Enforcing Browser Anonymity with Quantitative Information Flow

Frédéric Besson 1 Nataliia Bielova 2 Thomas Jensen 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
2 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users' privacy is to make them switch between different machine and browser configurations. We propose a formalization of this privacy enforcement mechanism. We use information-theoretic channels to model the knowledge of the tracker and the fingerprinting program, and show how to synthesise a randomisation mechanism that defines the distribution of configurations for each user. This mechanism provides a strong guarantee of privacy (the probability of identifying the user is bounded by a given threshold) while maximising usability (the user switches to other configurations rarely). To find an optimal solution, we express the enforcement problem of randomization by a linear program. We investigate and compare several approaches to randomization and find that more efficient privacy enforcement would often provide lower usability. Finally, we relax the requirement of knowing the fingerprinting program in advance, by proposing a randomisation mechanism that guarantees privacy for an arbitrary program.
Document type :
Reports
Complete list of metadatas

Cited literature [24 references]  Display  Hide  Download

https://hal.inria.fr/hal-00984654
Contributor : Frédéric Besson <>
Submitted on : Monday, May 5, 2014 - 3:23:02 PM
Last modification on : Friday, November 16, 2018 - 1:39:16 AM
Long-term archiving on : Tuesday, August 5, 2014 - 12:40:51 PM

File

RR-8532.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00984654, version 2

Citation

Frédéric Besson, Nataliia Bielova, Thomas Jensen. Enforcing Browser Anonymity with Quantitative Information Flow. [Research Report] RR-8532, INRIA. 2014. ⟨hal-00984654v2⟩

Share

Metrics

Record views

2998

Files downloads

253