Fingerprinting Information in JavaScript Implementations Keaton - - PowerPoint PPT Presentation

fingerprinting information in javascript implementations
SMART_READER_LITE
LIVE PREVIEW

Fingerprinting Information in JavaScript Implementations Keaton - - PowerPoint PPT Presentation

Sep 16, 2022 420 likes •686 views

Fingerprinting Information in JavaScript Implementations Keaton Mowery, Dillon Bogenreif, Scott Yilek, and Hovav Shacham Thursday, May 26, 2011 Authentication Usernames and Passwords weakening Third-party data loss can compromise

slide-1
SLIDE 1

Fingerprinting Information in JavaScript Implementations

Keaton Mowery, Dillon Bogenreif, Scott Yilek, and Hovav Shacham

Thursday, May 26, 2011

slide-2
SLIDE 2

Authentication

  • Usernames and Passwords weakening
  • Third-party data loss can compromise

your user accounts

Thursday, May 26, 2011

slide-3
SLIDE 3

Extra Authentication

  • Two-Factor Authentication
  • Secure but inconvenient
  • User Fingerprinting
  • Geolocation
  • Browser Metadata
  • System Architecture
  • Browser Environment

Thursday, May 26, 2011

slide-4
SLIDE 4

Fingerprinting for Good and Evil

  • User Authentication
  • Protect high-value accounts
  • User Identification
  • Deanonymize, track across sessions

Thursday, May 26, 2011

slide-5
SLIDE 5

Browser Metadata

  • Examine and record browser family,

version, and operating system

  • If the configuration changes, check for

account compromise

  • Easy data to collect

Thursday, May 26, 2011

slide-6
SLIDE 6

Many Techniques for Browser Fingerprinting

Thursday, May 26, 2011

slide-7
SLIDE 7

Near Future

NoScript Whitelist Fingerprinting JavaScript Performance Fingerprinting

Thursday, May 26, 2011

slide-8
SLIDE 8

Near Future

NoScript Whitelist Fingerprinting JavaScript Performance Fingerprinting

Thursday, May 26, 2011

slide-9
SLIDE 9

Extension Verification

  • Users customize browser behavior with

extensions

  • Previously-observed extension behavior

provides an identity signal

  • Sudden absence of extensions increases

likelihood of account hijack

Thursday, May 26, 2011

slide-10
SLIDE 10

NoScript

  • NoScript provides JavaScript policy
  • Default Deny
  • Whitelisted domains may execute code
  • Whitelist contents are user-defined
  • Radical changes may indicate account hijack
  • Entries could reveal private information

Thursday, May 26, 2011

slide-11
SLIDE 11

Example NoScript Probe

<html> <head> <script type="text/javascript" src="http://www.google.com/accounts/hosted/helpcenter/ js/tooltips/TooltipLoader.js"> </script> <script type="text/javascript"> if ("XML_STATUS_OKAY" in window) { // google.com can run JavaScript } else { // google.com cannot run JavaScript } </script> </head><body></body> </html>

Thursday, May 26, 2011

slide-12
SLIDE 12

Example NoScript Probe

<html> <head> <script type="text/javascript" src="http://www.google.com/accounts/hosted/helpcenter/ js/tooltips/TooltipLoader.js"> </script> <script type="text/javascript"> if ("XML_STATUS_OKAY" in window) { // google.com can run JavaScript } else { // google.com cannot run JavaScript } </script> </head><body></body> </html>

Thursday, May 26, 2011

slide-13
SLIDE 13

Example NoScript Probe

<html> <head> <script type="text/javascript" src="http://www.google.com/accounts/hosted/helpcenter/ js/tooltips/TooltipLoader.js"> </script> <script type="text/javascript"> if ("XML_STATUS_OKAY" in window) { // google.com can run JavaScript } else { // google.com cannot run JavaScript } </script> </head><body></body> </html>

Thursday, May 26, 2011

slide-14
SLIDE 14

At Scale

  • Crawled Alexa Top 1,000 Domains
  • Generated 689 whitelist probes
  • Created test suite for all 689 domains
  • 120s with NoScript disabled
  • 23s with NoScript enabled

Thursday, May 26, 2011

slide-15
SLIDE 15

Near Future

NoScript Whitelist Fingerprinting JavaScript Performance Fingerprinting

Thursday, May 26, 2011

slide-16
SLIDE 16

Near Future

NoScript Whitelist Fingerprinting JavaScript Performance Fingerprinting

Thursday, May 26, 2011

slide-17
SLIDE 17

JavaScript Fingerprinting

  • Fingerprint JavaScript performance
  • 1. Measure time to execute various JS snippets
  • 2. Normalize to build fingerprint vector
  • Unforgeable
  • Agnostic to JavaScript features

Thursday, May 26, 2011

slide-18
SLIDE 18

Snippet Selection

  • Off-the-Shelf JavaScript Benchmarks
  • 26 tests from SunSpider
  • 9 tests from V8 Benchmark Suite
  • 4 custom tests
  • Benchmarks characterize browser

performance

Thursday, May 26, 2011

slide-19
SLIDE 19

Browser Detection

Thursday, May 26, 2011

slide-20
SLIDE 20

Ask Everyone You Know

  • Collected 1,015 data samples on

Amazon Mechanical Turk

  • JavaScript Fingerprint
  • User reported:
  • Operating System
  • CPU Architecture, Speed, and Cores
  • RAM

Thursday, May 26, 2011

slide-21
SLIDE 21

Browser Classification

  • 24 Major Browser Versions
  • Chrome, Firefox, IE, Safari, Opera,

SeaMonkey

  • Generated characteristic fingerprint for each
  • 79.8% accuracy on all 1,015 samples

Thursday, May 26, 2011

slide-22
SLIDE 22

Chrome Versioning

  • Over 85% of misclassifications
  • Chrome 6.0 to Chrome 11.0 in 7+ months

6.0 7.0 8.0 9.0 10.0 11.0 Chrome 6.0

  • 0.18

0.19 0.17 0.25 0.25 Chrome 7.0 0.18

  • 0.09

0.16 0.25 0.24 Chrome 8.0 0.19 0.09

  • 0.17

0.27 0.26 Chrome 9.0 0.17 0.16 0.17

  • 0.17

0.18 Chrome 10.0 0.25 0.25 0.27 0.17

  • 0.09

Chrome 11.0 0.25 0.24 0.26 0.18 0.09

  • Thursday, May 26, 2011
slide-23
SLIDE 23

Operating System Detection

  • Small effect on fingerprints
  • Examined 403 Firefox 3.6 samples
  • Windows: 98.5% correct
  • OS X: 100% correct
  • Linux: 25% correct

Thursday, May 26, 2011

slide-24
SLIDE 24

Processor Architecture Detection

  • Unavailable through JavaScript APIs
  • JITs expose low-level behavior
  • 15 processor architectures
  • Core 2, Pentium Dual Core, Pentium 4,

Athlon 64...

  • 45.3% accuracy

Thursday, May 26, 2011

slide-25
SLIDE 25

Conclusions

  • NoScript Whitelist Fingerprinting
  • Extensions can be fingerprinted
  • User-defined state can be extracted
  • JavaScript Performance Fingerprinting
  • Proof-of-concept based on JS benchmarks
  • Browser, OS, and Architecture detection
  • Unforgable fingerprint

Thursday, May 26, 2011

slide-26
SLIDE 26

Thank You!

Questions?

Thursday, May 26, 2011