nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Tor Fingerprinting: Tor Browser Can Mitigate Browser Fingerprinting?

verfasst von : Takamichi Saito, Kazushi Takahashi, Koki Yasuda, Kazuhisa Tanabe, Masayuki Taneoka, Ryohei Hosoya

Erschienen in: Advances in Network-Based Information Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The onion router (Tor) is currently the most powerful and prominent tool to achieve online privacy on the Internet. As a browser, Tor can protect web users by not revealing the source or destination IP address, and it also prevents web tracking with HTTP cookies. Tor browser has been updated continuously to resist de-anonymizing attacks by restricting the browser’s functions, e.g., excluding all plugins such as Flash player. On March 2016, Jose Norte posted the article as “Advanced Tor Browser Fingerprinting” in his blog [37]. It suggested that browser fingerprinting can track Tor browser. In this paper, we examined how secure Tor browser version 5.5 is against browser fingerprinting. Our study concludes that Tor user accesses can be distinguished: 14.28% of Tor browser version 5.5 can be identified within two weeks at our experimental sites, although 70.0% of the older versions can. In this paper, we analyze the current features of Tor browser against browser fingerprinting and also show capabilities to track Tor browser accesses.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Neuro-Evolutionary Approach to Multi-objective Optimization in One-Player Mahjong

Nächstes Kapitel Study on Persuasion Effect of Computer Virus Measures Based on Collective Protection Motivation Theory

Ball, J., Schneier, B., Greenwald, G.: NSA and GCHQ target Tor network that protects anonymity of web users. http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption. Last accessed 15 Feb 2016

de Montjoye, Y.A., Radaelli, L., Singh, V.K., Pentland, A.: Science 347, 536–539 (2015)

Tor project: FAQ. https://www.torproject.org/docs/faq.html.en. Last accessed 15 Feb 2016

W3techs. http://w3techs.com. Last accessed 15 Feb 2016

OpenAM. http://openam.forgerock.org/. Last accessed 15 Feb 2016

Tor project. https://www.torproject.org/. Last accessed 15 Feb 2016

Perry, M., Perry, E., Murdoch, S.: The Design and Implementation of the Tor Browser DRAFT. https://www.torproject.org/projects/torbrowser/design/. Last accessed 15 Feb 2015

Panchenko, A., Niessen L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the 10th ACM Workshop on Privacy in the Electronic Society (2011)

Eckersley, P.: How Unique is Your Web Browser? In: Proceedings of the Privacy Enhancing Technologies Symposium. LNCS, vol. 6205 (2010)

10.

The WebKit Open Source Project. https://trac.webkit.org/wiki/Fingerprinting. Last accessed 15 Feb 2016

11.

Takei, N., Saito, T., Takasu, K., Yamada, T.: Web browser fingerprinting using only cascading style sheets. In: Proceedings of the 10th International Conference on Broadband and Wireless Computing, Communication and Applications (BWCCA) (2015)

12.

Takasu, K., Saito, T., Yamada, T., Ishikawa, T.: A survey of hardware features in modern browsers: 2015 edition. In: Proceedings of the 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS 2015) (2015)

13.

Mozilla wiki. https://wiki.mozilla.org/fingerprinting. Last accessed 15 Feb 2016

14.

Kwon, A., AlSabah, M., Lazar, D., Dacier, M., Devadas, S.: Circuit fingerprinting attacks: passive deanonymization of tor hidden services. In: Proceedings of the USENIX 2015 (2015)

15.

Boda, K., Földes, A., Gulyás, G., Imre, S.: User Tracking on the web via cross-browser fingerprinting. In: Proceedings of the 16th Nordic Conference on Information Security Technology for Applications (2011)

16.

Kiryu, N., Iso, Y., Kaneko, Y., Saito, T.: Estimation of Number of CPU Cores Using with Web Workers. In: Proceedings of the Computer Security Symposium (CSS 2014) (2014). (in Japanese)

17.

Panopticlick, How unique and trackable is your browser? https://panopticlick.eff.org. Last accessed 15 Feb 2016

18.

NoScript. https://noscript.net/. Last accessed 1 Feb 2015

19.

Fifield, D., Egelman, S.: Fingerprinting web users through font metrics. In: Proceedings of the Financial Cryptography and Data Security 2015. Lecture Notes in Computer Science, vol. 8975 (2015)

20.

Iovation Inc. https://www.iovation.com. Last accessed 15 Feb 2016

21.

BlueCava Inc. http://www.bluecava.com. Last accessed 15 Feb 2016

22.

41st Parameter Inc. http://www.the41.com/. Last accessed 1 May 2015

23.

AddThis Inc. http://www.addthis.com/. Last accessed 15 Feb 2016

24.

ThreatMetrix, https://www.threatmetrix.com/. Last accessed 15 Feb 2016

25.

Mowery, K., Shacham, H.: Pixel Perfect: Fingerprinting Canvas in HTML5. In: Proceedings of the Web 2.0 Security and Privacy (W2SP) (2012)

26.

Kiryu, N., Goto, H., Saito T.: A proposal of estimating of CPU architectures by JavaScript engine. In: Proceedings of the 75th National Convention of Information Processing Society of Japan (IPSJ) (2013). (in Japanese)

27.

Faizkhademi, A., Zulkernine, M., Weldemariam, K.: Empirical evaluation of web-based fingerprinting. IEEE Softw. 32, 46–52 (2015)

28.

Lu, T., Yao, P., Zhao, L., Li, Y., Xie, F., Xia, Y.: Towards attacks and defenses of anonymous communication systems. Int. J. Secur. Appl. 9(1), 313–328 (2015)

29.

Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of Web-based device fingerprinting. In: Proceedings of the 34th IEEE Symposium of Security and Privacy (IEEE S&P 2013) (2013)

30.

Boda, K., Földes, Á.M., Gulyás, G.G., Imre, S.: Tracking and Fingerprinting in E-Business: New Storageless Technologies and Countermeasures (2013)

31.

Upathilake, R., Yingkun, L., Matrawy, A.: A classification of web browser fingerprinting techniques. In: Proceedings of the IFIP New Technologies, Mobility, and Security (NTMS), pp. 1–5 (2015)

32.

Goodin, D.: How the NSA might use Hotmail, Yahoo or other cookies to identify Tor users. http://arstechnica.com/security/2013/10/how-the-nsa-might-use-hotmail-or-yahoo-cookies-to-identify-tor-users/. Last accessed 15 Feb 2016

33.

Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of 13th USENIX Security Symposium (2004)

34.

Alexa Internet, Inc. http://www.alexa.com. Last accessed 15 Feb 2016

35.

Doty, N.: Fingerprinting guidance for Web specification authors. http://w3c.github.io/fingerprinting-guidance/. Last accessed 16 Feb 2016

36.

Mulazzani, M., Reschl, P., Huber, M., Leithner, M., Schrittwieser, S., Weippl, E.: Fast and reliable browser identification with JavaScript engine fingerprinting. In: Proceedings of Web 2.0 Workshop on Security and Privacy (W2SP) (2013)

37.

Norte, J.: Advanced Tor Browser Fingerprinting. http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html. Last accessed 15 May 2016

Titel: Tor Fingerprinting: Tor Browser Can Mitigate Browser Fingerprinting?
verfasst von: Takamichi Saito
Kazushi Takahashi
Koki Yasuda
Kazuhisa Tanabe
Masayuki Taneoka
Ryohei Hosoya
Verlag: Springer International Publishing
Buch: Advances in Network-Based Information Systems
Print ISBN: 978-3-319-65520-8

Electronic ISBN: 978-3-319-65521-5

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-65521-5_44

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"