Upload
dale-beasley
View
219
Download
0
Embed Size (px)
Citation preview
P G N 5 : KA I N G , R I S H E R A N D S C H U LT E
PERSISTENT COOKIES WITH BROWSER FINGERPRINTING
DEFINITIONS & BACKGROUND
• Persistent Cookies: cookies that are resistant to deletion.• Browser Fingerprint: set of browser attributes
that can be used to uniquely identify a user.
• Used in combination with passwords to verify users.• Browser Fingerprint is alternative to two-factor
authentication.• Requires no additional hardware tokens• Is passive (convenient)
FINGERPRINT ATTRIBUTES
BITS OF ENTROPY
• Describes how likely a piece of information will be identical between any two random users.• Example: 8 bits of entropy indicates attribute has
potential to uniquely identify 28 or 256 different users.
Attribute Boda Study (2012) Eckersley Study (2010)
User Agent String 8.095 10.0
Timezone 2.22 3.04
User ID 9.03 -
All fonts 8.57 13.9
Universal fonts 6.83 -
Detected fonts 7.63 -
Plugins - 15.4
EVERCOOKIE
• API for persistent cookies
• Multiple storage locations throughout the client
• If any cookie is deleted, all are replaced as long as at least one cookie remains
• Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies)
STORAGE LOCATIONS
• Standard cookies• Typical browser cookies, easy to implement, easy to
remove
• Local Shared Objects• Flash cookies• Flash does not by default ask for permission• Not cross domain
STORAGE LOCATIONS
• Silverlight Isolated Storage• Virtual file system on client• Any type of data can be stored
• PNG caching• Image created using RGB values equal to the cookies
value• Stored in browser’s cache• If needed to be retrieved (other cookies have been
deleted) the browser is made to make a request for the PNG• 304 “Not Modified” message sent back, telling browser to
look into the cache
STORAGE LOCATIONS
• Etags• Used for cache validation• Can be set in a similar way to a cookie
• Web cache• Standard web cache mechanism• Persistent cookie stored in cache
• window.name• DOM property with 2-32MB of data available• Cross domain• Can be read by other websites
STORAGE LOCATIONS
• HTML5 locations• Global storage outdated, instead use local storage• Persistent, no expiration date
• Session data• Not very persistent. Cleared when user exits browser
• Database storage• SQL storage in database on client
RESULTS
Firefox (20.0.1) Evercookie Project
PNG YES YES
eTag YES YES
Cache YES YES
userData
localData YES YES
globalData
sessionData YES YES
windowData YES YES
Cookie YES YES
History
DB
Flash YES YES
Silverlight YES
RESULTS
Safari (5.1.7) Evercookie Project
PNG YES YES
eTag YES YES
Cache YES YES
userData
localData YES YES
globalData
sessionData YES YES
windowData YES YES
Cookie YES YES
History
DB
Flash YES YES
Silverlight YES
RESULTS
IE (9.0.8112.16421) Evercookie Project
PNG YES
eTag
Cache YES YES
userData
localData YES YES
globalData
sessionData YES YES
windowData YES YES
Cookie YES YES
History
DB
Flash
Silverlight
RESULTS
Chrome (26.0.1410.64)
Evercookie Project
PNG YES
eTag YES
Cache YES
userData
localData YES
globalData
sessionData YES
windowData YES
Cookie YES
History
DB YES
Flash YES YES
Silverlight YES
RESULTS
Features Evercookie Project
Cross browser storage No Yes
Retrievable after close Yes Yes
Retrievable after restart Yes Yes
Retrievable w/o JS Yes Yes
Retrievable after clearing Yes Yes
Retrievable in Private Browsing
FF/S FF/S
Retrievable via fingerprinting No Yes
RESULTS
RESULTS
RESULTS
FUTURE WORK
• New storage locations?• Javascript file I/O?
• Performance measurements
• Improved Fingerprinting• Additional attributes• Location capturing (combined with last seen time/location)
• Fuzzy matching