Abstract
Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users’ privacy is to make them switch between different machine and browser configurations. We propose a formalisation of this privacy enforcement mechanism. We use information-theoretic channels to model the knowledge of the tracker and the fingerprinting program, and show how to synthesise a randomisation mechanism that defines the distribution of configurations for each user. This mechanism provides a strong guarantee of privacy (the probability of identifying the user is bounded by a given threshold) while maximising usability (the user switches to other configurations rarely). To find an optimal solution, we express the enforcement problem of randomisation by a linear program. We investigate and compare several approaches to randomisation and find that more efficient privacy enforcement would often provide lower usability. Finally, we relax the requirement of knowing the fingerprinting program in advance, by proposing a randomisation mechanism that guarantees privacy for an arbitrary program.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Acar, G., Juárez, M., Nikiforakis, N., Díaz, C., Gürses, S.F., Piessens, F., Preneel, B.: FPDetective: dusting the web for fingerprinters. In: CCS 2013, pp. 1129–1140. ACM (2013)
Besson, F., Bielova, N., Jensen, T.: Hybrid information flow monitoring against web tracking. In: CSF 2013, pp. 240–254. IEEE (2013)
Besson, F., Bielova, N., Jensen, T.: Enforcing browser anonymity with quantitative information flow. Technical Report 8532, Inria (2014)
Bielova, N., Palladino, P.: Stopfingerprinting (2013), https://stopfingerprinting.inria.fr/
Boda, K.: Firegloves, http://fingerprint.pet-portal.eu/?menu=6
Clarkson, M.R., Myers, A.C., Schneider, F.B.: Quantifying information flow with beliefs. Journal of Computer Security 17(5), 655–701 (2009)
Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley (2006)
Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)
Eckersley, P.: The Panopticlick project, https://panopticlick.eff.org
Espinoza, B., Smith, G.: Min-entropy as a resource. Inf. Comp. 226, 57–75 (2013)
Gretz, F., Katoen, J.-P., McIver, A.: Operational versus weakest precondition semantics for the probabilistic guarded command language. In: QEST, pp. 168–177. IEEE (2012)
Klebanov, V.: Precise quantitative information flow analysis - a symbolic approach. Theor. Comput. Sci. 538, 124–139 (2014)
Klebanov, V., Manthey, N., Muise, C.: SAT-based analysis and quantification of information flow in programs. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 177–192. Springer, Heidelberg (2013)
Köpf, B., Rybalchenko, A.: Approximation and randomization for quantitative information-flow analysis. In: CSF 2010, pp. 3–14. IEEE (2010)
Mardziel, P., Magill, S., Hicks, M., Srivatsa, M.: Dynamic Enforcement of Knowledge-based Security Policies. In: CSF 2011, pp. 114–128. IEEE (2011)
Mardziel, P., Magill, S., Hicks, M., Srivatsa, M.: Dynamic enforcement of knowledge-based security policies using probabilistic abstract interpretation. Journal of Computer Security 21(4), 463–532 (2013)
Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In: IEEE Symposium on Security and Privacy, pp. 541–555 (2013)
Rastogi, V., Hay, M., Miklau, G., Suciu, D.: Relationship privacy: Output perturbation for queries with joins. In: PODS 2009, pp. 107–116. ACM (2009)
Schrijver, A.: Theory of Linear and Integer Programming. Wiley (1998)
Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(5), 571–588 (2002)
Verdoolaege, S., Seghir, R., Beyls, K., Loechner, V., Bruynooghe, M.: Counting integer points in parametric polytopes using barvinok’s rational functions. Algorithmica 48(1), 37–66 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Besson, F., Bielova, N., Jensen, T. (2014). Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach. In: Bernsmed, K., Fischer-Hübner, S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science(), vol 8788. Springer, Cham. https://doi.org/10.1007/978-3-319-11599-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-11599-3_11
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11598-6
Online ISBN: 978-3-319-11599-3
eBook Packages: Computer ScienceComputer Science (R0)