You searched for subject:(Web fingerprinting).
Showing records 1 – 13 of
13 total matches.
No search limiters apply to these results.
Queens University
1.
Faiz Khademi, Amin.
Browser Fingerprinting: Analysis, Detection, and Prevention at Runtime
.
Degree: Computing, 2014, Queens University
URL: http://hdl.handle.net/1974/12604 
► Most Web users are unaware of being identified or followed by web agents which leverage techniques such as browser fingerprinting (or fingerprinting). Data obtained through…
(more)
▼ Most Web users are unaware of being identified or followed by web agents which leverage techniques such as browser fingerprinting (or fingerprinting). Data obtained through such fingerprinting techniques can be utilized for various purposes ranging from understanding the types and properties of the user's browser to learning the user Web experience (e.g., through the browsing history). For enterprises, this can be a useful means to personalize services for their end-users or prevent online fraudulent activities. Similarly, a good fingerprinting technique can provide a rich set of data for various adversary purposes such as for compromising the security and privacy of Web users.
Careful or attentive Web users might configure privacy enhancing tools (e.g., pop-up and cookie blockers) or operate in the private mode of the browser in order to block or prevent fingerprinters. However, recently we have observed that new fingerprinting methods can easily bypass the existing fingerprinting detection and prevention mechanisms. Moreover, while the topic of browser fingerprinting has been well studied, little attention was given to their detection and prevention.
To address this challenge, we first analyze and reverse engineer the most widely used fingerprinting methods on the Web and unify these methods for developing a hybrid fingerprinting tool, called Fybrid. Furthermore, we integrate Fybrid with a social networking service and develop an integrated Web application, called iFybrid. Using iFybrid, we show the possibility of performing individual identification on top of browser identification using fingerprinting. We also identify metrics related to each method which are the indicators for performing fingerprinting attempts. Then, we use the identified metrics and propose a novel runtime fingerprinting detection and prevention approach, called FPGuard. FPGuard monitors activities of the running websites on the user's browser. While the detection capability of FPGuard is evaluated using the top 10,000 Alexa websites, its prevention mechanism is evaluated against four fingerprinting providers. Our evaluation results show that FPGuard can effectively detect and mitigate fingerprinting at runtime without interfering the user's browsing experience.
Subjects/Keywords: Fingerprinting
;
Web Privacy
;
Detection
;
Prevention
;
Runtime
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Faiz Khademi, A. (2014). Browser Fingerprinting: Analysis, Detection, and Prevention at Runtime
. (Thesis). Queens University. Retrieved from http://hdl.handle.net/1974/12604
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Faiz Khademi, Amin. “Browser Fingerprinting: Analysis, Detection, and Prevention at Runtime
.” 2014. Thesis, Queens University. Accessed January 23, 2021.
http://hdl.handle.net/1974/12604.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Faiz Khademi, Amin. “Browser Fingerprinting: Analysis, Detection, and Prevention at Runtime
.” 2014. Web. 23 Jan 2021.
Vancouver:
Faiz Khademi A. Browser Fingerprinting: Analysis, Detection, and Prevention at Runtime
. [Internet] [Thesis]. Queens University; 2014. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/1974/12604.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Faiz Khademi A. Browser Fingerprinting: Analysis, Detection, and Prevention at Runtime
. [Thesis]. Queens University; 2014. Available from: http://hdl.handle.net/1974/12604
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Brno University of Technology
2.
Škuta, Matúš.
Zjištění identity prohlížeče pomocí WebAssembly: Browser Fingerprinting Using Web Assembly.
Degree: 2020, Brno University of Technology
URL: http://hdl.handle.net/11012/191666
► The main goal of this bachelor thesis is the implementation of device identification using Web Assembly technology. In this work we are discussing the existing…
(more)
▼ The main goal of this bachelor thesis is the implementation of device identification using
Web Assembly technology. In this work we are discussing the existing methods of device identification, methods to prevent identification and ways to circumvent these barriers. We are also getting acquainted with the Brave browser, which seeks to reduce the identification of devices on the Internet. We are explaining how
Web Assembly works, what are its positives, negatives and if we are able to bypass various defences against device identification thanks to this new technology. Next, we are looking at the several
web APIs we are using to identify devices, and we are introducing a few extensions designed to prevent or completely limit device identification. Existing security extensions limit the activity of the
Web Assembly, for example this work shows that the
Web API Manager extension can neutralize the test page implemented in this work.
Advisors/Committee Members: Polčák, Libor (advisor), Koutenský, Michal (referee).
Subjects/Keywords: Web Assembly; WASM; identifikácia zariadení; web; fingerprintovanie; Web Assembly; WASM; device identification; web; fingerprinting
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Škuta, M. (2020). Zjištění identity prohlížeče pomocí WebAssembly: Browser Fingerprinting Using Web Assembly. (Thesis). Brno University of Technology. Retrieved from http://hdl.handle.net/11012/191666
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Škuta, Matúš. “Zjištění identity prohlížeče pomocí WebAssembly: Browser Fingerprinting Using Web Assembly.” 2020. Thesis, Brno University of Technology. Accessed January 23, 2021.
http://hdl.handle.net/11012/191666.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Škuta, Matúš. “Zjištění identity prohlížeče pomocí WebAssembly: Browser Fingerprinting Using Web Assembly.” 2020. Web. 23 Jan 2021.
Vancouver:
Škuta M. Zjištění identity prohlížeče pomocí WebAssembly: Browser Fingerprinting Using Web Assembly. [Internet] [Thesis]. Brno University of Technology; 2020. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/11012/191666.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Škuta M. Zjištění identity prohlížeče pomocí WebAssembly: Browser Fingerprinting Using Web Assembly. [Thesis]. Brno University of Technology; 2020. Available from: http://hdl.handle.net/11012/191666
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
3.
Queiroz, Jordan de Sá.
Um Método de Web Fingerprinting baseado em Atributos de Hardware.
Degree: 2018, Universidade Federal do Amazonas
URL: https://tede.ufam.edu.br/handle/tede/6379
► Web Fingerprinting é o processo no qual um usuário é, com alta probabilidade, identificado de forma única a partir das características extraídas de seu dispositivo,…
(more)
▼ Web Fingerprinting é o processo no qual um usuário é, com alta probabilidade,
identificado de forma única a partir das características extraídas de seu dispositivo,
gerando uma chave identificadora (fingerprint). Para um método que gere
um fingerprint ser eficaz é necessário obter respostas estáveis, o que implica em
empregar atributos discriminatórios com baixa volatilidade. Em outras palavras,
atributos capazes de fornecer as mesmas características sobre os dispositivos ao
longo do tempo. Há uma diversidade de técnicas propostas na literatura, mas
nem todas são capazes de gerar um fingerprint estável. Nesta dissertação é proposto,
projetado e avaliado um método de Web Fingerprinting que busca utilizar
características relacionadas ao hardware dos dispositivos. Uma das formas de
alcançar esse objetivo é empregar HTML5 Canvas e Web Audio API, tecnologias
promissoras por serem capaz de fornecer características relacionadas ao hardware
do dispositivo, o que reduz a mutabilidade do fingerprint extraído e aumenta o
número de dispositivos-alvo em que o método pode ser aplicado. Como resultado,
constatou-se que o emprego do HTML5 Canvas e da Web Audio API, em
conjunto como outros atributos cujas características são relativas ao hardware do
dispositivo, permite identificar, de forma única, com 90,34% de precisão, diversos
usuários. Além disso, percebeu-se que agrupamento de atributos mais fracos
com os mais discriminatórios permite extrair mais características do que utilizar
atributos discriminatórios de forma isolada.
Web fingerprinting is the process in which a user is, with high likelihood, uniquely
identified by the extracted features from his/her device, generating a fingerprint.
In order to be effective, the method must generate a stable fingerprint, and
therefore it is necessary to employ discriminatory attributes with low volatility,
capable of providing the same characteristics over the time. There are a variety
of proposed techniques, but not all of them are capable of generating a stable
fingerprint. In this work it is proposed, designed and evaluated a Web Fingerprinting
method that aims to employ features that provide characteristics related
to the devices’ hardware. One of the ways to achieve this objective is through the
use of technologies such as HTML5 and the Web Audio API. Theses are promising
technologies for Web Fingerprinting methods because they provide features
related to the devices’ hardware, which reduces the extracted fingerprint’s mutability
and increases the number of target devices in which the method can be
executed, since HTML5 is adopted by default in the most popular web browsers.
As results, it was found that the HTML5 Canvas and the Web Audio API, when
employed with other attributes related to the hardware characteristics of the
device, converges to a web Fingerprinting method capable of uniquely identify
several users (with 90,34% of accuracy). In addition, it was found that grouping
weaker attributes with more relevant ones allows the Web…
Advisors/Committee Members: Feitosa, Eduardo Luzeiro, 56285949204, http://lattes.cnpq.br/5939944067207881, Moura, Edleno Silva de, Aschoff, Rafael Roque, [email protected].
Subjects/Keywords: Web fingerprinting; HTML5 Canvas; Web Audio API; CIÊNCIAS EXATAS E DA TERRA: CIÊNCIA DA COMPUTAÇÃO
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Queiroz, J. d. S. (2018). Um Método de Web Fingerprinting baseado em Atributos de Hardware. (Masters Thesis). Universidade Federal do Amazonas. Retrieved from https://tede.ufam.edu.br/handle/tede/6379
Chicago Manual of Style (16th Edition):
Queiroz, Jordan de Sá. “Um Método de Web Fingerprinting baseado em Atributos de Hardware.” 2018. Masters Thesis, Universidade Federal do Amazonas. Accessed January 23, 2021.
https://tede.ufam.edu.br/handle/tede/6379.
MLA Handbook (7th Edition):
Queiroz, Jordan de Sá. “Um Método de Web Fingerprinting baseado em Atributos de Hardware.” 2018. Web. 23 Jan 2021.
Vancouver:
Queiroz JdS. Um Método de Web Fingerprinting baseado em Atributos de Hardware. [Internet] [Masters thesis]. Universidade Federal do Amazonas; 2018. [cited 2021 Jan 23].
Available from: https://tede.ufam.edu.br/handle/tede/6379.
Council of Science Editors:
Queiroz JdS. Um Método de Web Fingerprinting baseado em Atributos de Hardware. [Masters Thesis]. Universidade Federal do Amazonas; 2018. Available from: https://tede.ufam.edu.br/handle/tede/6379
Universidade de Lisboa
4.
Bernardo, Vítor Manuel Guerreiro.
Device fingerprinting techniques: threats and protections.
Degree: 2015, Universidade de Lisboa
URL: http://www.rcaap.pt/detail.jsp?id=oai:repositorio.ul.pt:10451/20402
► Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2015
A evolução das tecnologias da informação ao longo das últimas décadas repercutiu-se de…
(more)
▼ Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2015
A evolução das tecnologias da informação ao longo das últimas décadas repercutiu-se de forma decisiva na nossa sociedade. Estes desenvolvimentos trouxeram sobretudo a possibilidade de expansão da atividade de diversos setores, possibilitando novas abordagens até então impraticáveis ou demasiado dispendiosas para pôr em prática com a tecnologia existente. O setor comercial, em particular, viu o seu paradigma de negócio dramaticamente alterado com a introdução das novas tecnologias. O aperfeiçoamento dos serviços de logística e distribuição (também eles resultantes, em grande medida, de avanços tecnológicos), associado às novas tecnologias da informação permitiram ao setor comercial evoluir do conceito tradicional para novos modelos. O surgimento de redes de lojas associadas a uma determinada marca ou distribuidor, só foi possível graças a uma infraestrutura de comunicação que veio permitir a gestão de várias células dispersas como um único organismo. Por outro lado, a vulgarização de meios de comunicação como o telefone ou a Internet, permitiu às organizações chegarem junto dos clientes através de novos canais e tornou possível a desmaterialização dos pontos de venda e redução de custos com infraestruturas e pessoal. Apesar das vantagens subjacentes aos novos modelos comerciais, o distanciamento entre comerciante e cliente, caraterística comum nas novas abordagens, trouxe um novo problema para o vendedor – este deixou de conhecer os seus clientes. Com efeito, esse distanciamento relativamente aos consumidores exigiu que os comerciantes idealizassem novas formas de antecipar as próximas compras ou de sugerir produtos eventualmente apelativos para um determinado consumidor. Atualmente, quando o proprietário de uma superfície comercial pretende estudar os hábitos de consumo dos seus clientes, para fins de ajustamento da sua oferta à procura, necessita de agregar os registos de compras por cliente. O método mais comum para recolher esta informação baseia-se nos cartões de cliente. Mediante o preenchimento de um formulário com os dados pessoais do cliente e perante termos bem explícitos em que este seja devidamente informado do tratamento a que os seus dados serão submetidos, o cliente beneficiará de descontos ou outras vantagens nessa superfície. Desta forma o comerciante vê carregadas no seu sistema as aquisições afetas a um indivíduo, podendo assim aferir qual o agregado familiar, situação económica e interesses do titular dos dados. Este tratamento de dados, ainda que possa parecer intrusivo, é legítimo desde que o cliente esteja devidamente informado relativamente ao tratamento que será feito aos seus dados e tenha dado autorização expressa para o efeito. O que seria considerado ilegítimo e intrusivo seria se cada cliente tivesse as suas compras secretamente registadas pela loja e associadas à sua pessoa (ou a um perfil com um conjunto de caraterística que o definissem) tendo efetuado o pagamento em numerário e sem que…
Advisors/Committee Members: Domingos, Maria Dulce Pedroso, 1970-.
Subjects/Keywords: Device; Web-based; Browser; Fingerprinting; Deteção; Teses de mestrado - 2015; Departamento de Informática
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Bernardo, V. M. G. (2015). Device fingerprinting techniques: threats and protections. (Thesis). Universidade de Lisboa. Retrieved from http://www.rcaap.pt/detail.jsp?id=oai:repositorio.ul.pt:10451/20402
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Bernardo, Vítor Manuel Guerreiro. “Device fingerprinting techniques: threats and protections.” 2015. Thesis, Universidade de Lisboa. Accessed January 23, 2021.
http://www.rcaap.pt/detail.jsp?id=oai:repositorio.ul.pt:10451/20402.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Bernardo, Vítor Manuel Guerreiro. “Device fingerprinting techniques: threats and protections.” 2015. Web. 23 Jan 2021.
Vancouver:
Bernardo VMG. Device fingerprinting techniques: threats and protections. [Internet] [Thesis]. Universidade de Lisboa; 2015. [cited 2021 Jan 23].
Available from: http://www.rcaap.pt/detail.jsp?id=oai:repositorio.ul.pt:10451/20402.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Bernardo VMG. Device fingerprinting techniques: threats and protections. [Thesis]. Universidade de Lisboa; 2015. Available from: http://www.rcaap.pt/detail.jsp?id=oai:repositorio.ul.pt:10451/20402
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
5.
Patil, Simran Pramod.
Privacy implications of information leakage from IP addresses - a web fingerprinting approach.
Degree: MS, Electrical & Computer Engr, 2020, University of Illinois – Urbana-Champaign
URL: http://hdl.handle.net/2142/108011
► The Internet was not designed with security in mind. A number of recent protocols such as Encrypted DNS, HTTPS, etc. target encrypting critical parts of…
(more)
▼ The Internet was not designed with security in mind. A number of recent protocols such as Encrypted DNS, HTTPS, etc. target encrypting critical parts of the
web architecture, which were previously sent in the clear. IP addresses still remain visible to on-path observers and can be utilized for censorship, surveillance and sabotaging user’s privacy on the
web. We perform a measurement study on datasets representative of the state of the Internet fetched via HTTP Archive or those collected with configurations like Adblock enabled vs. disabled over extended periods of time by crawling Alexa’s top websites to gauge the amount of information leaked by IP addresses. We build a page load fingerprint for each of the websites crawled and filter the websites that have uniquely identifying IP addresses mapped to them. We build a neural network to study how accurately the classifier works in
fingerprinting websites based on IP addresses and their respective Autonomous System Numbers (ASNs). Approximately 80% of the IP addresses have an anonymity set comprising of a unique website and can successfully identify it. The classifier performs with an accuracy of about 60% on the remaining data. We observe that the classifier confuses websites belonging to common hosting infrastructures. Manual clustering efforts on the data based on these trends can increase the classification accuracy. We find areas of improvement for the current measurement study and provide suggestions to Content Delivery Networks (CDNs) and other agents fundamental to the Internet infrastructure to increase user privacy.
Advisors/Committee Members: Borisov, Nikita (advisor).
Subjects/Keywords: Web Fingerprinting; Encrypted DNS; Web Privacy
…HTTP Archive [24] database. To build a web-fingerprinting attack model, it
looks… …impacts an
adversary’s web fingerprinting attempts in the later sections. The cumulative
domain… …encrypted. Other critical parts of the web
infrastructure like the DNS query and Server Name… …than
before but still enough to profile a user’s activities on the web. Note that
the dotted… …to the web page being requested by the
user, this is the domain name in the URL that the…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Patil, S. P. (2020). Privacy implications of information leakage from IP addresses - a web fingerprinting approach. (Thesis). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/108011
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Patil, Simran Pramod. “Privacy implications of information leakage from IP addresses - a web fingerprinting approach.” 2020. Thesis, University of Illinois – Urbana-Champaign. Accessed January 23, 2021.
http://hdl.handle.net/2142/108011.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Patil, Simran Pramod. “Privacy implications of information leakage from IP addresses - a web fingerprinting approach.” 2020. Web. 23 Jan 2021.
Vancouver:
Patil SP. Privacy implications of information leakage from IP addresses - a web fingerprinting approach. [Internet] [Thesis]. University of Illinois – Urbana-Champaign; 2020. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/2142/108011.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Patil SP. Privacy implications of information leakage from IP addresses - a web fingerprinting approach. [Thesis]. University of Illinois – Urbana-Champaign; 2020. Available from: http://hdl.handle.net/2142/108011
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Université du Luxembourg
6.
Abgrall, Erwan.
An Empirical Study of Browsers' Evolution Impact on Security and Privacy.
Degree: 2014, Université du Luxembourg
URL: http://orbilu.uni.lu/handle/10993/18812
► Web success is associated with the expansion of web interfaces in software. They have replaced many thick-clients and command-line interfaces. HTML is now a widely…
(more)
▼ Web success is associated with the expansion of
web interfaces in software. They have replaced many thick-clients and command-line interfaces. HTML is now a widely adopted generic user-interface description language. The cloud-computing trend set browsers in a central position, handling all our personal and professional information. Online banking and e-commerce are the sources of an attractive cash flow for online thefts, and all this personal information is sold on black markets. Unsurprisingly,
web browsers are consequently the favorite targets of online attacks.
The fierce competition between browser vendors is associated with a features race, leading to partial implementation of W3C norms, and non-standard features. It resulted in a fast release pace of new browser versions over these last years. While positively perceived by users, such competition can have a negative impact on browser security and user privacy.
This increasing number of features and the discrepancies between browser vendors' implementations facilitate the attacker task for cross site scripting(XSS) and drive-by download attacks.
Coming to the overall objectives of a research leading to the better understandings of browser's role in security, this thesis provides an instrument to understand XSS attack vectors, categorize them, evaluate the exposure of
web browsers against XSS and may eventually open the field, but this is beyond the scope of this thesis, to a new strategy to detect future client-side attacks, however this last point is beyond the scope of this thesis.
Advisors/Committee Members: Kereval [sponsor], Le Traon, Yves [superviser], State, Radu [president of the jury].
Subjects/Keywords: Web; Security; XSS; Browser; Attack Surface; Fingerprinting; Engineering, computing & technology :: Computer science [C05]; Ingénierie, informatique & technologie :: Sciences informatiques [C05]
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Abgrall, E. (2014). An Empirical Study of Browsers' Evolution Impact on Security and Privacy. (Doctoral Dissertation). Université du Luxembourg. Retrieved from http://orbilu.uni.lu/handle/10993/18812
Chicago Manual of Style (16th Edition):
Abgrall, Erwan. “An Empirical Study of Browsers' Evolution Impact on Security and Privacy.” 2014. Doctoral Dissertation, Université du Luxembourg. Accessed January 23, 2021.
http://orbilu.uni.lu/handle/10993/18812.
MLA Handbook (7th Edition):
Abgrall, Erwan. “An Empirical Study of Browsers' Evolution Impact on Security and Privacy.” 2014. Web. 23 Jan 2021.
Vancouver:
Abgrall E. An Empirical Study of Browsers' Evolution Impact on Security and Privacy. [Internet] [Doctoral dissertation]. Université du Luxembourg; 2014. [cited 2021 Jan 23].
Available from: http://orbilu.uni.lu/handle/10993/18812.
Council of Science Editors:
Abgrall E. An Empirical Study of Browsers' Evolution Impact on Security and Privacy. [Doctoral Dissertation]. Université du Luxembourg; 2014. Available from: http://orbilu.uni.lu/handle/10993/18812
7.
Hrgarek, Luka.
Zbiranje podatkov in profiliranje uporabniških naprav s pomočjo spletnih brskalnikov.
Degree: 2017, Univerza v Mariboru
URL: https://dk.um.si/IzpisGradiva.php?id=65871
;
https://dk.um.si/Dokument.php?id=111725&dn=
;
https://plus.si.cobiss.net/opac7/bib/20599062?lang=sl
► Svetovni splet se je od začetkov svojega obstoja preobrazil iz zbirke s hiperpovezavami povezanih dokumentov v globalno platformo, na kateri so dostopne najrazličnejše programske rešitve.…
(more)
▼ Svetovni splet se je od začetkov svojega obstoja preobrazil iz zbirke s hiperpovezavami povezanih dokumentov v globalno platformo, na kateri so dostopne najrazličnejše programske rešitve. Programski jezik JavaScript je ključnega pomena za interaktivnost na spletu in omogoča razvijalcem dostop do številnih podatkov o uporabnikovem brskalniku ter posledično o uporabniku samemu. Kljub mnogim ukrepom organizacije World Wide Web Consortuim (W3C) in proizvajalcev brskalnikov je postopek zbiranja podatkov z uporabo kode JavaScript za navadnega uporabnika neviden, kar odpira možnosti zlorab.
V magistrskem delu smo obravnavali možnosti zbiranja podatkov o brskalnikih in uporabniških napravah s pomočjo namenske spletne aplikacije ter analizo stopnje zavedanja uporabnikov o možnosti zbiranja omenjenih podatkov. Ugotovili smo, da spletne aplikacije lahko pridobivajo podatke o brskalnikih v tolikšni meri, da to omogoča enolično identificiranje spletnih brskalnikov. Prav tako se je pokazalo, da so uporabniki dobro ozaveščeni o možnosti pridobivanja podatkov s pomočjo spletnih brskalnikov.
The development of World Wide Web has transformed it from a document storage with hyperlinks to a global platform on which a wide variety of software solutions are available. The programming language JavaScript, which is needed for interactivity on the web allows developers access to user browsers' data and hence the user himself. Despite many measures of World Wide Web Consortium (W3C) and browser vendors, the data collection process using JavaScript code is invisible to the user, which makes if susceptible to misuse.
In this thesis we present possibilities of collecting data of browsers and user devices via a dedicated web application and the analysis of user awareness on the possibility of collecting such data. The results show that web applications can retrieve data about browsers to an extent that can uniquely identify web browsers. Additionally, we it was shown that users are well aware of the possibility of collecting data using web their browsers.
Advisors/Committee Members: Hölbl, Marko.
Subjects/Keywords: zasebnost; spletni brskalnik; profiliranje; privacy; web browser; fingerprinting; info:eu-repo/classification/udc/004.65:[004.455.1:004.738.5](043.2)
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Hrgarek, L. (2017). Zbiranje podatkov in profiliranje uporabniških naprav s pomočjo spletnih brskalnikov. (Masters Thesis). Univerza v Mariboru. Retrieved from https://dk.um.si/IzpisGradiva.php?id=65871 ; https://dk.um.si/Dokument.php?id=111725&dn= ; https://plus.si.cobiss.net/opac7/bib/20599062?lang=sl
Chicago Manual of Style (16th Edition):
Hrgarek, Luka. “Zbiranje podatkov in profiliranje uporabniških naprav s pomočjo spletnih brskalnikov.” 2017. Masters Thesis, Univerza v Mariboru. Accessed January 23, 2021.
https://dk.um.si/IzpisGradiva.php?id=65871 ; https://dk.um.si/Dokument.php?id=111725&dn= ; https://plus.si.cobiss.net/opac7/bib/20599062?lang=sl.
MLA Handbook (7th Edition):
Hrgarek, Luka. “Zbiranje podatkov in profiliranje uporabniških naprav s pomočjo spletnih brskalnikov.” 2017. Web. 23 Jan 2021.
Vancouver:
Hrgarek L. Zbiranje podatkov in profiliranje uporabniških naprav s pomočjo spletnih brskalnikov. [Internet] [Masters thesis]. Univerza v Mariboru; 2017. [cited 2021 Jan 23].
Available from: https://dk.um.si/IzpisGradiva.php?id=65871 ; https://dk.um.si/Dokument.php?id=111725&dn= ; https://plus.si.cobiss.net/opac7/bib/20599062?lang=sl.
Council of Science Editors:
Hrgarek L. Zbiranje podatkov in profiliranje uporabniških naprav s pomočjo spletnih brskalnikov. [Masters Thesis]. Univerza v Mariboru; 2017. Available from: https://dk.um.si/IzpisGradiva.php?id=65871 ; https://dk.um.si/Dokument.php?id=111725&dn= ; https://plus.si.cobiss.net/opac7/bib/20599062?lang=sl
8.
Huba, William.
An Analysis of various web tracking methods.
Degree: 2012, Rochester Institute of Technology
URL: https://scholarworks.rit.edu/theses/4446
► The accurate tracking of web clients has historically been a difficult problem. Accurate tracking can be used to monitor the activity of attackers which would…
(more)
▼ The accurate tracking of
web clients has historically been a difficult problem. Accurate tracking can be used to monitor the activity of attackers which would otherwise be anonymous. Since HTTP is a stateless protocol, there is no built-in method for tracking clients. Many methods have been developed for this purpose; however they primarily rely on the cooperation of the client and are limited to the current session and are not designed to track a client long-term or through different environments. This paper takes an in-depth look at the most popular methods of tracking
web users and how well they preserve information when a client attempts to remove them. Each method is evaluated based on the amount of unique information they provide and how easy a client can defeat the method. The tracking methods are then combined using a profiling algorithm to correlate all of the available information into a single profile. The algorithm is designed with different weights for each method, allowing for environmental flexibility. Test results demonstrate that this approach accurately determines the correct profile for a client in situations where the individual methods alone could not.
Advisors/Committee Members: Yuan, Bo.
Subjects/Keywords: Fingerprinting; Http; Profiling; Security; Web tracking
…defenders to help identify and track web attackers.
As a proof of concept, ‘evercookie’ has… …IP
address can be revealed, even if he is using a web proxy. Using unique identifiers can… …also be used to
track a person that is using a web spider or bookmarked links. In addition to… …track web attackers many different methods must be used together and
not just separately.
4… …divided in three categories;
client storage, IP detection, and fingerprinting. The reliability…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Huba, W. (2012). An Analysis of various web tracking methods. (Thesis). Rochester Institute of Technology. Retrieved from https://scholarworks.rit.edu/theses/4446
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Huba, William. “An Analysis of various web tracking methods.” 2012. Thesis, Rochester Institute of Technology. Accessed January 23, 2021.
https://scholarworks.rit.edu/theses/4446.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Huba, William. “An Analysis of various web tracking methods.” 2012. Web. 23 Jan 2021.
Vancouver:
Huba W. An Analysis of various web tracking methods. [Internet] [Thesis]. Rochester Institute of Technology; 2012. [cited 2021 Jan 23].
Available from: https://scholarworks.rit.edu/theses/4446.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Huba W. An Analysis of various web tracking methods. [Thesis]. Rochester Institute of Technology; 2012. Available from: https://scholarworks.rit.edu/theses/4446
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
9.
Somé, Dolière Francis.
Sécurité et vie privée dans les applications web : Web applications security and privacy.
Degree: Docteur es, Informatique, 2018, Université Côte d'Azur (ComUE)
URL: http://www.theses.fr/2018AZUR4085
► Dans cette thèse, nous nous sommes intéressés aux problématiques de sécurité et de confidentialité liées à l'utilisation d'applications web et à l'installation d'extensions de navigateurs.…
(more)
▼ Dans cette thèse, nous nous sommes intéressés aux problématiques de sécurité et de confidentialité liées à l'utilisation d'applications
web et à l'installation d'extensions de navigateurs. Parmi les attaques dont sont victimes les applications
web, il y a celles très connues de type XSS (ou Cross-Site Scripting). Les extensions sont des logiciels tiers que les utilisateurs peuvent installer afin de booster les fonctionnalités des navigateurs et améliorer leur expérience utilisateur. Content Security Policy (CSP) est une politique de sécurité qui a été proposée pour contrer les attaques de type XSS. La Same Origin Policy (SOP) est une politique de sécurité fondamentale des navigateurs, régissant les interactions entre applications
web. Par exemple, elle ne permet pas qu'une application accède aux données d'une autre application. Cependant, le mécanisme de Cross-Origin Resource Sharing (CORS) peut être implémenté par des applications désirant échanger des données entre elles. Tout d'abord, nous avons étudié l'intégration de CSP avec la Same Origin Policy (SOP) et démontré que SOP peut rendre CSP inefficace, surtout quand une application
web ne protège pas toutes ses pages avec CSP, et qu'une page avec CSP imbrique ou est imbriquée dans une autre page sans ou avec un CSP différent et inefficace. Nous avons aussi élucidé la sémantique de CSP, en particulier les différences entre ses 3 versions, et leurs implémentations dans les navigateurs. Nous avons ainsi introduit le concept de CSP sans dépendances qui assure à une application la même protection contre les attaques, quelque soit le navigateur dans lequel elle s'exécute. Finalement, nous avons proposé et démontré comment étendre CSP dans son état actuel, afin de pallier à nombre de ses limitations qui ont été révélées dans d'autres études. Les contenus tiers dans les applications
web permettent aux propriétaires de ces contenus de pister les utilisateurs quand ils naviguent sur le
web. Pour éviter cela, nous avons introduit une nouvelle architecture
web qui une fois déployée, supprime le pistage des utilisateurs. Dans un dernier temps, nous nous sommes intéressés aux extensions de navigateurs. Nous avons d'abord démontré que les extensions qu'un utilisateur installe et/ou les applications
web auxquelles il se connecte, peuvent le distinguer d'autres utilisateurs. Nous avons aussi étudié les interactions entre extensions et applications
web. Ainsi avons-nous trouvé plusieurs extensions dont les privilèges peuvent être exploités par des sites
web afin d'accéder à des données sensibles de l'utilisateur. Par exemple, certaines extensions permettent à des applications
web d'accéder aux contenus d'autres applications, bien que cela soit normalement interdit par la Same Origin Policy. Finalement, nous avons aussi trouvé qu'un grand nombre d'extensions a la possibilité de désactiver la Same Origin Policy dans le navigateur, en manipulant les entêtes CORS. Cela permet à un attaquant d'accéder aux données de l'utilisateur dans n'importe qu'elle autre application, comme par…
Advisors/Committee Members: Rezk, Tamara (thesis director).
Subjects/Keywords: Web; Navigateurs; Applications web; Sécurité; Extensions de navigateurs; Communication inter-iframes; Confidentialité; Vie privé; Pistage; Empreinte de navigateurs; Web; Browser; Web applications; Security; Same origin policy; Content origin policy; Cross-origin resource sharing; Browser extensions; Privacy; Cross-iframe communication; Third party web tracking; Browser fingerprinting
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Somé, D. F. (2018). Sécurité et vie privée dans les applications web : Web applications security and privacy. (Doctoral Dissertation). Université Côte d'Azur (ComUE). Retrieved from http://www.theses.fr/2018AZUR4085
Chicago Manual of Style (16th Edition):
Somé, Dolière Francis. “Sécurité et vie privée dans les applications web : Web applications security and privacy.” 2018. Doctoral Dissertation, Université Côte d'Azur (ComUE). Accessed January 23, 2021.
http://www.theses.fr/2018AZUR4085.
MLA Handbook (7th Edition):
Somé, Dolière Francis. “Sécurité et vie privée dans les applications web : Web applications security and privacy.” 2018. Web. 23 Jan 2021.
Vancouver:
Somé DF. Sécurité et vie privée dans les applications web : Web applications security and privacy. [Internet] [Doctoral dissertation]. Université Côte d'Azur (ComUE); 2018. [cited 2021 Jan 23].
Available from: http://www.theses.fr/2018AZUR4085.
Council of Science Editors:
Somé DF. Sécurité et vie privée dans les applications web : Web applications security and privacy. [Doctoral Dissertation]. Université Côte d'Azur (ComUE); 2018. Available from: http://www.theses.fr/2018AZUR4085
10.
Nguyen, Giang Truong Khoa.
Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor.
Degree: PhD, Computer Science, 2017, University of Illinois – Urbana-Champaign
URL: http://hdl.handle.net/2142/98375
► The Internet has become an integral part of modern life. At the same time, as we spend increasingly more time online, our digital trails, including…
(more)
▼ The Internet has become an integral part of modern life. At the same time, as we spend increasingly more time online, our digital trails, including the identities of the websites we visit, can reveal sensitive personal information. As a result, researchers have devised schemes that seek to enable users to obfuscate the network traffic fingerprints of the websites they visit; however, being ad hoc attempts, these schemes have all been later found to be ineffective against more sophisticated attacks. Thus, researchers have recently proposed a family of provable defenses called BuFLO, or Buffered Fixed-Length Obfuscator, that provides strong privacy guarantees at the expense of high overhead.
Orthogonal to these defenses, the popular Tor anonymity network provides some protection against these attacks but is nonetheless susceptible. In this dissertation, we propose a simple design that uses BuFLO to protect
web browsing traffic over Tor: tunnel the BuFLO channel through Tor. In order to evaluate the design, for both live experiments as well as large-scale simulations, we need precise models of the traffic profiles generated by a browser's visiting websites. This in turn requires us to obtain a fine-grained model of the
web page loading process, two key components of which are the browser and the
web page. After diving into the immensely complex
web page loading process, we instrument the browser in order to extract bits of information as it loads a
web page; this enables us to obtain the models for 50 top Alexa-ranked global websites. Following that, we build a traffic generator framework to generate network traffic according to the models. Next, we design and implement from scratch CS-Tamaraw, a congestion-sensitive version of Tamaraw, the most secure member of the BuFLO family.
With all the pieces in hand, we perform live experiments to confirm that CS-Tamaraw provides the predicted gains in privacy as in the original study. However, when CS-Tamaraw is tunneled through Tor as we propose, its defense degrades significantly. We then conduct experiments to determine whether CS-Tamaraw is at fault. Both CS-Tamaraw and a simple, barebone, application-layer defense work largely as expected without Tor but are similarly afflicted when tunneled through Tor. Further investigations suggest that the unexpected results are due to artifacts in network conditions and not due to flaws in the design or implementation of CS-Tamaraw. We end after discussing the large-scale simulation studies with various levels of adoption of CS-Tamaraw.
Advisors/Committee Members: Borisov, Nikita (advisor), Borisov, Nikita (Committee Chair), Caesar, Matthew (committee member), Godfrey, Philip B (committee member), Johnson, Rob (committee member).
Subjects/Keywords: Website traffic fingerprinting; Provable website traffic fingerprinting; Tor; Web page modeling
…and website traffic fingerprinting. Next we discuss
modeling of web pages in Chapter 3. We… …the model of the web page. In our context, however, where website
traffic fingerprinting… …Tor . . . . . . . . . . . . . .
2.2 Website traffic fingerprinting
2.2.1 Attacks… …GRAINED MODELING OF THE WEB PAGE
LOADING PROCESS… …3.1 The high-level mechanics of web page loading . . . . . . . .
3.2 Deep dive into web page…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nguyen, G. T. K. (2017). Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor. (Doctoral Dissertation). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/98375
Chicago Manual of Style (16th Edition):
Nguyen, Giang Truong Khoa. “Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor.” 2017. Doctoral Dissertation, University of Illinois – Urbana-Champaign. Accessed January 23, 2021.
http://hdl.handle.net/2142/98375.
MLA Handbook (7th Edition):
Nguyen, Giang Truong Khoa. “Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor.” 2017. Web. 23 Jan 2021.
Vancouver:
Nguyen GTK. Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor. [Internet] [Doctoral dissertation]. University of Illinois – Urbana-Champaign; 2017. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/2142/98375.
Council of Science Editors:
Nguyen GTK. Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor. [Doctoral Dissertation]. University of Illinois – Urbana-Champaign; 2017. Available from: http://hdl.handle.net/2142/98375
Universidade do Minho
11.
Barroso, Vera Patrícia Barbosa.
Posicionamento colaborativo em redes Wi-Fi: [email protected]
.
Degree: 2015, Universidade do Minho
URL: http://hdl.handle.net/1822/42024
► Nos dias de hoje, os dispositivos móveis são objetos indispensáveis na vida das pessoas, tendo um forte impacto no dia-a-dia delas. Estes dispositivos integram várias…
(more)
▼ Nos dias de hoje, os dispositivos móveis são objetos indispensáveis na vida das pessoas,
tendo um forte impacto no dia-a-dia delas. Estes dispositivos integram várias tecnologias, as quais
são constantemente exploradas em várias áreas, dentro delas o posicionamento no interior de
edifícios.
Neste momento existem várias aplicações que determinam a posição de pessoas, objetos
com grande precisão, mas em ambientes exteriores usando o sistema de localização GPS. Contudo
estimar a posição de uma pessoa num ambiente interior com grande precisão é mais complexo, por
isso muitos investigadores exploram cada vez mais esta área.
Normalmente, para estimar a posição no interior de edifícios pretende-se utilizar as
infraestruturas instaladas neles e assim proporcionar soluções de baixo custo. Nesta situação, os
sistemas de posicionamento baseados na técnica Wi-Fi
fingerprinting são os que mais se destacam.
Para a implementação desta técnica, normalmente são usados os dispositivos móveis das pessoas.
As pessoas ao estarem dentro de um edifício, os dispositivos móveis conseguem detetar pontos de
acesso Wi-Fi e recolhem dados sobre eles, juntamente com o respetivo nível de sinal detetado e
enviam esses dados a um serviço que estima a localização, comparando as fingerprints com um
mapa de rádio previamente construído.
O propósito desta dissertação centra-se em melhorar um sistema de posicionamento, já
existente, baseado na técnica Wi-Fi
fingerprinting, que posiciona tanto em ambientes interiores
como exteriores. Então são descritas e implementadas soluções de melhoria do sistema. Também é
apresentada uma solução para verificar a disponibilidade dos serviços do sistema de
posicionamento, que consiste na implementação de uma ferramenta de monitorização.
Advisors/Committee Members: Meneses, Filipe (advisor), Moreira, Adriano (advisor).
Subjects/Keywords: Localização indoor / outdoor;
Posicionamento;
Técnica fingerprinting;
Wi-Fi;
Redes sem fios;
Web services;
Aplicação móvel;
Android;
Monitorização;
Indoor / outdoor location;
Positioning;
Fingerprint technique;
Wireless networks;
Mobile application;
Monitoring
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Barroso, V. P. B. (2015). Posicionamento colaborativo em redes Wi-Fi: [email protected]
. (Masters Thesis). Universidade do Minho. Retrieved from http://hdl.handle.net/1822/42024
Chicago Manual of Style (16th Edition):
Barroso, Vera Patrícia Barbosa. “Posicionamento colaborativo em redes Wi-Fi: [email protected]
.” 2015. Masters Thesis, Universidade do Minho. Accessed January 23, 2021.
http://hdl.handle.net/1822/42024.
MLA Handbook (7th Edition):
Barroso, Vera Patrícia Barbosa. “Posicionamento colaborativo em redes Wi-Fi: [email protected]
.” 2015. Web. 23 Jan 2021.
Vancouver:
Barroso VPB. Posicionamento colaborativo em redes Wi-Fi: [email protected]
. [Internet] [Masters thesis]. Universidade do Minho; 2015. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/1822/42024.
Council of Science Editors:
Barroso VPB. Posicionamento colaborativo em redes Wi-Fi: [email protected]
. [Masters Thesis]. Universidade do Minho; 2015. Available from: http://hdl.handle.net/1822/42024
12.
Höglund, Salomon.
Informing Users About Fingerprinting.
Degree: Media Technology, 2019, Södertörn University
URL: http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-38592
► In peoples hyperconnected lives, a price to pay is their internet privacy and the different risks it faces the second their browser connects to…
(more)
▼ In peoples hyperconnected lives, a price to pay is their internet privacy and the different risks it faces the second their browser connects to the web. One such risk comes from how web tracking collect and analyze users information. This paper explores an approach to how web browsers can inform its users about the web tracking technique Fingerprinting, and through the concept presentation of this approach see: what key key aspects of visual aesthetics that affects the users experience when being informed; and to what extent differences in technological interest and knowledge affect users reception of Fingerprinting information, and the implementation implications the differences leads to. For this purpose a high fidelity prototype was created to: represent the concept of web browsers having integrated educational pages meant to inform its users on topics such as Fingerprinting, and to; be used in a user test. The results showed: a lack of knowledge on the existence of Fingerprinting; that differences in technological interest and knowledge among users affected what aspects of visual aesthetics they valued; and that those with less technological interest and knowledge to a higher degree had their attitudes towards Internet Privacy affected by the prototype’s information. It also showed that the differences affects users approach and interactions with software, and that the design implications this brings are to be considered for future browser functionality implementations.
Självständigt Examensarbete (Forskningsartikel)
Subjects/Keywords: Fingerprinting; HCI; Human-Computer Interaction; IxD; Interaction Design; Internet Privacy; Privacy; UX; User Experience; UI; User Interface; Visual Aesthetics; Web Tracking; Media and Communication Technology; Medieteknik
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Höglund, S. (2019). Informing Users About Fingerprinting. (Thesis). Södertörn University. Retrieved from http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-38592
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Höglund, Salomon. “Informing Users About Fingerprinting.” 2019. Thesis, Södertörn University. Accessed January 23, 2021.
http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-38592.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Höglund, Salomon. “Informing Users About Fingerprinting.” 2019. Web. 23 Jan 2021.
Vancouver:
Höglund S. Informing Users About Fingerprinting. [Internet] [Thesis]. Södertörn University; 2019. [cited 2021 Jan 23].
Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-38592.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Höglund S. Informing Users About Fingerprinting. [Thesis]. Södertörn University; 2019. Available from: http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-38592
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
13.
Reddy, Sanjeev.
Measuring the impact of site configurations on site fingerprinting over the web and Tor.
Degree: MS, Computer Science, 2020, University of Illinois – Urbana-Champaign
URL: http://hdl.handle.net/2142/108024
► As security and privacy on the web become topics of significant concern, there have been increased efforts to expedite the deployment of encryption-based transport- and…
(more)
▼ As security and privacy on the
web become topics of significant concern, there have been increased efforts to expedite the deployment of encryption-based transport- and link-layer protection mechanisms such as HTTPS. Although encryption protects the data being transmitted between a client and a server, site visits generate unique traffic patterns due to contents of the site and the manner in which the server responds to user requests for site resources. These patterns can be learned by an adversary, and then be used to predict which site (or
web page within a site) a user is visiting—a technique known as
web fingerprinting.
Web fingerprinting allows an adversary to compromise user privacy even in the presence of encryption mechanisms or anonymity systems, such as the Tor network.
In this thesis, we examine how changes to a site’s configuration (i.e., the size of the site, site content, hosting strategies, etc.) can influence an adversary’s ability to successfully fingerprint a user’s visit to a site over the
web and Tor. We pay particular attention to the impact of HTTP/2 and Server Push—new
web standards which significantly change network traffic patterns by altering the order in which site resources are served. Additionally, we experiment with padding site sizes, renaming site resources, and hosting sites from both single and multiple servers in order to observe the effect of each of these changes on
fingerprinting accuracy.
In order to collect traces from sites that reflect our experimental changes, we create models of real-world sites and onion services that capture the resource dependency structures of the original sites. We then modify these models to reflect our desired configuration changes and serve them via HTTP/1.1 and HTTP/2 with server push. We collect traces of visits to these models conducted over the
web, as well as the Tor network, and evaluate the performance of state-of-the-art
fingerprinting classifiers on both sets of traces. We find that HTTP/2 with server push can successfully reduce
fingerprinting accuracy when compared to HTTP/1.1, and that real-world sites visited over the
web benefit from single-server hosting, site padding, and constant-length Huffman-encoded resource names. We also find that HTTP/2 with server push reduces the fingerprintability of regular sites and onion services accessed over the Tor network, but inconsistencies in our data prevent us from drawing any conclusions regarding the efficacy of site padding, resource renaming, and single- vs. multi-server hosting when
fingerprinting Tor traffic. We suggest future work that should help gather more conclusive results for our Tor experiments.
Advisors/Committee Members: Borisov, Nikita (advisor).
Subjects/Keywords: web fingerprinting; HTTP/2; server push; Tor; onion services
…motivated by performance, we aim to investigate what impact they have on web
fingerprinting… …server traffic patterns, and in turn, impact the success of site
fingerprinting over the web… …web servers per site. We use state-of-the-art web fingerprinting techniques [5, 6, 7… …fingerprinting over the web: We find that there
is a notable drop in classifier accuracy when a site is… …over the web to fingerprinting over the Tor
network. We host both regular sites and onion…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Reddy, S. (2020). Measuring the impact of site configurations on site fingerprinting over the web and Tor. (Thesis). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/108024
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Reddy, Sanjeev. “Measuring the impact of site configurations on site fingerprinting over the web and Tor.” 2020. Thesis, University of Illinois – Urbana-Champaign. Accessed January 23, 2021.
http://hdl.handle.net/2142/108024.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Reddy, Sanjeev. “Measuring the impact of site configurations on site fingerprinting over the web and Tor.” 2020. Web. 23 Jan 2021.
Vancouver:
Reddy S. Measuring the impact of site configurations on site fingerprinting over the web and Tor. [Internet] [Thesis]. University of Illinois – Urbana-Champaign; 2020. [cited 2021 Jan 23].
Available from: http://hdl.handle.net/2142/108024.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Reddy S. Measuring the impact of site configurations on site fingerprinting over the web and Tor. [Thesis]. University of Illinois – Urbana-Champaign; 2020. Available from: http://hdl.handle.net/2142/108024
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
. 
Open Access Theses and Dissertations
