https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
EssentialFP: Exposing the Essence of Browser Fingerprinting
Chalmers Univ Technol, Gothenburg, Sweden.;TU Wien, Vienna, Austria..
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Chalmers Univ Technol, Gothenburg, Sweden..ORCID iD: 0000-0002-6621-8390
Chalmers Univ Technol, Gothenburg, Sweden..
2021 (English)In: 2021 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2021), IEEE , 2021, p. 32-48Conference paper, Published paper (Refereed)
Abstract [en]

Web pages aggressively track users for a variety of purposes from targeted advertisements to enhanced authentication. As browsers move to restrict traditional cookie-based tracking, web pages increasingly move to tracking based on browser fingerprinting. Unfortunately, the state-of-the-art to detect fingerprinting in browsers is often error-prone, resorting to imprecise heuristics and crowd-sourced filter lists. This paper presents EssentialFP, a principled approach to detecting fingerprinting on the web. We argue that the pattern of (i) gathering information from a wide browser API surface (multiple browser-specific sources) and (ii) communicating the information to the network (network sink) captures the essence of fingerprinting. This pattern enables us to clearly distinguish fingerprinting from similar types of scripts like analytics and polyfills. We demonstrate that information flow tracking is an excellent fit for exposing this pattern. To implement EssentialFP we leverage, extend, and deploy JSFlow, a state-of-the-art information flow tracker for JavaScript, in a browser. We illustrate the effectiveness of EssentialFP to spot fingerprinting on the web by evaluating it on two categories of web pages: one where the web pages perform analytics, use polyfills, and show ads, and one where the web pages perform authentication, bot detection, and fingerprinting-enhanced Alexa top pages.

Place, publisher, year, edition, pages
IEEE , 2021. p. 32-48
Keywords [en]
web security and privacy, browser fingerprinting, JavaScript, information flow
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-58636DOI: 10.1109/EuroSPW54576.2021.00011ISI: 000783965100004Scopus ID: 2-s2.0-85119059948ISBN: 978-1-6654-1012-0 (print)OAI: oai:DiVA.org:mdh-58636DiVA, id: diva2:1665918
Conference
6th IEEE European Symposium on Security and Privacy (Euro S and P), SEP 06-10, 2021, ELECTR NETWORK
Available from: 2022-06-08 Created: 2022-06-08 Last updated: 2022-06-15Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Hedin, Daniel

Search in DiVA

By author/editor
Hedin, Daniel
By organisation
Embedded Systems
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 12 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf