PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING.

Slides:

Advertisements

Similar presentations

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.

Advertisements

LIS651 lecture 3 taming PHP Thomas Krichel

LIS651 lecture 3 functions & sessions Thomas Krichel

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Multiple Tiers in Action

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Chapter 25 Utilizing Web Storage.

Authentication Approaches over Internet Jia Li

HTML 5 New Standardization of HTML. I NTRODUCTION HTML5 is The New HTML Standard, New Elements New Attributes Full CSS3 Support Video and Audio 2D/3D.

Session 5: Working with MySQL iNET Academy Open Source Web Development.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

The purpose of this Software Requirements Specification document is to clearly define the system under development, that is, the International Etruscan.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.

Chapter 8 Cookies And Security JavaScript, Third Edition.

School of Computing and Information Systems CS 371 Web Application Programming PHP – Forms, Cookies, Sessions and Database.

Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.

Maintaining State MacDonald Ch. 9 MIS 324 MIS 324 Professor Sandvig Professor Sandvig.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Regular Expression (continue) and Cookies. Quick Review What letter values would be included for the following variable, which will be used for validation.

1 Maryland ColdFusion User Group Session Management December 2001 Michael Schuler

STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.

Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.

Web Technologies Interactive Responsiveness Function Hypertext Web E-Publishing Simple Response Web Fill-in Forms Object Web « Full-Blown » Client/Server.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

Alternative Architecture for Information in Digital Libraries Onno W. Purbo

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.

CIS 451: Cookies Dr. Ralph D. Westfall February, 2009.

HTML 5 Tutorial Chapter 6 Web Storage. Storing Data on The Client HTML5 offers two new objects for storing data on the client: localStorage - stores data.

CS2550 Dr. Brian Durney. SOURCES  JavaScript: The Definitive Guide, by David Flanagan  Dive into HTML5, by Mark Pilgrim

Fundamentals of Web DevelopmentRandy Connolly and Ricardo HoarFundamentals of Web DevelopmentRandy Connolly and Ricardo Hoar Fundamentals of Web DevelopmentRandy.

1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.

Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.

IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure

Rich Internet Applications 9. HTML 5 and RIAs. HTML 5 Standard currently under development by W3C Aims to improve the language with support for the latest.

Cookies in Servlet A cookie is a small piece of information that is persisted between the multiple client requests. A cookie has a name, a single value,

ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.

1 PHP HTTP After this lecture, you should be able to know: How to create and process web forms with HTML and PHP. How to create and process web forms with.

Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.

Presented By Nanda Kumar(972789) P. Trinesh (982816) Sk. Salma (982824) K. Madhuri (982814) HTML5.

Cookies and Sessions in PHP. Arguments for the setcookie() Function There are several arguments you can use i.e. setcookie(‘name’, ‘value’, expiration,

Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Web Storage and Cookies Cookies, Local and Session Storage SoftUni Team Technical Trainers Software University

National College of Science & Information Technology.

Chapter 4: Feature Detection & Drag and Drop

CSE 154 Lecture 20: Cookies.

Simple Authentication for the Web

Ad-blocker circumvention System

19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.

Client / Session Identification Cookies

Web Caching? Web Caching:.

Cookies and Sessions in PHP

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Client / Session Identification Cookies

HTML5 and Local Storage.

Web Programming Language

CSc 337 Lecture 27: Cookies.

HTML5 and Local Storage.

Cross Site Request Forgery (CSRF)

CSc 337 Lecture 25: Cookies.

Presentation transcript:

PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING

DEFINITIONS & BACKGROUND Persistent Cookies : cookies that are resistant to deletion. Browser Fingerprint : set of browser attributes that can be used to uniquely identify a user. Used in combination with passwords to verify users. Browser Fingerprint is alternative to two-factor authentication. Requires no additional hardware tokens Is passive (convenient)

FINGERPRINT ATTRIBUTES

BITS OF ENTROPY Describes how likely a piece of information will be identical between any two random users. Example: 8 bits of entropy indicates attribute has potential to uniquely identify 2 8 or 256 different users. AttributeBoda Study (2012)Eckersley Study (2010) User Agent String Timezone User ID9.03- All fonts Universal fonts6.83- Detected fonts7.63- Plugins-15.4

EVERCOOKIE API for persistent cookies Multiple storage locations throughout the client If any cookie is deleted, all are replaced as long as at least one cookie remains Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies)

STORAGE LOCATIONS Standard cookies Typical browser cookies, easy to implement, easy to remove Local Shared Objects Flash cookies Flash does not by default ask for permission Not cross domain

STORAGE LOCATIONS Silverlight Isolated Storage Virtual file system on client Any type of data can be stored PNG caching Image created using RGB values equal to the cookies value Stored in browser’s cache If needed to be retrieved (other cookies have been deleted) the browser is made to make a request for the PNG 304 “Not Modified” message sent back, telling browser to look into the cache

STORAGE LOCATIONS Etags Used for cache validation Can be set in a similar way to a cookie Web cache Standard web cache mechanism Persistent cookie stored in cache window.name DOM property with 2-32MB of data available Cross domain Can be read by other websites

STORAGE LOCATIONS HTML5 locations Global storage outdated, instead use local storage Persistent, no expiration date Session data Not very persistent. Cleared when user exits browser Database storage SQL storage in database on client

RESULTS Firefox (20.0.1)EvercookieProject PNGYES eTagYES CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DB FlashYES SilverlightYES

RESULTS Safari (5.1.7)EvercookieProject PNGYES eTagYES CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DB FlashYES SilverlightYES

RESULTS IE ( )EvercookieProject PNGYES eTag CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DB Flash Silverlight

RESULTS Chrome ( )EvercookieProject PNGYES eTagYES CacheYES userData localDataYES globalData sessionDataYES windowDataYES CookieYES History DBYES FlashYES SilverlightYES

RESULTS FeaturesEvercookieProject Cross browser storageNoYes Retrievable after closeYes Retrievable after restartYes Retrievable w/o JSYes Retrievable after clearingYes Retrievable in Private BrowsingFF/S Retrievable via fingerprintingNoYes

RESULTS

FUTURE WORK New storage locations? Javascript file I/O? Performance measurements Improved Fingerprinting Additional attributes Location capturing (combined with last seen time/location) Fuzzy matching