Article Authors – Oleksii Starov & Nick Nikiforakas

Slides:

Advertisements

Similar presentations

What is HTML5…?. ”…removes the need for plugins” ”…can handle multimedia directly” ”…enables rich, interactive clients” ”…enables advanced visual designs”

Advertisements

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

Hulk: Eliciting Malicious Behavior in Browser Extensions

HTML5 Haptics Standardization

Understanding and Detecting Malicious Web Advertising

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

HTML 5. What is HTML5? HTML5 will be the new standard for HTML, XHTML, and the HTML DOM. The previous version of HTML came in The web has changed.

An Evaluation of the Google Chrome Extension Security Architecture

Languages for Dynamic Web Documents

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

Objectives Moodle is an online learning environment where instructors & their students interact. In this workshop you will learn: 1.Configure system requirements.

Chapter 14 Introduction to HTML

Chapter Objectives Explain Web page multimedia issues

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

HTML5. What is HTML5? HTML5 will be the new standard for HTML. HTML5 is the next generation of HTML. HTML5 is still a work in progress. However, the major.

Computer Concepts 2014 Chapter 7 The Web and .

Web 2.0: Concepts and Applications 11 The Web Becomes 2.0.

Using Styles and Style Sheets for Design

Internet Basics Dr. Norm Friesen June 22, Questions What is the Internet? What is the Web? How are they different? How do they work? How do they.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

A really fairly simple guide to: mobile browser-based application development (part 4, JQuery & DOM) Chris Greenhalgh G54UBI / Chris Greenhalgh.

Analysis of DOM Structures for Site-Level Template Extraction (PSI 2015) Joint work done in colaboration with Julián Alarte, Josep Silva, Salvador Tamarit.

Adaptive Hypermedia Tutorial System Based on AHA Jing Zhai Dublin City University.

Congratulations! You are part of a global community of thousands of web developers who attend Web Camps to keep their web development skills up-to-date.

2006 Adobe Systems Incorporated. All Rights Reserved. 1 Adobe RIA Technologies: Adobe Flex 3 Cornel Creanga Platform Evangelist

Eyeblaster - Mindshare. [index] EYEBLASTER: GLOBAL RICH MEDIA LEADER Innovative solutions and expert service, spanning 15 countries.

Session: 1. © Aptech Ltd. 2Introduction to the Web / Session 1  Explain the evolution of HTML  Explain the page structure used by HTML  List the drawbacks.

How the Web Works Building a Website – Lesson 1. How People Access the Web Browsers People access websites using software called a web browser. To view.

Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.

Safe browsing - is an ad-blocker extension enough? AIMILIOS TSOUVELEKAKIS IT-DI-CSO IT LIGHTNING TALK – 12/

Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)

HTML 5 The Future of Web Development. What is HTML5? “HTML5 is a specification of how the web’s core language, HTML, should be formatted and utilized.

ARE YOU SURE YOU WANT TO CONTACT US? On the privacy risks at website contact pages UISGCON, December 2015 Alex Starov.

Web 2.0: Concepts and Applications 11 The Web Becomes 2.0.

Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.

Understanding Web-Based Digital Media Production Methods, Software, and Hardware Objective

Adding Interactivity Comp 140 Fall Web 2.0 Major change in internet usage –From mostly static pages Text Graphics Simple links –To new paradigm.

introductionwhyexamples What is a Web site? A web site is: a presentation tool; a way to communicate; a learning tool; a teaching tool; a marketing important.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Web Analytics Fundamentals Presented by Tejaswi, Chandrika, Sunil.

WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.

Web Design, 5 th Edition 6 Multimedia and Interactivity Elements.

What mobile ads know about mobile users

Chapter 17 The Need for HTML 5.

The Future of Drupal and Content Delivery

The Price of Free Privacy Leakage in Personalized Mobile In-App Ads

Objective % Select and utilize tools to design and develop websites.

Javascript and Dynamic Web Pages: Client Side Processing

PIWIK JUNIOR TIDAL ASSOCIATE PROF., WEB SERVICES & MULTIMEDIA LIBRARIAN NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY.

© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Based on Menu Information

Chapter 4: HTML5 Media - <video> & <audio>

Practical Censorship Evasion Leveraging Content Delivery Networks

Quantifying the Fingerprintability of Browser Extensions

Dongwon Lee, Ph.D. IST 516 Fall 2011

Steps To Activate Hulu On Ubuntu And Linux Based Devices. For more Details visit

BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML

Objective % Select and utilize tools to design and develop websites.

UNIT 15 Webpage Creator.

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

Essentials of Web Pages

Auditing Etsy The Security of Etsy

Objective Understand web-based digital media production methods, software, and hardware. Course Weight : 10%

The Web Wizard’s Guide To JavaScript

Javascript and JQuery SRM DSC.

CIS 133 mashup Javascript, jQuery and XML

Protecting Browsers from Extension Vulnerabilities

Cross-Site Scripting Attack (XSS)

Cross Site Request Forgery (CSRF)

Presentation transcript:

Article Authors – Oleksii Starov & Nick Nikiforakas XHOUND Quantifying the Fingerprintability of Browser Extensions Article Authors – Oleksii Starov & Nick Nikiforakas Presented by – Ammar Bagasrawala

Motivation Advertisers try to capitalize on users’ online activity Browser fingerprinting allows users to be tracked and uniquely identified Clearing cookies and using the browser’s private mode is ineffective Browser extensions can serve as features that enable fingerprinting

Adblock Chrome Extension Background Plugins vs Extensions Plugins allow rich content to be displayed Extensions extend the functionality of the browser Can obtain list of plugins installed, but not list of extensions Can only detect extensions by observing the changes made to the DOM of web pages Adobe Flash Plugin Adblock Chrome Extension

Background Threat Models Attacker is someone who is trying to identify a user by fingerprinting their extensions Some extensions can only be detected on specific pages 2 attack scenarios Tracking script on arbitrary domain where only content dependent extensions will be activated Tracking script on a popular domain where URL- dependent extensions will be activated

Goals of this Study How many popular extensions introduce on-page changes and are thus fingerprintable? What kind of on-page changes do browser extensions introduce? How fingerprintable are the extension profiles of real users? How can a tracking script check for the presence of browser extensions?

XHOUND Architecture Have to observe modifications to the DOM to detect extensions XHOUND used a 2 step approach to maximise detection Extension’s JavaScript patched to place hooks on functions Dynamic analysis used to stimulate DOM changing code segments OnTheFlyDOM library intercepts DOM queries XHOUND Patches document.getElementById (#element) Returns element Query OnTheFlyDOM creates #element

Obtaining Fingerprintability of Extensions Extensions need to be used on webpages Pretended to visit popular domains, but actually visited static pages which contained the OnTheFlyDOM library Each extension exposed to 780 URLs, spanning 308 subdomains Static pages contained various content: Audio and video tags Images and tables Login forms

Fingerprintability of Extensions 9.2% of extensions introduce detectable DOM changes on any domain, while 16% fingerprintable on at least 1 URL Popular extensions are more fingerprintable Fingerprintability also dependent on categories 90% perform uniquely identifiable combinations of changes 86% have 1 on-page effect that belongs to no other extension Longitudinal analysis was conducted, and 88% were still fingerprintable Types of DOM Modifications Made Type Extensions In on-the-fly content New DOM node 78.7% 20.3% Changed attribute 41.6% 84.4% Removed DOM node 15.8% 59.9% Changed text 4.7% 61.5%

Fingerprintability of Users Users must employ different sets of extensions to be uniquely identifiable 854 users were surveyed, who had 941 unique extensions in total Average user had 5 extensions installed From 856 extensions, 174 were fingerprintable, and 93 were fingerprintable on any URL Anonymity sets used based on installed extensions. Results show 14% of users in all surveyed groups are uniquely identifiable

Extension Fingerprinting in Practice Proof of concept extension fingerprinting script created Takes less than 5ms to check for presence of extension Fingerprinting process takes less than 1 second for 20 extensions Fingerprinting of extensions can lead to user interests, income level, and technological competence to be discovered These findings extend to mobile devices too </>

Countermeasures Encapsulation Namespace Pollution Use of Shadow DOM to separate content from presentation Shadow DOM elements unable to be queried from main DOM Problem – requires synchronisation of both DOM trees Namespace Pollution Pollute DOM with changes from extensions Randomization of changes would complicate fingerprinting Problem – challenging to preserve the functionality of the webpages when changes introduced

Criticism Ad blockers were not fingerprinted Techniques such as global lists like “document.forms” were not supported Low percentage of textual change observed Inclusion of these could have led to an indication of a more severe security issue

Questions?