Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach
International audience Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users' privacy is to make them switch between different machine and browser configurati...
Main Authors: | , , |
---|---|
Other Authors: | , , , , , , , , , , , |
Format: | Conference Object |
Language: | English |
Published: |
HAL CCSD
2014
|
Subjects: | |
Online Access: | https://inria.hal.science/hal-01081037 https://inria.hal.science/hal-01081037/document https://inria.hal.science/hal-01081037/file/enforcing_abstract.pdf https://doi.org/10.1007/978-3-319-11599-3_11 |
id |
ftanrparis:oai:HAL:hal-01081037v1 |
---|---|
record_format |
openpolar |
institution |
Open Polar |
collection |
Portail HAL-ANR (Agence Nationale de la Recherche) |
op_collection_id |
ftanrparis |
language |
English |
topic |
privacy web tracking [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL] [INFO.INFO-WB]Computer Science [cs]/Web [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
spellingShingle |
privacy web tracking [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL] [INFO.INFO-WB]Computer Science [cs]/Web [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] Besson, Frédéric Bielova, Nataliia Jensen, Thomas Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach |
topic_facet |
privacy web tracking [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL] [INFO.INFO-WB]Computer Science [cs]/Web [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
description |
International audience Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users' privacy is to make them switch between different machine and browser configurations. We propose a formalisation of this privacy enforcement mechanism. We use information-theoretic channels to model the knowledge of the tracker and the fingerprinting program, and show how to synthesise a randomisation mechanism that defines the distribution of configurations for each user. This mechanism provides a strong guarantee of privacy (the probability of identifying the user is bounded by a given threshold) while maximising usability (the user switches to other configurations rarely). To find an optimal solution, we express the enforcement problem of randomisation by a linear program. We investigate and compare several approaches to randomisation and find that more efficient privacy enforcement would often provide lower usability. Finally, we relax the requirement of knowing the fingerprinting program in advance, by proposing a randomisation mechanism that guarantees privacy for an arbitrary program. |
author2 |
Software certification with semantic analysis (CELTIQUE) Inria Rennes – Bretagne Atlantique Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-LANGAGE ET GÉNIE LOGICIEL (IRISA-D4) Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA) Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes) Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes) Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA) Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS) Secure Diffuse Programming (INDES) Inria Sophia Antipolis - Méditerranée (CRISAM) Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria) ANR-10-LABX-0007,COMIN Labs,Digital Communication and Information Sciences for the Future Internet(2010) |
format |
Conference Object |
author |
Besson, Frédéric Bielova, Nataliia Jensen, Thomas |
author_facet |
Besson, Frédéric Bielova, Nataliia Jensen, Thomas |
author_sort |
Besson, Frédéric |
title |
Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach |
title_short |
Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach |
title_full |
Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach |
title_fullStr |
Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach |
title_full_unstemmed |
Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach |
title_sort |
browser randomisation against fingerprinting: a quantitative information flow approach |
publisher |
HAL CCSD |
publishDate |
2014 |
url |
https://inria.hal.science/hal-01081037 https://inria.hal.science/hal-01081037/document https://inria.hal.science/hal-01081037/file/enforcing_abstract.pdf https://doi.org/10.1007/978-3-319-11599-3_11 |
op_coverage |
Tromsø, Norway |
genre |
Tromsø |
genre_facet |
Tromsø |
op_source |
Nordic Conference on Secure IT Systems (NordSec 2014) https://inria.hal.science/hal-01081037 Nordic Conference on Secure IT Systems (NordSec 2014), Oct 2014, Tromsø, Norway. ⟨10.1007/978-3-319-11599-3_11⟩ |
op_relation |
info:eu-repo/semantics/altIdentifier/doi/10.1007/978-3-319-11599-3_11 hal-01081037 https://inria.hal.science/hal-01081037 https://inria.hal.science/hal-01081037/document https://inria.hal.science/hal-01081037/file/enforcing_abstract.pdf doi:10.1007/978-3-319-11599-3_11 |
op_rights |
info:eu-repo/semantics/OpenAccess |
op_doi |
https://doi.org/10.1007/978-3-319-11599-3_11 |
container_start_page |
181 |
op_container_end_page |
196 |
_version_ |
1810483808473972736 |
spelling |
ftanrparis:oai:HAL:hal-01081037v1 2024-09-15T18:39:26+00:00 Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach Besson, Frédéric Bielova, Nataliia Jensen, Thomas Software certification with semantic analysis (CELTIQUE) Inria Rennes – Bretagne Atlantique Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-LANGAGE ET GÉNIE LOGICIEL (IRISA-D4) Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA) Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes) Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes) Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA) Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS) Secure Diffuse Programming (INDES) Inria Sophia Antipolis - Méditerranée (CRISAM) Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria) ANR-10-LABX-0007,COMIN Labs,Digital Communication and Information Sciences for the Future Internet(2010) Tromsø, Norway 2014-10-15 https://inria.hal.science/hal-01081037 https://inria.hal.science/hal-01081037/document https://inria.hal.science/hal-01081037/file/enforcing_abstract.pdf https://doi.org/10.1007/978-3-319-11599-3_11 en eng HAL CCSD info:eu-repo/semantics/altIdentifier/doi/10.1007/978-3-319-11599-3_11 hal-01081037 https://inria.hal.science/hal-01081037 https://inria.hal.science/hal-01081037/document https://inria.hal.science/hal-01081037/file/enforcing_abstract.pdf doi:10.1007/978-3-319-11599-3_11 info:eu-repo/semantics/OpenAccess Nordic Conference on Secure IT Systems (NordSec 2014) https://inria.hal.science/hal-01081037 Nordic Conference on Secure IT Systems (NordSec 2014), Oct 2014, Tromsø, Norway. ⟨10.1007/978-3-319-11599-3_11⟩ privacy web tracking [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL] [INFO.INFO-WB]Computer Science [cs]/Web [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] info:eu-repo/semantics/conferenceObject Conference papers 2014 ftanrparis https://doi.org/10.1007/978-3-319-11599-3_11 2024-08-28T23:59:05Z International audience Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users' privacy is to make them switch between different machine and browser configurations. We propose a formalisation of this privacy enforcement mechanism. We use information-theoretic channels to model the knowledge of the tracker and the fingerprinting program, and show how to synthesise a randomisation mechanism that defines the distribution of configurations for each user. This mechanism provides a strong guarantee of privacy (the probability of identifying the user is bounded by a given threshold) while maximising usability (the user switches to other configurations rarely). To find an optimal solution, we express the enforcement problem of randomisation by a linear program. We investigate and compare several approaches to randomisation and find that more efficient privacy enforcement would often provide lower usability. Finally, we relax the requirement of knowing the fingerprinting program in advance, by proposing a randomisation mechanism that guarantees privacy for an arbitrary program. Conference Object Tromsø Portail HAL-ANR (Agence Nationale de la Recherche) 181 196 |