Naif Mehanna (University of Lille, CNRS, Inria), Tomer Laor (Ben-Gurion University of the Negev)

Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users' browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods. Through extensive experimentation, we show that variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript.

In this talk, we focus on the experimental aspect of DrawnApart and the different steps that led to an effective GPU fingerprinting algorithm. In particular, we discuss how the inner core of DrawnApart was adapted to fit the constraints posed by unprivileged Javascript. We present a broader picture of the steps taken to choose the best parameters that made our method able to distinguish devices efficiently in most settings: more specifically, we discuss our experiments on the chosen arithmetic operators and the different timing methods. We also explain how we moved from a GPU-fingerprinting pipeline that is mostly suited for a lab-controlled scenario to a pipeline that works in a realistic open world scenario by abandoning classical machine learning techniques and adopting a deep-learning based approach.

We discuss how we implemented the state-of-the-art browser fingerprint tracking algorithm - FP-Stalker - and adapted it to the current state of the web. Finally, we emphasize the way that the DrawnApart deep-learning pipeline was introduced into FP-Stalker and tested on over 2,500 distinct devices collected through our AmIUnique platform over the period of several months.

Speakers' biographies

Naif Mehanna graduated in Electrical Engineering from the Polytechnique school of the University of Lille, France, in 2019. On September 2020, he enrolled in a PhD program at the University of Lille under the supervision of Dr. Walter Rudametkin. He is most motivated to work toward a safer and more private browsing experience. These interests are what drive his thesis, which focuses mostly on hardware browser fingerprinting and web tracking.

Tomer Laor is a MSc student at Ben Gurion University under the guidance of Dr. Yossi Oren. His main research interest is privacy, with an emphasis on hardware fingerprinting on the web using Machine Learning.

View More Papers

PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against...

Xuewei Feng (Tsinghua University), Qi Li (Tsinghua University), Kun Sun (George Mason University), Ke Xu (Tsinghua University), Baojun Liu (Tsinghua University), Xiaofeng Zheng (Institute for Network Sciences and Cyberspace, Tsinghua University; QiAnXin Technology Research Institute & Legendsec Information Technology (Beijing) Inc.), Qiushi Yang (QiAnXin Technology Research Institute & Legendsec Information Technology (Beijing) Inc.), Haixin Duan…

Read More

Fine-Grained Coverage-Based Fuzzing

Bernard Nongpoh (Université Paris Saclay), Marwan Nour (Université Paris Saclay), Michaël Marcozzi (Université Paris Saclay), Sébastien Bardin (Université Paris Saclay)

Read More

Get a Model! Model Hijacking Attack Against Machine Learning...

Ahmed Salem (CISPA Helmholtz Center for Information Security), Michael Backes (CISPA Helmholtz Center for Information Security), Yang Zhang (CISPA Helmholtz Center for Information Security)

Read More

Analyzing and Creating Malicious URLs: A Comparative Study on...

Vincent Drury (IT-Security Research Group, RWTH Aachen University), Rene Roepke (Learning Technologies Research Group, RWTH Aachen University), Ulrik Schroeder (Learning Technologies Research Group, RWTH Aachen University), Ulrike Meyer (IT-Security Research Group, RWTH Aachen University)

Read More