carnus exploring the privacy threats of browser extension
play

Carnus: Exploring the Privacy Threats of Browser Extension - PowerPoint PPT Presentation

Feb 21, 2023 •571 likes •886 views

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

  1. Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020

  2. Browser extensions • Extend functionality of the browser • “Adblock Plus” with 10,000,000+ users • “Tampermonkey” with 10,000,000+ users • “LastPass” with 10,000,000+ users • Security threats of extensions have been studied • (e.g., Kapravelos et al; USENIX Security 2014) • We focus on the privacy aspect of browser extensions • First, we build and evaluate the most comprehensive extension-fingerprinting system to date 2

  3. Installed extensions might reveal user’s interests, preferences, browsing habits, and demographic information WebFilter FREE: Parental 中国空⽓ 质 量指数 Ya'Muslim LGBT Pride Don't Pay Trump 3asyR Control & Anti-Porn Young Users Ethnicity Health Gender/ Religion Politics sexuality 3

  4. Threat model User visits attacker’s website, which attempts to detect installed extensions Fingerprint Analysis DB User Traits 4

  5. Fingerprinting techniques For the purpose of detection, we generate a Fingerprint for each extension 1. WARs (web accessible resources) 2. Behavior-based 3. Intra-communication-based 4. Inter-communication-based 5

  6. 1. WAR-Based Fingerprints • Extensions may have some resources that are accessible from the DOM • Websites can probe WARs to detect which extensions are installed in the user’s browser • Well-known approach for detecting extensions • Maximizes the coverage of our attack, enabling extensive exploration of privacy implications Extension Background Scripts Content Scripts <img src="chrome-extension://<ext-ID>/img.jpg"> WARs img.jpg script.js 6

  7. 2. Behavior-Based Fingerprints Extensions might add/remove images, buttons, code, or text to the web page Cloud To Butt Plus 7

  8. 2. Behavior-Based Fingerprints • Created a honeypage to trigger as many extensions as possible • Includes HTML, JS, CSS, text, etc • Detecting content-based triggering is Replaces the text 'the cloud' with 'my butt', as well as 'cloud' with 'butt' in certain contexts. challenging Slight improvements to Butt-to-butt, found here: https://github.com/panicsteve/butt-to-butt • Observation : use the extension’s My repo: https://github.com/hank/butt-to-butt description to trigger such behavior Changes occurences of "butt" or "my butt" to "butt" or "my butt" respectively and only in proper context (not weather sites, if possible). 8

  9. 2. Behavior-Based Fingerprints <form action="/action_page.php"> modified <form action="/action_page.php"> <label for="uname"> Username </label> added <label for="uname"> Username </label> <input type="text" name="uname" autocomplete="off" <input type="text" name="uname" autocomplete="on" > style="background-image: url('data:image/png;base64,…');" > <label for="psw"> Password </label> <label for="psw"> Password </label> <input type="password" name="psw" autocomplete="on" > <input type="password" name="psw" autocomplete="off" <button type="submit"> Login </button> style="background-image: url('data:image/png;base64,…');" > </form> <button type="submit"> Login </button> </form> Added: {style="background-image: url('data:image/png;base64,…');", autocomplete="off"} Removed: {autocomplete="on"} 9

  10. 3. Intra-communication Based Fingerprints Extension Access to the full capabilities Background Scripts of the extension Content Scripts Has access to the DOM WARs We use the messages that are sent by content scripts to detect extensions. 10

  11. 3. Intra-communication Based Fingerprints We use the messages sent by content scripts to detect extensions. Extension Background Scripts Content Scripts <script> var messages = [] window.postMessage('msg', '*'); window.addEventListener('message', (event) => { data = JSON.stringify(event['data']); messages.push(data); WARs ); }); </script> 11

  12. 4. Inter-communication Based Fingerprints • Content scripts may fetch resources from the network • Attackers can use Performance API to obtain list of fetched resources Extension Background Scripts <script> var links = [] Content Scripts var resources = performance.getEntriesByType("resource"); for (var r=0; r<resources.length; r++){ links.push(resources[r]['name’]); <script src="ext.com/script.js"></script> } </script> WARs 12

  13. 13

  14. Extension Enumeration Phases All the fingerprints Fingerprint Detection Post Generation Phase Detection This phase is repeated three times. Reason: 1. Different behaviors of an extension. 1 st behavior: {“image-1.jpg”} 2 nd behavior: {“image-2.jpg”} 2. Dynamic components {…, timestamp=“123”} {…, timestamp=“456”} {…, timestamp=“789”} 14

  15. Extension Enumeration Phases Set of detected extensions Fingerprint Detection Post Generation Phase Detection We allow a certain number of components to mismatch Reason: for removing false negatives. 15

  16. Extension Enumeration Phases List of installed Extensions Fingerprint Detection Post Generation Phase Detection From the list of detected extensions • if one extension’s fingerprint is a subset of another one • remove this extension from the list of detected extensions • 16

  17. Practical Challenges: co-interference Modifications of one extension can affect the modifications of the other Extension-1 Extension-2 Word-3 Word-1 Word-2 Image-1 Image-2 Word-4 17

  18. Experimental Evaluation Attack Accuracy • Randomly install a set of extensions (N=2..10), run detection • Repeat this process 100 times • Our system always correctly identifies more than 97% of installed extensions • Average false positive rate: 4.77% • Average false negative rate: 1.93% Attack Duration • Optimize attack by offloading most computation to server • Average client-side attack: 8.77 seconds • Average server-side computation: 3.62 seconds • (Off-the-shelf desktop: Quad Core Intel i7-7700 and 32GB of RAM) 18

  19. Comparison to previous studies Paper Attack Platform Extensions Detectable Behavior-based Chrome 10,000 920 [Starov et al., S&P ‘17] Chrome 43,429 12,154 WAR-based [Sjosten et al., CODASPY '17] Firefox 14,896 1,003 WAR-based Chrome 13,000 5,107 [Gulyas et al., WPES '18] Chrome 10,620 10,620 WAR Side-channel [Sanchez-Rola et al., USENIX '17] Firefox 10,620 10,620 Chrome 10,459 1,932 WAR Revelation [Sjosten et al., NDSS '19] Firefox 8,646 1,379 Ours Multi-class Chrome 102,482 29,536 19

  20. Countermeasure effects • [Trickel et al,. USENIX '19] is a defense against extension fingerprinting o Randomizes the values of ID and class attributes o Injects random tags and attributes into each page o Randomizes the path of the WARs • During the fingerprint generation phase, we can identify and remove the unstable components from fingerprints 20

  21. Countermeasure effects: example 1. CloakX doesn’t affect this fingerprint Before {font-size:10px, color:white, initial, text-align:left, justify-content:center, line-height:4px, id="dv_masterkey_banner", flex-grow:0, rgb(160,160,160), class="dv_masterkey_message", access, id="____ok_icom_in___", position:absolute, Arial, display:flex, font-size:14px, class="dv_masterkey_banner", id="dv_launch_onepassui", style="color:orange", center, z-index} After {font-size:10px, color:white, initial, text-align:left, justify-content:center, flex-grow:0, rgb(160,160,160), access, position:absolute, Arial, display:flex, style="color:orange", line- height:4px, center, z-index, font-size:14px} 2. CloakX renders this fingerprint useless Before {style="display:none;", class="hashmenu01"} Too generic After {style="display:none;"} 21

  22. Countermeasure effects: example 1. CloakX doesn’t affect this fingerprint: At least 83.6% of our behavior-based Before {font-size:10px, color:white, initial, text-align:left, justify-content:center, line-height:4px, id="dv_masterkey_banner", flex-grow:0, rgb(160,160,160), class="dv_masterkey_message", fingerprints remain effective. access, id="____ok_icom_in___", position:absolute, Arial, display:flex, font-size:14px, class="dv_masterkey_banner", id="dv_launch_onepassui", style="color:orange", center, z-index} Still, this defense is an important step After {font-size:10px, color:white, initial, text-align:left, justify-content:center, flex-grow:0, rgb(160,160,160), access, position:absolute, Arial, display:flex, style="color:orange", line- in the right direction. We hope that height:4px, center, z-index, font-size:14px} our work incentivizes more research. 2. CloakX renders this fingerprint useless Before {style="display:none;", class="hashmenu01"} Too generic After {style="display:none;"} 22

  23. 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami ,

Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting Soroush Karami , Panagiotis Ilia, Konstantinos Solomos, Jason Polakis University of Illinois at Chicago, USA skaram5@uic.edu February 24, 2020 Browser extensions

492 views • 28 slides
Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
SearchPanel: A browser extension for managing search ac7vity

SearchPanel: A browser extension for managing search ac7vity

SearchPanel: A browser extension for managing search ac7vity Simon Tre;er, University of Amsterdam Gene Golovchinsky, FXPAL @HCIR_GeneG Pernilla Qvarfordt,

357 views • 11 slides
The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda Grses Motivation imec - ESAT/COSIC, KU Leuven Threat Modeling 1. Characterize the system 2. Identify the threats 3. Threat and Risk analysis

147 views • 12 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities Michael

Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities Michael

Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities Michael Zimmer, PhD Fellow, Information Society Project Yale Law School Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities

643 views • 27 slides
Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
Threats to Data: Legal Compliance Challenges at the Intersection of Privacy and Security William

Threats to Data: Legal Compliance Challenges at the Intersection of Privacy and Security William

Threats to Data: Legal Compliance Challenges at the Intersection of Privacy and Security William Denny Secure Delaware Workshop September 24, 2019 Common Cyber Incidents Espionage &amp; surveillance Business email compromise

609 views • 27 slides
Privacy &amp; Information Security Tackling Trends &amp; Threats December 12, 2014 Norma A.

Privacy &amp; Information Security Tackling Trends &amp; Threats December 12, 2014 Norma A.

Privacy &amp; Information Security Tackling Trends &amp; Threats December 12, 2014 Norma A. Chitvanni RHIT, CHPS nchitvan@bidmc.harvard.edu Agenda Omnibus Rule Pay Out of Pocket 2013 Mobile clinical equipment Email security

102 views • 8 slides
Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj Singh Gaur 1 , Vijay Laxmi 1 , Tushar Singhal 1 , Mauro Conti 2 1 Malaviya National Institute of Technology, Jaipur, India 2 University of Padua, Italy

882 views • 58 slides
NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser

NSTIC, Privacy and Social Login Presentation at the W3C Workshop on Identity in the Browser Francisco Corella and Karen P. Lewison Pomcor 1 05/03/2011 Pomcor Getting Rid of Passwords n is one long term goal of NSTIC n But it may

255 views • 7 slides
Privacy-Preserving Browser-Side Scripting BFlow Janusz Kudeka December 21, 2011 Janusz

Privacy-Preserving Browser-Side Scripting BFlow Janusz Kudeka December 21, 2011 Janusz

Introduction Background Design Implementation Evaluation Summary Privacy-Preserving Browser-Side Scripting BFlow Janusz Kudeka December 21, 2011 Janusz Kudeka Privacy-Preserving Browser-Side Scripting BFlow Introduction Background

1.66k views • 134 slides
Web Browser Privacy &amp; Security Fan Du CMSC 818D Class Presentation 4/16/2015 1 Outline

Web Browser Privacy &amp; Security Fan Du CMSC 818D Class Presentation 4/16/2015 1 Outline

Web Browser Privacy &amp; Security Fan Du CMSC 818D Class Presentation 4/16/2015 1 Outline Q1: How to Prevent Web Tracking ? Q2: How to Opt Out Online Behavioral Advertising ? Q3: How to Design Phishing Websites ? 2 Outline

555 views • 51 slides
Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti Extensions Browser extensions are the most popular technique currently available to extend the

722 views • 38 slides
FP-Block usable web privacy by controlling browser fingerprinting Joint work with Sjouke Mauw

FP-Block usable web privacy by controlling browser fingerprinting Joint work with Sjouke Mauw

FP-Block usable web privacy by controlling browser fingerprinting Joint work with Sjouke Mauw (UL), Christof Ferreira Torres (UL) OUtline Part 1: introduction Part 2: thwarting 3 rd party fingerprint-based web-tracking Introducing

1.52k views • 112 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

159 views • 12 slides
Capturing the elevation dependence of ITD using an extension of the spherical-head model

Capturing the elevation dependence of ITD using an extension of the spherical-head model

Capturing the elevation dependence of ITD using an extension of the spherical-head model Rahulram Sridhar 3D3A Laboratory, Princeton University This talk is based on the work by Sridhar and Choueiri, published under the same title as paper

800 views • 53 slides
Lecture 6.1: Fields and their extensions Matthew Macauley Department of Mathematical Sciences

Lecture 6.1: Fields and their extensions Matthew Macauley Department of Mathematical Sciences

Lecture 6.1: Fields and their extensions Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Modern Algebra M. Macauley (Clemson) Lecture 6.1: Fields and their extensions

202 views • 8 slides
Obliv-C: A Simple C Extension for SMC Samee Zahur samee@virginia.edu Project repository:

Obliv-C: A Simple C Extension for SMC Samee Zahur samee@virginia.edu Project repository:

Obliv-C: A Simple C Extension for SMC Samee Zahur samee@virginia.edu Project repository: github.com/samee/obliv-c Sample Stats Small samples hu661AD0.snp and hu604D39.snp Execuon me 8.47 seconds Circuit size 19,041,149

214 views • 7 slides
Millimeter-Wave Human Blockage at 73 GHz with a Simple Double Knife-Edge Diffraction Model and

Millimeter-Wave Human Blockage at 73 GHz with a Simple Double Knife-Edge Diffraction Model and

Millimeter-Wave Human Blockage at 73 GHz with a Simple Double Knife-Edge Diffraction Model and Extension for Directional Antennas IEEE VTC2016-Fall, Montreal, Canada, Sept. 20, 2016 George R. MacCartney Jr., Sijia Deng, Shu Sun, and Theodore S.

390 views • 19 slides
Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 13 Argumentation in

Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 13 Argumentation in

Agent-Based Systems Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 13 Argumentation in Multiagent Systems 1 / 18 Agent-Based Systems Where are we? Last time . . . Bargaining Alternating offers Negotiation

219 views • 18 slides
NAFSN Good Food Talk Webinar in collaboration with eXtension Open Forum Community, Local,

NAFSN Good Food Talk Webinar in collaboration with eXtension Open Forum Community, Local,

NAFSN Good Food Talk Webinar in collaboration with eXtension Open Forum Community, Local, and Regional Food Systems (CLRFS) eXtension Network Best Practices in Diversity, Inclusion, and Racial Equity Training in Food Systems December 12,

690 views • 38 slides
PHP Extension W riting Marcus Brger Johannes Schlter PHP Quebec 2009 Creating PHP 5

PHP Extension W riting Marcus Brger Johannes Schlter PHP Quebec 2009 Creating PHP 5

PHP Extension W riting Marcus Brger Johannes Schlter PHP Quebec 2009 Creating PHP 5 Extension PHP Lifecycle Adding objects Adding iterators to objects Brger, Schlter PHP Extension Writing 2 How the slides work

1.11k views • 109 slides
Evolving Adabot: A Mobile Robot with Adjustable Wheel Extensions Motivation: Search and Rescue

Evolving Adabot: A Mobile Robot with Adjustable Wheel Extensions Motivation: Search and Rescue

Anthony J. Clark Missouri State University Evolving Adabot: A Mobile Robot with Adjustable Wheel Extensions Motivation: Search and Rescue anthonyjclark.com Approach for locating victims of a natural disaster Use a swarm of inexpensive

784 views • 31 slides

More recommend