FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques

Abstract : The rich programming interfaces (APIs) provided by web browsers can be diverted to collect a browser fingerprint. A small number of queries on these interfaces are sufficient to build a fingerprint that is statistically unique and very stable over time. Consequently, the fingerprint can be used to track users. Our work aims at mitigating the risk of browser fingerprinting for users privacy by 'breaking' the stability of a fingerprint over time. We add randomness in the computation of selected browser functions, in order to have them deliver slightly different answers for each browsing session. Randomization is possible thanks to the following properties of browsers implementations: (i) some functions have a nondeterministic specification, but a deterministic implementation ; (ii) multimedia functions can be slightly altered without deteriorating user's perception. We present FPRandom, a modified version of Firefox that adds randomness to mitigate the most recent fingerprinting algorithms, namely canvas fingerprinting, AudioContext fingerprinting and the unmasking of browsers through the order of JavaScript properties. We evaluate the effectiveness of FPRandom by testing it against known fingerprinting tests. We also conduct a user study and evaluate the performance overhead of randomization to determine the impact on the user experience.
Type de document :
Communication dans un congrès
ESSoS 2017 - 9th International Symposium on Engineering Secure Software and Systems, Jul 2017, Bonn, Germany. pp.17
Liste complète des métadonnées

Littérature citée [12 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01527580
Contributeur : Pierre Laperdrix <>
Soumis le : mercredi 24 mai 2017 - 15:53:32
Dernière modification le : mercredi 16 mai 2018 - 11:24:13
Document(s) archivé(s) le : lundi 28 août 2017 - 18:00:22

Fichier

fprandom-essos17.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01527580, version 1

Citation

Pierre Laperdrix, Benoit Baudry, Vikas Mishra. FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques. ESSoS 2017 - 9th International Symposium on Engineering Secure Software and Systems, Jul 2017, Bonn, Germany. pp.17. 〈hal-01527580〉

Partager

Métriques

Consultations de la notice

938

Téléchargements de fichiers

1227