Presentation is loading. Please wait.

Presentation is loading. Please wait.

Article Authors – Oleksii Starov & Nick Nikiforakas

Published byAlyson Weaver Modified over 6 years ago

Similar presentations

Presentation on theme: "Article Authors – Oleksii Starov & Nick Nikiforakas"— Presentation transcript:

1 Article Authors – Oleksii Starov & Nick Nikiforakas
XHOUND Quantifying the Fingerprintability of Browser Extensions Article Authors – Oleksii Starov & Nick Nikiforakas Presented by – Ammar Bagasrawala

2 Motivation Advertisers try to capitalize on users’ online activity
Browser fingerprinting allows users to be tracked and uniquely identified Clearing cookies and using the browser’s private mode is ineffective Browser extensions can serve as features that enable fingerprinting

3 Adblock Chrome Extension
Background Plugins vs Extensions Plugins allow rich content to be displayed Extensions extend the functionality of the browser Can obtain list of plugins installed, but not list of extensions Can only detect extensions by observing the changes made to the DOM of web pages Adobe Flash Plugin Adblock Chrome Extension

4 Background Threat Models
Attacker is someone who is trying to identify a user by fingerprinting their extensions Some extensions can only be detected on specific pages 2 attack scenarios Tracking script on arbitrary domain where only content dependent extensions will be activated Tracking script on a popular domain where URL- dependent extensions will be activated

5 Goals of this Study How many popular extensions introduce on-page changes and are thus fingerprintable? What kind of on-page changes do browser extensions introduce? How fingerprintable are the extension profiles of real users? How can a tracking script check for the presence of browser extensions?

6 XHOUND Architecture Have to observe modifications to the DOM to detect extensions XHOUND used a 2 step approach to maximise detection Extension’s JavaScript patched to place hooks on functions Dynamic analysis used to stimulate DOM changing code segments OnTheFlyDOM library intercepts DOM queries XHOUND Patches document.getElementById (#element) Returns element Query OnTheFlyDOM creates #element

7 Obtaining Fingerprintability of Extensions
Extensions need to be used on webpages Pretended to visit popular domains, but actually visited static pages which contained the OnTheFlyDOM library Each extension exposed to 780 URLs, spanning 308 subdomains Static pages contained various content: Audio and video tags Images and tables Login forms

8 Fingerprintability of Extensions
9.2% of extensions introduce detectable DOM changes on any domain, while 16% fingerprintable on at least 1 URL Popular extensions are more fingerprintable Fingerprintability also dependent on categories 90% perform uniquely identifiable combinations of changes 86% have 1 on-page effect that belongs to no other extension Longitudinal analysis was conducted, and 88% were still fingerprintable Types of DOM Modifications Made Type Extensions In on-the-fly content New DOM node 78.7% 20.3% Changed attribute 41.6% 84.4% Removed DOM node 15.8% 59.9% Changed text 4.7% 61.5%

9 Fingerprintability of Users
Users must employ different sets of extensions to be uniquely identifiable 854 users were surveyed, who had unique extensions in total Average user had 5 extensions installed From 856 extensions, 174 were fingerprintable, and 93 were fingerprintable on any URL Anonymity sets used based on installed extensions. Results show 14% of users in all surveyed groups are uniquely identifiable

10 Extension Fingerprinting in Practice
Proof of concept extension fingerprinting script created Takes less than 5ms to check for presence of extension Fingerprinting process takes less than 1 second for 20 extensions Fingerprinting of extensions can lead to user interests, income level, and technological competence to be discovered These findings extend to mobile devices too </>

11 Countermeasures Encapsulation Namespace Pollution
Use of Shadow DOM to separate content from presentation Shadow DOM elements unable to be queried from main DOM Problem – requires synchronisation of both DOM trees Namespace Pollution Pollute DOM with changes from extensions Randomization of changes would complicate fingerprinting Problem – challenging to preserve the functionality of the webpages when changes introduced

12 Criticism Ad blockers were not fingerprinted
Techniques such as global lists like “document.forms” were not supported Low percentage of textual change observed Inclusion of these could have led to an indication of a more severe security issue

13 Questions?

Download ppt "Article Authors – Oleksii Starov & Nick Nikiforakas"

Similar presentations

What is HTML5…?. ”…removes the need for plugins” ”…can handle multimedia directly” ”…enables rich, interactive clients” ”…enables advanced visual designs”

What is HTML5…?. ”…removes the need for plugins” ”…can handle multimedia directly” ”…enables rich, interactive clients” ”…enables advanced visual designs”
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
Hulk: Eliciting Malicious Behavior in Browser Extensions

Hulk: Eliciting Malicious Behavior in Browser Extensions
HTML5 Haptics Standardization

HTML5 Haptics Standardization
Understanding and Detecting Malicious Web Advertising

Understanding and Detecting Malicious Web Advertising
Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
HTML 5. What is HTML5? HTML5 will be the new standard for HTML, XHTML, and the HTML DOM. The previous version of HTML came in 1999. The web has changed.

HTML 5. What is HTML5? HTML5 will be the new standard for HTML, XHTML, and the HTML DOM. The previous version of HTML came in The web has changed.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Languages for Dynamic Web Documents

Languages for Dynamic Web Documents
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
Objectives Moodle is an online learning environment where instructors & their students interact. In this workshop you will learn: 1.Configure system requirements.

Objectives Moodle is an online learning environment where instructors & their students interact. In this workshop you will learn: 1.Configure system requirements.
Chapter 14 Introduction to HTML

Chapter 14 Introduction to HTML
Chapter Objectives Explain Web page multimedia issues

Chapter Objectives Explain Web page multimedia issues
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
HTML5. What is HTML5? HTML5 will be the new standard for HTML. HTML5 is the next generation of HTML. HTML5 is still a work in progress. However, the major.

HTML5. What is HTML5? HTML5 will be the new standard for HTML. HTML5 is the next generation of HTML. HTML5 is still a work in progress. However, the major.
Computer Concepts 2014 Chapter 7 The Web and E-mail.

Computer Concepts 2014 Chapter 7 The Web and .
Web 2.0: Concepts and Applications 11 The Web Becomes 2.0.

Web 2.0: Concepts and Applications 11 The Web Becomes 2.0.
Using Styles and Style Sheets for Design

Using Styles and Style Sheets for Design
Internet Basics Dr. Norm Friesen June 22, 2007. Questions What is the Internet? What is the Web? How are they different? How do they work? How do they.

Internet Basics Dr. Norm Friesen June 22, Questions What is the Internet? What is the Web? How are they different? How do they work? How do they.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Similar presentations

Ads by Google