摘要
浏览器指纹是一项识别用户浏览器的新技术,它能够通过用户使用浏览器的各种独一无二的特征来区别不同用户并标记。浏览器指纹可以被用于广告营销和对抗网络诈骗,同时也可以被攻击者用来跟踪用户。为了保护用户隐私安全,研究者们提出了多种解决方案来避免用户被跟踪。最新的防御方法是在不影响用户使用的前提下,对浏览器指纹中的关键属性随机化,破坏用户不同会话间的关联性。针对这样的防御方法,为了能够准确得到用户浏览器指纹,文章采用了统计和侧信道攻击的方法,并根据观察所得的浏览器指纹关键属性的随机值,还原出了浏览器指纹中关键属性的真实值,从而达到区分和跟踪用户的目的。实验结果表明,该方法还原浏览器指纹的精确度超过了98%。
Browser’s fingerprint is a new technology used as a unique identifier for the user,it can learn enough information about your browser to uniquely distinguish you from all the other visitors to that site. When it is used to marketing advertising and defend fraud, attackers use this technology to track users at the same time. To protect users’ privacy, researchers have proposed many solutions to avoid being tracked. One of the newest is randomizing key attributes of browser’s fingerprint to disruptive relevance between user’s different sessions. This paper proposed an attack on a recent proposal that randomizes browser features to defeat fingerprinting and demonstrated the attack’s effectiveness. With a statistics method and Side-channel attack method, this paper can restore the truth of the key attribute of browser’s fingerprint and distinguishdifferent users. The experimental results show that with our method, the accuracy of restore the browser’s fingerprint is more than 98%.
作者
张良峰
汪毅
吴源燚
孔睿
ZHANG Liangfeng;WANG Yi;WU Yuanyi;KONG Rui(Shanghai Institute ofMicrosystem and Information Technology,Shanghai 200050,China;School of Information Science and Technology of Shanghai Tech University,Shanghai 201210,China;University ofChinese Academy ofSciences,Beijing 100029,China;National Key Laboratory of Science and Technology on Information System Security,Beijing 100101,China)
出处
《信息网络安全》
CSCD
北大核心
2019年第11期49-55,共7页
Netinfo Security
基金
国家自然科学基金[61602304]
关键词
浏览器隐私
设备指纹
侧信道攻击
随机化
假设检验
browser privacy
fingerprint
side-channel attack
randomize
hypothesis testing
