Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach

Frédéric Besson 1 Nataliia Bielova 2 Thomas Jensen 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
2 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users' privacy is to make them switch between different machine and browser configurations. We propose a formalisation of this privacy enforcement mechanism. We use information-theoretic channels to model the knowledge of the tracker and the fingerprinting program, and show how to synthesise a randomisation mechanism that defines the distribution of configurations for each user. This mechanism provides a strong guarantee of privacy (the probability of identifying the user is bounded by a given threshold) while maximising usability (the user switches to other configurations rarely). To find an optimal solution, we express the enforcement problem of randomisation by a linear program. We investigate and compare several approaches to randomisation and find that more efficient privacy enforcement would often provide lower usability. Finally, we relax the requirement of knowing the fingerprinting program in advance, by proposing a randomisation mechanism that guarantees privacy for an arbitrary program.
Keywords : web tracking privacy
Type de document :
Communication dans un congrès
Nordic Conference on Secure IT Systems (NordSec 2014), Oct 2014, Tromsø, Norway. 2014, 〈10.1007/978-3-319-11599-3_11〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01081037
Contributeur : Nataliia Bielova <>
Soumis le : jeudi 6 novembre 2014 - 17:21:10
Dernière modification le : mercredi 11 avril 2018 - 02:00:23
Document(s) archivé(s) le : samedi 7 février 2015 - 11:20:22

Fichier

enforcing_abstract.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Frédéric Besson, Nataliia Bielova, Thomas Jensen. Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach. Nordic Conference on Secure IT Systems (NordSec 2014), Oct 2014, Tromsø, Norway. 2014, 〈10.1007/978-3-319-11599-3_11〉. 〈hal-01081037〉

Partager

Métriques

Consultations de la notice

1665

Téléchargements de fichiers

138