Naif Mehanna (University of Lille, CNRS, Inria), Tomer Laor (Ben-Gurion University of the Negev)

Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users' browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods. Through extensive experimentation, we show that variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript.

In this talk, we focus on the experimental aspect of DrawnApart and the different steps that led to an effective GPU fingerprinting algorithm. In particular, we discuss how the inner core of DrawnApart was adapted to fit the constraints posed by unprivileged Javascript. We present a broader picture of the steps taken to choose the best parameters that made our method able to distinguish devices efficiently in most settings: more specifically, we discuss our experiments on the chosen arithmetic operators and the different timing methods. We also explain how we moved from a GPU-fingerprinting pipeline that is mostly suited for a lab-controlled scenario to a pipeline that works in a realistic open world scenario by abandoning classical machine learning techniques and adopting a deep-learning based approach.

We discuss how we implemented the state-of-the-art browser fingerprint tracking algorithm - FP-Stalker - and adapted it to the current state of the web. Finally, we emphasize the way that the DrawnApart deep-learning pipeline was introduced into FP-Stalker and tested on over 2,500 distinct devices collected through our AmIUnique platform over the period of several months.

Speakers' biographies

Naif Mehanna graduated in Electrical Engineering from the Polytechnique school of the University of Lille, France, in 2019. On September 2020, he enrolled in a PhD program at the University of Lille under the supervision of Dr. Walter Rudametkin. He is most motivated to work toward a safer and more private browsing experience. These interests are what drive his thesis, which focuses mostly on hardware browser fingerprinting and web tracking.

Tomer Laor is a MSc student at Ben Gurion University under the guidance of Dr. Yossi Oren. His main research interest is privacy, with an emphasis on hardware fingerprinting on the web using Machine Learning.

View More Papers

PoF: Proof-of-Following for Vehicle Platoons

Ziqi Xu (University of Arizona), Jingcheng Li (University of Arizona), Yanjun Pan (University of Arizona), Loukas Lazos (University of Arizona, Tucson), Ming Li (University of Arizona, Tucson), Nirnimesh Ghose (University of Nebraska–Lincoln)

Read More

Multi-Certificate Attacks against Proof-of-Elapsed-Time and Their Countermeasures

Huibo Wang (Baidu Security), Guoxing Chen (Shanghai Jiao Tong University), Yinqian Zhang (Southern University of Science and Technology), Zhiqiang Lin (Ohio State University)

Read More

A Study on Security and Privacy Practices in Danish...

Asmita Dalela (IT University of Copenhagen), Saverio Giallorenzo (Department of Computer Science and Engineering - University of Bologna), Oksana Kulyk (ITU Copenhagen), Jacopo Mauro (University of Southern Denmark), Elda Paja (IT University of Copenhagen)

Read More

DRAWN APART: A Device Identification Technique based on Remote...

Tomer Laor (Ben-Gurion Univ. of the Negev), Naif Mehanna and Antonin Durey (Univ. Lille / Inria), Vitaly Dyadyuk (Ben-Gurion Univ. of the Negev), Pierre Laperdrix (CNRS, Univ. Lille, Inria Lille), Clémentine Maurice (CNRS), Yossi Oren (Ben-Gurion Univ. of the Negev), Romain Rouvoy (Univ. Lille / Inria / IUF), Walter Rudametkin (Univ. Lille / Inria), Yuval…

Read More