fast and efficient browser identification with javascript
play

Fast and efficient Browser Identification with JavaScript Engine - PowerPoint PPT Presentation

Jun 09, 2023 •191 likes •539 views

Fast and efficient Browser Identification with JavaScript Engine Fingerprinting Martin Mulazzani , Philipp Reschl, Manuel Leithner, Markus Huber, Edgar Weippl SBA Research Vienna, Austria Outline Motivation & Background JavaScript Engine

  1. Fast and efficient Browser Identification with JavaScript Engine Fingerprinting Martin Mulazzani , Philipp Reschl, Manuel Leithner, Markus Huber, Edgar Weippl SBA Research Vienna, Austria

  2. Outline Motivation & Background JavaScript Engine Fingerprinting Methodology Minimal Fingerprints Decision Trees Evaluation Evaluation - Tor Browser Bundle Evaluation - Survey

  3. Motivation Browser Identification: ◮ Accurately identify the browser used by the client ◮ Webserver point-of-view ◮ Motivated by nmap for TCP/IP fingerprinting ◮ Limitations of UserAgent string: ◮ Can be set arbitrarily ◮ Not a security feature Different use cases: ◮ Detect UserAgent string manipulations ◮ Detect session hijacking ◮ Browser-specific malware

  4. Motivation Browser Identification: ◮ Accurately identify the browser used by the client ◮ Webserver point-of-view ◮ Motivated by nmap for TCP/IP fingerprinting ◮ Limitations of UserAgent string: ◮ Can be set arbitrarily ◮ Not a security feature Different use cases: ◮ Detect UserAgent string manipulations ◮ Detect session hijacking ◮ Browser-specific malware

  5. Browser Market Browser market currently very competitive: ◮ Man-years of development time ◮ Fight for market shares, especially smartphones ◮ Become more & more powerful (e.g., Cloud computing, HTML5, ...) ◮ New features: ◮ JIT, GPU rendering, remote rendering, Sandboxing ◮ Mostly performance or security

  6. Browser Market :)

  7. Methodology Our approach: ◮ Use JavaScript (ECMAScript 5.1) conformance tests ◮ test262 - http://test262.ecmascript.org ◮ Sputnik - http://sputnik.googlelabs.com ◮ More than 11.000 test cases ◮ Javascript engines fail at different test cases In the future: ◮ Enhance session security ◮ by locking session to specific browser version ◮ Increase user privacy ◮ by detecting (attacking) fingerprinting

  8. Methodology Our approach: ◮ Use JavaScript (ECMAScript 5.1) conformance tests ◮ test262 - http://test262.ecmascript.org ◮ Sputnik - http://sputnik.googlelabs.com ◮ More than 11.000 test cases ◮ Javascript engines fail at different test cases In the future: ◮ Enhance session security ◮ by locking session to specific browser version ◮ Increase user privacy ◮ by detecting (attacking) fingerprinting

  9. Methodology Our approach: ◮ Use JavaScript (ECMAScript 5.1) conformance tests ◮ test262 - http://test262.ecmascript.org ◮ Sputnik - http://sputnik.googlelabs.com ◮ More than 11.000 test cases ◮ Javascript engines fail at different test cases In the future: ◮ Enhance session security ◮ by locking session to specific browser version ◮ Increase user privacy ◮ by detecting (attacking) fingerprinting

  10. Related Work Recent paper by Mowery et.al, W2SP 2011 ◮ Use 39 Javascript benchmarks e.g., Sunspider or V8 Benachmark Suite ◮ Generate normalized fingerprint based on time pattern ◮ On average 190 seconds runtime Our approach: ◮ Takes less then 200ms (3 orders of magnitude faster) ◮ not stalling the CPU noticeably ◮ Few hundred lines of Javascript max. ◮ Collected > 150 OS and browser combinations

  11. Related Work Recent paper by Mowery et.al, W2SP 2011 ◮ Use 39 Javascript benchmarks e.g., Sunspider or V8 Benachmark Suite ◮ Generate normalized fingerprint based on time pattern ◮ On average 190 seconds runtime Our approach: ◮ Takes less then 200ms (3 orders of magnitude faster) ◮ not stalling the CPU noticeably ◮ Few hundred lines of Javascript max. ◮ Collected > 150 OS and browser combinations

  12. Related Work Other related work: ◮ EFF’s Panopticlick, PETS 2010 ◮ Mowery et.al, W2SP 2012 ◮ uses novel HTML5 features and WebGL rendering ◮ Upcoming paper on HTML5 and CSS3 features (ARES 2013)

  13. test262

  14. test262: Browser - OS Combinations

  15. test262: Browser - OS Combinations

  16. Distinguish Browsers Random subset of test262 test cases: Web Browser 15.4.4.4-5-c-i-1 13.0-13-s ✦ ✪ Opera 11.61 ✦ ✪ Firefox 10.0.1 ✪ ✦ Internet Explorer 9 ✪ ✪ Chrome 17 Web Browser S15.2.3.6 A1 10.6-7-1 S10.4.2.1 A1 ✪ ✪ ✪ Opera 11.61 ✪ ✦ ✪ Firefox 10.0.1 ✪ ✪ ✦ Internet Explorer 9 ✦ ✪ ✦ Chrome 17

  17. Two Methods Propose two different methods: 1. Minimal fingerprints ◮ Find out if a browser is lying about it’s UserAgent 2. Iterative decision trees ◮ Find browser with no a-priory knowledge Sharing is caring: ◮ Will release code & collected dataset ◮ Lost due to hardware failure ◮ Drop me an email for current version ◮ Always test your backups!

  18. Two Methods Propose two different methods: 1. Minimal fingerprints ◮ Find out if a browser is lying about it’s UserAgent 2. Iterative decision trees ◮ Find browser with no a-priory knowledge Sharing is caring: ◮ Will release code & collected dataset ◮ Lost due to hardware failure ◮ Drop me an email for current version ◮ Always test your backups!

  19. Minimal Fingerprints Goal: Determine minimal fingerprints 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate minimal fingerprints 4. For every client: Run fingerprints Result: If browser version ∈ testset: confirm browser version “Mind the gap:” ◮ Propably not for every testset solvable ◮ Can become “big”

  20. Minimal Fingerprints Goal: Determine minimal fingerprints 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate minimal fingerprints 4. For every client: Run fingerprints Result: If browser version ∈ testset: confirm browser version “Mind the gap:” ◮ Propably not for every testset solvable ◮ Can become “big”

  21. Decision Trees Goal: Minimize number of tests run at the client 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate uniqueness of every failed test case 4. Build binary decision tree, iteratively Result: Minimal path through decision tree for unknown browsers Benefits: ◮ O ( logn ) instead of O ( n ) ◮ Thus even faster ◮ Can be used as first stage for minimal fingerprinting

  22. Decision Trees Goal: Minimize number of tests run at the client 1. Define the testset (=set of browsers) 2. Collect failed test cases 3. Calculate uniqueness of every failed test case 4. Build binary decision tree, iteratively Result: Minimal path through decision tree for unknown browsers Benefits: ◮ O ( logn ) instead of O ( n ) ◮ Thus even faster ◮ Can be used as first stage for minimal fingerprinting

  23. Decision Trees 15.4.4.4- 5-c-i-1 10.6-7-1 13.0-13-s

  24. Evaluation - Tor Browser Bundle Basics Tor: ◮ Internet anonymization network ◮ Hides a user’s real IP adress ◮ Hundreds of thousands users every day ◮ Approx. 3000 servers run by volunteers Tor Browser Bundle: ◮ Among other features: Uniform UserAgent ◮ to increase size of the anonymity set ◮ Everything prepackaged (Tor, Vidalia, Firefox, ...) ◮ Runs without admin rights

  25. Evaluation - Tor Browser Bundle Basics Tor: ◮ Internet anonymization network ◮ Hides a user’s real IP adress ◮ Hundreds of thousands users every day ◮ Approx. 3000 servers run by volunteers Tor Browser Bundle: ◮ Among other features: Uniform UserAgent ◮ to increase size of the anonymity set ◮ Everything prepackaged (Tor, Vidalia, Firefox, ...) ◮ Runs without admin rights

  26. Evaluation - Tor Browser Bundle Uniform UserAgent: ◮ Tor - Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 ◮ Real - Mozilla/5.0 (X11; Linux x86 64; rv:9.0.1) Gecko/20111222 Firefox/9.0.1 Vulnerable to Javascript Engine Fingerprinting? ◮ Yes! ◮ Every Firefox > 3 . 5 can be easily distinguished ◮ Can harm user privacy and decrease anonymity set ◮ However, not a real attack on Tor

  27. Evaluation - Tor Browser Bundle Uniform UserAgent: ◮ Tor - Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 ◮ Real - Mozilla/5.0 (X11; Linux x86 64; rv:9.0.1) Gecko/20111222 Firefox/9.0.1 Vulnerable to Javascript Engine Fingerprinting? ◮ Yes! ◮ Every Firefox > 3 . 5 can be easily distinguished ◮ Can harm user privacy and decrease anonymity set ◮ However, not a real attack on Tor

  28. Evaluation - Tor Browser Bundle

  29. Evaluation - Survey Tested our fingerprinting with a survey: ◮ 189 participants ◮ Open for a few weeks in Summer 2011 ◮ 10 test cases per browser in testset ◮ Testset: ◮ IE 8 ◮ IE 9 ◮ Chrome 10 ◮ Firefox 4 Ground truth: ◮ UserAgent String ◮ Manual identification by participant

  30. Evaluation - Survey Tested our fingerprinting with a survey: ◮ 189 participants ◮ Open for a few weeks in Summer 2011 ◮ 10 test cases per browser in testset ◮ Testset: ◮ IE 8 ◮ IE 9 ◮ Chrome 10 ◮ Firefox 4 Ground truth: ◮ UserAgent String ◮ Manual identification by participant

  31. Evaluation - Survey Performance: ◮ All files: 24 Kilobytes ◮ Fingerprints: (4x) 2.500-3.000 Bytes ◮ 90 ms on average on PC ◮ 200 ms on average on smartphone Results: ◮ 175 out of 189 browsers covered by testset ◮ 100 % detection rate ◮ No false positives! ◮ 14 not covered were mostly smartphones ◮ 1 UserAgent manipulation discovered

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS

RequireJS Javascript Modules for the Browser By Ben Keith Quoin, Inc. Traditional Browser JS One global namespace Often inline JS code embedded directly in HTML Many <script> tags with hidden ordering dependencies Very

362 views • 15 slides
CE419 Session 5: JavaScript (cont'd) Web Programming 1 JavaScript & The Browser

CE419 Session 5: JavaScript (cont'd) Web Programming 1 JavaScript & The Browser

CE419 Session 5: JavaScript (cont'd) Web Programming 1 JavaScript & The Browser JavaScript can be included in HTML files with <script> tag. <!DOCTYPE html> <html> <head> <title>My home

898 views • 34 slides
AJAX, fetch, and Axios Asynchronous JavaScript? HTTP Requests in the Browser URL bar

AJAX, fetch, and Axios Asynchronous JavaScript? HTTP Requests in the Browser URL bar

AJAX, fetch, and Axios Asynchronous JavaScript? HTTP Requests in the Browser URL bar Links JavaScript window.location.href = http://www.google.com' Submitting forms (GET/POST) All of the above make the browser navigate

760 views • 16 slides
Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript

Browser Feature Usage on the Modern Web Summary Analysis of how frequently javascript features are used Feature defined as browser capability accessed through JavaScript function or property. Considers only sites in Alexa

523 views • 11 slides
Security Signature Inference for JavaScript-based Browser Addons Vineeth Kashyap , Ben Hardekopf

Security Signature Inference for JavaScript-based Browser Addons Vineeth Kashyap , Ben Hardekopf

Security Signature Inference for JavaScript-based Browser Addons Vineeth Kashyap , Ben Hardekopf University of California Santa Barbara CGO 2014 1 JavaScript-based Browser Addons 2 Addons: JavaScript with High Privileges 3

898 views • 56 slides
CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic programming language. Introduced in 1995 as a way to add programs to web pages in the Netscape Navigator browser. It has made modern web

795 views • 35 slides
Selenium Tutorial What is Selenium? Javascript framework that runs in your web- browser

Selenium Tutorial What is Selenium? Javascript framework that runs in your web- browser

Selenium Tutorial What is Selenium? Javascript framework that runs in your web- browser Works anywhere Javascript is supported Hooks for many other languages Java, Ruby, Python Can simulate a user navigating through pages and

310 views • 17 slides
Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg

Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg

Validating Javascript from Realworld Websites in a Browser-like Environment Sander Snajalg JavaScript (ECMAScript) Object-oriented / functional scripting language Dynamic typing Prototype inheritance Objects are dictionaries of properties

492 views • 19 slides
Taming JavaScript with Cloud9 IDE: a Tale of Tree Hugging Zef Hemel (@zef) .js browser.js

Taming JavaScript with Cloud9 IDE: a Tale of Tree Hugging Zef Hemel (@zef) .js browser.js

Taming JavaScript with Cloud9 IDE: a Tale of Tree Hugging Zef Hemel (@zef) .js browser.js db.js server.js *.js ~140,000 Tooling matters JavaScript Developer HTML CSS JavaScript HTML5 Client CSS3 JavaScript HTML5 Client CSS3

1.45k views • 87 slides
GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard girard.d@sfeir.com Sfeir CTO Member of OSSGTP Before starting, some questions Who knows javascript ? Who is a javascript expert ? Who knows java ?

1.57k views • 93 slides
J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript Java JavaScript is interpreted by the browser JavaScript 1/15 JS W HERE T O <!DOCTYPE html> <html> <head> <script

591 views • 15 slides
This presentation contains animations which require PDF browser which accepts JavaScript. For

This presentation contains animations which require PDF browser which accepts JavaScript. For

This presentation contains animations which require PDF browser which accepts JavaScript. For best results use Acrobat Reader. RSK problems theorem: bumping routes proof, the easy part proof, science fiction the end R obinson- S chensted- K

1.11k views • 85 slides
JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant (traditionally) to run entirely on the users browser Defined by the ECMAscript standard, published by the ECMA foundation JavaScript != Java,

657 views • 32 slides
ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich Benjamin Livshits UC Berkeley Microsoft Research Web Programmability Platform openid.net yelp.com adsense.com Google maps 2

727 views • 41 slides
Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly

Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly

Know Your Engines How to Make Your JavaScript Fast Dave Mandelin 8 November 2011 OReilly Velocity Europe Tuesday, November 8, 2011 JavaScript is getting really fast and programs are getting crazy Bullet physics engine (ammo.js) H.264

2.15k views • 184 slides
NDN in Javascript Ryan Bennett Colorado State University 1 A Bit of Background 2 Why

NDN in Javascript Ryan Bennett Colorado State University 1 A Bit of Background 2 Why

NDN in Javascript Ryan Bennett Colorado State University 1 A Bit of Background 2 Why Javascript? A fertile ground for NDN adoption Low deployment overhead in the browser JavaScript is moving from front-end to full stack Node.js

287 views • 14 slides
An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*,

An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*,

An End-to-End Measurement of Certificate Revocation in the Webs PKI Yabing Liu*, Will Tome*, Liang Zhang*, David Choffnes*, Dave Levin , Bruce Maggs , Alan Mislove*, Aaron Schulman , Christo Wilson* *Northeastern University

1.33k views • 65 slides
The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex

The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex

The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex Moshchuk, Sam King, Piali Choudhury, Herman Venter Browser as an application platform Single stop for many computing needs banking,

850 views • 30 slides
Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer

Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer

Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer www.adamhyde.net www.adamhyde.net Browser as Renderer www.adamhyde.net Browser as Renderer Book Sprints, zero to book in 3-5 days

225 views • 9 slides
Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing

Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing

Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing Mode Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acar, Sascha Fahl, Blase Ur https://FancyWines.com 2 Yuxi Wu, Miranda Wei | Your Secrets Are

851 views • 51 slides
EPUB in the Browser Ben Walters Principle Software Engineering Lead at Microsoft

EPUB in the Browser Ben Walters Principle Software Engineering Lead at Microsoft

EPUB in the Browser Ben Walters Principle Software Engineering Lead at Microsoft ben.walters@microsoft.com Warm up: how many people Warm up: how many people Build EPUB Reading Systems? Warm up: how many people Build

883 views • 23 slides
and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+

and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+

Private Browsing: an Inquiry on Usability and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+ *Rutgers University +Syracuse University Published in WPES 2014 What is private browsing? Introduced in

632 views • 21 slides
to WebKit for Wayland G_MAXUINT64 /* default value */, G_PARAM_READABLE | G_PARAM_WRITABLE |

to WebKit for Wayland G_MAXUINT64 /* default value */, G_PARAM_READABLE | G_PARAM_WRITABLE |

static void _f_do_barnacle_install_properties(GObjectClass *gobject_class) { Browsers for the GParamSpec *pspec; /* Party code attribute */ pspec = g_param_spec_uint64 automotive: an introduction (F_DO_BARNACLE_CODE, "Barnacle

1.01k views • 26 slides
Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez

Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez

Building a Browser for Automotive: Alternatives, Challenges and Recommendations Juan J. Snchez Automotive Linux Summit 2015, Tokyo Myself, Igalia and Webkit/Chromium Co-founder of Igalia Open source consultancy founded in 2001 Igalia is

950 views • 51 slides

More recommend