Collin Jackson
Dan Boneh
John C. Mitchell
ABSTRACT
Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. This tracking is possible because persistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a "same-origin" policy and implementing two browser extensions that enforce this policy on the browser cache and visited links.We also analyze various degrees of cooperation between sites to track users, and show that even if long-term browser state is properly partitioned, it is still possible for sites to use modern web features to bounce users between sites and invisibly engage in cross-domain tracking of their visitors. Cooperative privacy attacks are an unavoidable consequence of all persistent browser state that affects the behavior of the browser, and disabling or frequently expiring this state is the only way to achieve true privacy against colluding parties.
- A. Clover. Css visited pages disclosure, 2002. http://seclists.org/lists/bugtraq/2002/Feb/0271.html.Google Scholar
- W. W. W. Consortium. P3P public overview, 2005. http://www.w3.org/P3P/.Google Scholar
- E. W. Felten and M. A. Schneider. Timing attacks on web privacy. In ACM Conference on Computer and Communications Security, pages 25--32, 2000. Google ScholarDigital Library
- M. Jakobsson, T. Jagatic, and S. Stamm. Phishing for clues: Inferring context using cascading style sheets and browser history, 2005. http://www.browser-recon.info/.Google Scholar
- M. Jakobsson and A. Juels. The positive face of cache cookies, 2005.Google Scholar
- M. Jakobsson and S. Stamm. Invasive browser sniffing and countermeasures. Manuscript, 2005.Google Scholar
- D. Kristol and L. Montulli. RFC 2109: HTTP state management mechanism, Feb. 1997. Google ScholarDigital Library
- Mozilla.org. Bugzilla bug 147777, 2002. https://bugzilla.mozilla.org/show_bug.cgi?id=147777.Google Scholar
- J. Nielsen. Change the color of visited links, 2004. http://www.useit.com/alertbox/20040503.html.Google Scholar
- J. Ruderman. The same origin policy, 2001. http://www.mozilla.org/projects/security/components/same-origin.html.Google Scholar
- A. Wolman, G. Voelker, N. Sharma, N. Cardwell, M. Brown, T. Landray, D. Pinnel, A. Karlin, and H. Levy. Organization-based analysis of web-object sharing and caching. In Proceedings of Second USENIX Symposium on Internet Technologies and Systems, pages 25--36, 1999. Google ScholarDigital Library
Index Terms
- Protecting browser state from web privacy attacks
Recommendations
Exposing private information by timing web applications
WWW '07: Proceedings of the 16th international conference on World Wide WebWe show that the time web sites take to respond to HTTP requests can leak private information, using two different types of attacks. The first, direct timing, directly measures response times from a web site to expose private information such as ...
Security and identification indicators for browsers against spoofing and phishing attacks
In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several ...
Cache Cookies for Browser Authentication (Extended Abstract)
SP '06: Proceedings of the 2006 IEEE Symposium on Security and PrivacyLike conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security ...
Comments