C]// IEEE. Security and privacy(SP), May 19-22, 2013, Berkeley, California, USA. New York: IEEE, 2013: 541-555.
[8]	ACAR G, JUAREZ M, NIKIFORAKIS N, et al.FPDetective: Dusting the Web for Fingerprinters[C]//ACM. Sigsac Conference on Computer & Communications Security. November 4-8, 2013, Berlin, Germany. New York: ACM, 2013: 1129-1140.
[9]	SHEN jie, XUE Guirong. Security and Solution of Cookies[J]. Computer Engineering and Applications, 2002, 38(14): 149-151.
	沈洁,薛贵荣. COOKIES的安全及其解决方案[J]. 计算机工程与应用,2002,38(14):149-151.
[10]	AAFA J S, SOJA S.Fingerprint Combinations for Privacy Protection: A Performance Analysis[J]. International Journal of Computer Applications, 2014, 103(6): 12-17.
[11]	TOLKOFF S.Blue Cava Looks to Recruit Talent With Food Trucks[J]. Orange County Business Journal, 2011, 34(2): 24.
[12]	SPOSITO S.Threat Metrix Raises $18M in Round[J]. American Banker, 2012, 117(48): 16.
[13]	BODLE R.Privacy and Participation in the Cloud: Ethical Implications of Google’s Privacy Practices and Public Communications[J]. The Ethics of Emerging Media: Information, Social Norms, and New Media Technology, 2011: 155-174.
[14]	WANG Xiaoqian.Research on Cause and Mechanism of Web Client’s Privacy Leakage[D]. Beijing: Beijing University of Technology, 2017.
	王晓茜. Web 客户端隐私泄露成因与机理研究[D]. 北京:北京工业大学,2017.
[15]	WANG T, Goldberg I.Improved Website Fingerprinting on Tor[C]// ACM.Workshop on Workshop on Privacy in the Electronic Society. November 4, 2013. Berlin, Germany. New York: ACM, 2013: 201-212.
[16]	TORRES C F, Jonker H, Mauw S.FP-Block : Usable Web Privacy by Controlling Browser Fingerprinting[M]//Springer. Computer Security ESORICS 2015.Heidelberg: Springer International Publishing, 2015.
[17]	NIKIFORAKIS N, JOOSEN W, LIVSHITS B.PriVaricator: Deceiving Fingerprinters with Little White Lies[C]//O.I.C. International World Wide Web Conference. May 18-22, 2015. Florence, Italy. New York: Springer, 2015: 820-830