1 / 18

Persistent COOKIES WITH BROWSER FINGERPRINTING

Persistent COOKIES WITH BROWSER FINGERPRINTING. PGN5: Kaing , risher and schulte. Definitions & Background. Persistent Cookies : cookies that are resistant to deletion. Browser Fingerprint : set of browser attributes that can be used to uniquely identify a user.

dunn
Download Presentation

Persistent COOKIES WITH BROWSER FINGERPRINTING

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Persistent COOKIES WITH BROWSER FINGERPRINTING PGN5: Kaing, risher and schulte

  2. Definitions & Background • Persistent Cookies: cookies that are resistant to deletion. • Browser Fingerprint: set of browser attributes that can be used to uniquely identify a user. • Used in combination with passwords to verify users. • Browser Fingerprint is alternative to two-factor authentication. • Requires no additional hardware tokens • Is passive (convenient)

  3. Fingerprint attributes

  4. Bits of Entropy • Describes how likely a piece of information will be identical between any two random users. • Example: 8 bits of entropy indicates attribute has potential to uniquely identify 28 or 256 different users.

  5. evercookie • API for persistent cookies • Multiple storage locations throughout the client • If any cookie is deleted, all are replaced as long as at least one cookie remains • Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies)

  6. Storage locations • Standard cookies • Typical browser cookies, easy to implement, easy to remove • Local Shared Objects • Flash cookies • Flash does not by default ask for permission • Not cross domain

  7. Storage locations • Silverlight Isolated Storage • Virtual file system on client • Any type of data can be stored • PNG caching • Image created using RGB values equal to the cookies value • Stored in browser’s cache • If needed to be retrieved (other cookies have been deleted) the browser is made to make a request for the PNG • 304 “Not Modified” message sent back, telling browser to look into the cache

  8. Storage locations • Etags • Used for cache validation • Can be set in a similar way to a cookie • Web cache • Standard web cache mechanism • Persistent cookie stored in cache • window.name • DOM property with 2-32MB of data available • Cross domain • Can be read by other websites

  9. Storage locations • HTML5 locations • Global storage outdated, instead use local storage • Persistent, no expiration date • Session data • Not very persistent. Cleared when user exits browser • Database storage • SQL storage in database on client

  10. Results

  11. Results

  12. Results

  13. Results

  14. Results

  15. results

  16. results

  17. Results

  18. Future work • New storage locations? • Javascript file I/O? • Performance measurements • Improved Fingerprinting • Additional attributes • Location capturing (combined with last seen time/location) • Fuzzy matching

More Related