Transcript Slides
PERSISTENT COOKIES WITH BROWSER FINGERPRINTING PGN5: KAING, RISHER AND SCHULTE DEFINITIONS & BACKGROUND • Persistent Cookies: cookies that are resistant to deletion. • Browser Fingerprint: set of browser attributes that can be used to uniquely identify a user. • Used in combination with passwords to verify users. • Browser Fingerprint is alternative to two-factor authentication. • Requires no additional hardware tokens • Is passive (convenient) FINGERPRINT ATTRIBUTES BITS OF ENTROPY • Describes how likely a piece of information will be identical between any two random users. • Example: 8 bits of entropy indicates attribute has potential to uniquely identify 28 or 256 different users. Attribute Boda Study (2012) Eckersley Study (2010) User Agent String 8.095 10.0 Timezone 2.22 3.04 User ID 9.03 - All fonts 8.57 13.9 Universal fonts 6.83 - Detected fonts 7.63 - Plugins - 15.4 EVERCOOKIE • API for persistent cookies • Multiple storage locations throughout the client • If any cookie is deleted, all are replaced as long as at least one cookie remains • Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies) STORAGE LOCATIONS • Standard cookies • Typical browser cookies, easy to implement, easy to remove • Local Shared Objects • Flash cookies • Flash does not by default ask for permission • Not cross domain STORAGE LOCATIONS • Silverlight Isolated Storage • Virtual file system on client • Any type of data can be stored • PNG caching • Image created using RGB values equal to the cookies value • Stored in browser’s cache • If needed to be retrieved (other cookies have been deleted) the browser is made to make a request for the PNG • 304 “Not Modified” message sent back, telling browser to look into the cache STORAGE LOCATIONS • Etags • Used for cache validation • Can be set in a similar way to a cookie • Web cache • Standard web cache mechanism • Persistent cookie stored in cache • window.name • DOM property with 2-32MB of data available • Cross domain • Can be read by other websites STORAGE LOCATIONS • HTML5 locations • Global storage outdated, instead use local storage • Persistent, no expiration date • Session data • Not very persistent. Cleared when user exits browser • Database storage • SQL storage in database on client RESULTS Firefox (20.0.1) Evercookie Project PNG YES YES eTag YES YES Cache YES YES YES YES sessionData YES YES windowData YES YES Cookie YES YES YES YES userData localData globalData History DB Flash Silverlight YES RESULTS Safari (5.1.7) Evercookie Project PNG YES YES eTag YES YES Cache YES YES YES YES sessionData YES YES windowData YES YES Cookie YES YES YES YES userData localData globalData History DB Flash Silverlight YES RESULTS IE (9.0.8112.16421) Evercookie PNG Project YES eTag Cache YES YES YES YES sessionData YES YES windowData YES YES Cookie YES YES userData localData globalData History DB Flash Silverlight RESULTS Chrome (26.0.1410.64) Evercookie Project PNG YES eTag YES Cache YES userData localData YES globalData sessionData YES windowData YES Cookie YES History DB Flash Silverlight YES YES YES YES RESULTS Features Evercookie Project Cross browser storage No Yes Retrievable after close Yes Yes Retrievable after restart Yes Yes Retrievable w/o JS Yes Yes Retrievable after clearing Yes Yes Retrievable in Private Browsing FF/S FF/S Retrievable via fingerprinting Yes No RESULTS RESULTS RESULTS FUTURE WORK • New storage locations? • Javascript file I/O? • Performance measurements • Improved Fingerprinting • Additional attributes • Location capturing (combined with last seen time/location) • Fuzzy matching