Naif Mehanna (University of Lille, CNRS, Inria), Tomer Laor (Ben-Gurion University of the Negev)
Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users' browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods. Through extensive experimentation, we show that variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript.
In this talk, we focus on the experimental aspect of DrawnApart and the different steps that led to an effective GPU fingerprinting algorithm. In particular, we discuss how the inner core of DrawnApart was adapted to fit the constraints posed by unprivileged Javascript. We present a broader picture of the steps taken to choose the best parameters that made our method able to distinguish devices efficiently in most settings: more specifically, we discuss our experiments on the chosen arithmetic operators and the different timing methods. We also explain how we moved from a GPU-fingerprinting pipeline that is mostly suited for a lab-controlled scenario to a pipeline that works in a realistic open world scenario by abandoning classical machine learning techniques and adopting a deep-learning based approach.
We discuss how we implemented the state-of-the-art browser fingerprint tracking algorithm - FP-Stalker - and adapted it to the current state of the web. Finally, we emphasize the way that the DrawnApart deep-learning pipeline was introduced into FP-Stalker and tested on over 2,500 distinct devices collected through our AmIUnique platform over the period of several months.
Speakers' biographies
Naif Mehanna graduated in Electrical Engineering from the Polytechnique school of the University of Lille, France, in 2019. On September 2020, he enrolled in a PhD program at the University of Lille under the supervision of Dr. Walter Rudametkin. He is most motivated to work toward a safer and more private browsing experience. These interests are what drive his thesis, which focuses mostly on hardware browser fingerprinting and web tracking.
Tomer Laor is a MSc student at Ben Gurion University under the guidance of Dr. Yossi Oren. His main research interest is privacy, with an emphasis on hardware fingerprinting on the web using Machine Learning.