Persistent COOKIES WITH BROWSER FINGERPRINTING
description
Transcript of Persistent COOKIES WITH BROWSER FINGERPRINTING
P G N 5 : KA I N G , R I S H E R A N D S C H U LT E
PERSISTENT COOKIES WITH BROWSER FINGERPRINTING
DEFINITIONS & BACKGROUND
• Persistent Cookies: cookies that are resistant to deletion.• Browser Fingerprint: set of browser attributes
that can be used to uniquely identify a user.
• Used in combination with passwords to verify users.• Browser Fingerprint is alternative to two-factor
authentication.• Requires no additional hardware tokens• Is passive (convenient)
FINGERPRINT ATTRIBUTES
BITS OF ENTROPY
• Describes how likely a piece of information will be identical between any two random users.• Example: 8 bits of entropy indicates attribute has
potential to uniquely identify 28 or 256 different users.
Attribute Boda Study (2012) Eckersley Study (2010)
User Agent String 8.095 10.0
Timezone 2.22 3.04
User ID 9.03 -
All fonts 8.57 13.9
Universal fonts 6.83 -
Detected fonts 7.63 -
Plugins - 15.4
EVERCOOKIE
• API for persistent cookies
• Multiple storage locations throughout the client
• If any cookie is deleted, all are replaced as long as at least one cookie remains
• Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies)
STORAGE LOCATIONS
• Standard cookies• Typical browser cookies, easy to implement, easy to
remove
• Local Shared Objects• Flash cookies• Flash does not by default ask for permission• Not cross domain
STORAGE LOCATIONS
• Silverlight Isolated Storage• Virtual file system on client• Any type of data can be stored
• PNG caching• Image created using RGB values equal to the cookies
value• Stored in browser’s cache• If needed to be retrieved (other cookies have been
deleted) the browser is made to make a request for the PNG• 304 “Not Modified” message sent back, telling browser to
look into the cache
STORAGE LOCATIONS
• Etags• Used for cache validation• Can be set in a similar way to a cookie
• Web cache• Standard web cache mechanism• Persistent cookie stored in cache
• window.name• DOM property with 2-32MB of data available• Cross domain• Can be read by other websites
STORAGE LOCATIONS
• HTML5 locations• Global storage outdated, instead use local storage• Persistent, no expiration date
• Session data• Not very persistent. Cleared when user exits browser
• Database storage• SQL storage in database on client
RESULTSFirefox (20.0.1) Evercookie ProjectPNG YES YESeTag YES YESCache YES YESuserDatalocalData YES YESglobalDatasessionData YES YESwindowData YES YESCookie YES YESHistoryDBFlash YES YESSilverlight YES
RESULTSSafari (5.1.7) Evercookie ProjectPNG YES YESeTag YES YESCache YES YESuserDatalocalData YES YESglobalDatasessionData YES YESwindowData YES YESCookie YES YESHistoryDBFlash YES YESSilverlight YES
RESULTSIE (9.0.8112.16421) Evercookie ProjectPNG YESeTagCache YES YESuserDatalocalData YES YESglobalDatasessionData YES YESwindowData YES YESCookie YES YESHistoryDBFlashSilverlight
RESULTSChrome (26.0.1410.64)
Evercookie Project
PNG YESeTag YESCache YESuserDatalocalData YESglobalDatasessionData YESwindowData YESCookie YESHistoryDB YESFlash YES YESSilverlight YES
RESULTS
Features Evercookie ProjectCross browser storage No YesRetrievable after close Yes YesRetrievable after restart Yes YesRetrievable w/o JS Yes YesRetrievable after clearing Yes YesRetrievable in Private Browsing
FF/S FF/S
Retrievable via fingerprinting No Yes
RESULTS
RESULTS
RESULTS
FUTURE WORK
• New storage locations?• Javascript file I/O?
• Performance measurements
• Improved Fingerprinting• Additional attributes• Location capturing (combined with last seen time/location)
• Fuzzy matching