An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Anonymizing Communication in VANets by Applying I2P Mechanisms

International audienceAnonymizing communication becomes a substantial issue to enhance security and facing attacks. Huge researches are made in this field aiming to ensure a secure and anonymous communication. In vehicular ad hoc networks (VANets), this concept is used in different application areas like military domains, in which hiding destinations identities is necessary to avoid consequences attacks. In this paper, we propose a model of security to ensure anonymity in vehicular ad-hoc network. We inspire this model from the Invisible Internet project (I2P) in which we continue our previous work by adapting some of I2P mechanisms and algorithms in VANets. We adapt the I2P protocol to respond to several requirements of VANets. The proposed model is based on tunnels and encryption algorithms that use digital signatures and authentication mechanisms. We aim to make the proposed protocol more secure by ensuring anonymity, integrity, non- repudiation and confidentiality. We prove the effectiveness and the security of our proposed model by analysing different cases of anonymity and showing performance results. We have launched our simulations using NS3 platform