Presentation is loading. Please wait.

Presentation is loading. Please wait.

PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING.

Published byDale Beasley Modified over 9 years ago

Similar presentations

Presentation on theme: "PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING."— Presentation transcript:

1 PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING

2 DEFINITIONS & BACKGROUND Persistent Cookies : cookies that are resistant to deletion. Browser Fingerprint : set of browser attributes that can be used to uniquely identify a user. Used in combination with passwords to verify users. Browser Fingerprint is alternative to two-factor authentication. Requires no additional hardware tokens Is passive (convenient)

3 FINGERPRINT ATTRIBUTES

4 BITS OF ENTROPY Describes how likely a piece of information will be identical between any two random users. Example: 8 bits of entropy indicates attribute has potential to uniquely identify 2 8 or 256 different users. AttributeBoda Study (2012)Eckersley Study (2010) User Agent String8.09510.0 Timezone2.223.04 User ID9.03- All fonts8.5713.9 Universal fonts6.83- Detected fonts7.63- Plugins-15.4

5 EVERCOOKIE API for persistent cookies Multiple storage locations throughout the client If any cookie is deleted, all are replaced as long as at least one cookie remains Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies)

6 STORAGE LOCATIONS Standard cookies Typical browser cookies, easy to implement, easy to remove Local Shared Objects Flash cookies Flash does not by default ask for permission Not cross domain

7 STORAGE LOCATIONS Silverlight Isolated Storage Virtual file system on client Any type of data can be stored PNG caching Image created using RGB values equal to the cookies value Stored in browser’s cache If needed to be retrieved (other cookies have been deleted) the browser is made to make a request for the PNG 304 “Not Modified” message sent back, telling browser to look into the cache

8 STORAGE LOCATIONS Etags Used for cache validation Can be set in a similar way to a cookie Web cache Standard web cache mechanism Persistent cookie stored in cache window.name DOM property with 2-32MB of data available Cross domain Can be read by other websites

9 STORAGE LOCATIONS HTML5 locations Global storage outdated, instead use local storage Persistent, no expiration date Session data Not very persistent. Cleared when user exits browser Database storage SQL storage in database on client

10 RESULTS Firefox (20.0.1)EvercookieProject PNGYES eTagYES CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DB FlashYES SilverlightYES

11 RESULTS Safari (5.1.7)EvercookieProject PNGYES eTagYES CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DB FlashYES SilverlightYES

12 RESULTS IE (9.0.8112.16421)EvercookieProject PNGYES eTag CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DB Flash Silverlight

13 RESULTS Chrome (26.0.1410.64)EvercookieProject PNGYES eTagYES CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DBYES FlashYES SilverlightYES

14 RESULTS FeaturesEvercookieProject Cross browser storageNoYes Retrievable after closeYes Retrievable after restartYes Retrievable w/o JSYes Retrievable after clearingYes Retrievable in Private BrowsingFF/S Retrievable via fingerprintingNoYes

15 RESULTS

16

17

18 FUTURE WORK New storage locations? Javascript file I/O? Performance measurements Improved Fingerprinting Additional attributes Location capturing (combined with last seen time/location) Fuzzy matching

Download ppt "PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING."

Similar presentations

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.
LIS651 lecture 3 taming PHP Thomas Krichel 2007-04-15.

LIS651 lecture 3 taming PHP Thomas Krichel
LIS651 lecture 3 functions & sessions Thomas Krichel 2008-11-08.

LIS651 lecture 3 functions & sessions Thomas Krichel
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Multiple Tiers in Action

Multiple Tiers in Action
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Chapter 25 Utilizing Web Storage.

Chapter 25 Utilizing Web Storage.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
HTML 5 New Standardization of HTML. I NTRODUCTION HTML5 is The New HTML Standard, New Elements New Attributes Full CSS3 Support Video and Audio 2D/3D.

HTML 5 New Standardization of HTML. I NTRODUCTION HTML5 is The New HTML Standard, New Elements New Attributes Full CSS3 Support Video and Audio 2D/3D.
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
The purpose of this Software Requirements Specification document is to clearly define the system under development, that is, the International Etruscan.

The purpose of this Software Requirements Specification document is to clearly define the system under development, that is, the International Etruscan.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Similar presentations

Ads by Google