Naif Mehanna (University of Lille, CNRS, Inria), Tomer Laor (Ben-Gurion University of the Negev)

Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users' browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods. Through extensive experimentation, we show that variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript.

In this talk, we focus on the experimental aspect of DrawnApart and the different steps that led to an effective GPU fingerprinting algorithm. In particular, we discuss how the inner core of DrawnApart was adapted to fit the constraints posed by unprivileged Javascript. We present a broader picture of the steps taken to choose the best parameters that made our method able to distinguish devices efficiently in most settings: more specifically, we discuss our experiments on the chosen arithmetic operators and the different timing methods. We also explain how we moved from a GPU-fingerprinting pipeline that is mostly suited for a lab-controlled scenario to a pipeline that works in a realistic open world scenario by abandoning classical machine learning techniques and adopting a deep-learning based approach.

We discuss how we implemented the state-of-the-art browser fingerprint tracking algorithm - FP-Stalker - and adapted it to the current state of the web. Finally, we emphasize the way that the DrawnApart deep-learning pipeline was introduced into FP-Stalker and tested on over 2,500 distinct devices collected through our AmIUnique platform over the period of several months.

Speakers' biographies

Naif Mehanna graduated in Electrical Engineering from the Polytechnique school of the University of Lille, France, in 2019. On September 2020, he enrolled in a PhD program at the University of Lille under the supervision of Dr. Walter Rudametkin. He is most motivated to work toward a safer and more private browsing experience. These interests are what drive his thesis, which focuses mostly on hardware browser fingerprinting and web tracking.

Tomer Laor is a MSc student at Ben Gurion University under the guidance of Dr. Yossi Oren. His main research interest is privacy, with an emphasis on hardware fingerprinting on the web using Machine Learning.

View More Papers

Uncovering Cross-Context Inconsistent Access Control Enforcement in Android

Hao Zhou (The Hong Kong Polytechnic University), Haoyu Wang (Beijing University of Posts and Telecommunications), Xiapu Luo (The Hong Kong Polytechnic University), Ting Chen (University of Electronic Science and Technology of China), Yajin Zhou (Zhejiang University), Ting Wang (Pennsylvania State University)

Read More

Shipping security at scale in the Chrome browser

Adriana Porter Felt (Director of Engineering for Chrome)

Read More

FANDEMIC: Firmware Attack Construction and Deployment on Power Management...

Ryan Tsang (University of California, Davis), Doreen Joseph (University of California, Davis), Qiushi Wu (University of California, Davis), Soheil Salehi (University of California, Davis), Nadir Carreon (University of Arizona), Prasant Mohapatra (University of California, Davis), Houman Homayoun (University of California, Davis)

Read More

Demo #11: Understanding the Effects of Paint Colors on...

Shaik Sabiha (University at Buffalo), Keyan Guo (University at Buffalo), Foad Hajiaghajani (University at Buffalo), Chunming Qiao (University at Buffalo), Hongxin Hu (University at Buffalo) and Ziming Zhao (University at Buffalo)

Read More