Naif Mehanna (University of Lille, CNRS, Inria), Tomer Laor (Ben-Gurion University of the Negev)

Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users' browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods. Through extensive experimentation, we show that variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript.

In this talk, we focus on the experimental aspect of DrawnApart and the different steps that led to an effective GPU fingerprinting algorithm. In particular, we discuss how the inner core of DrawnApart was adapted to fit the constraints posed by unprivileged Javascript. We present a broader picture of the steps taken to choose the best parameters that made our method able to distinguish devices efficiently in most settings: more specifically, we discuss our experiments on the chosen arithmetic operators and the different timing methods. We also explain how we moved from a GPU-fingerprinting pipeline that is mostly suited for a lab-controlled scenario to a pipeline that works in a realistic open world scenario by abandoning classical machine learning techniques and adopting a deep-learning based approach.

We discuss how we implemented the state-of-the-art browser fingerprint tracking algorithm - FP-Stalker - and adapted it to the current state of the web. Finally, we emphasize the way that the DrawnApart deep-learning pipeline was introduced into FP-Stalker and tested on over 2,500 distinct devices collected through our AmIUnique platform over the period of several months.

Speakers' biographies

Naif Mehanna graduated in Electrical Engineering from the Polytechnique school of the University of Lille, France, in 2019. On September 2020, he enrolled in a PhD program at the University of Lille under the supervision of Dr. Walter Rudametkin. He is most motivated to work toward a safer and more private browsing experience. These interests are what drive his thesis, which focuses mostly on hardware browser fingerprinting and web tracking.

Tomer Laor is a MSc student at Ben Gurion University under the guidance of Dr. Yossi Oren. His main research interest is privacy, with an emphasis on hardware fingerprinting on the web using Machine Learning.

View More Papers

The Truth Shall Set Thee Free: Enabling Practical Forensic...

Leonardo Babun (Florida International University), Amit Kumar Sikder (Florida International University), Abbas Acar (Florida International University), Selcuk Uluagac (Florida International...

Read More

PMTUD is not Panacea: Revisiting IP Fragmentation Attacks against...

Xuewei Feng (Tsinghua University), Qi Li (Tsinghua University), Kun Sun (George Mason University), Ke Xu (Tsinghua University), Baojun Liu (Tsinghua...

Read More

Hybrid Trust Multi-party Computation with Trusted Execution Environment

Pengfei Wu (School of Computing, National University of Singapore), Jianting Ning (College of Computer and Cyber Security, Fujian Normal University;...

Read More

Vehicle Lateral Motion Stability Under Wheel Lockup Attacks

Alireza Mohammadi (University of Michigan-Dearborn) and Hafiz Malik (University of Michigan-Dearborn)

Read More