2,757 research outputs found
Tracking Users across the Web via TLS Session Resumption
User tracking on the Internet can come in various forms, e.g., via cookies or
by fingerprinting web browsers. A technique that got less attention so far is
user tracking based on TLS and specifically based on the TLS session resumption
mechanism. To the best of our knowledge, we are the first that investigate the
applicability of TLS session resumption for user tracking. For that, we
evaluated the configuration of 48 popular browsers and one million of the most
popular websites. Moreover, we present a so-called prolongation attack, which
allows extending the tracking period beyond the lifetime of the session
resumption mechanism. To show that under the observed browser configurations
tracking via TLS session resumptions is feasible, we also looked into DNS data
to understand the longest consecutive tracking period for a user by a
particular website. Our results indicate that with the standard setting of the
session resumption lifetime in many current browsers, the average user can be
tracked for up to eight days. With a session resumption lifetime of seven days,
as recommended upper limit in the draft for TLS version 1.3, 65% of all users
in our dataset can be tracked permanently.Comment: 11 page
Web Tracking: Mechanisms, Implications, and Defenses
This articles surveys the existing literature on the methods currently used
by web services to track the user online as well as their purposes,
implications, and possible user's defenses. A significant majority of reviewed
articles and web resources are from years 2012-2014. Privacy seems to be the
Achilles' heel of today's web. Web services make continuous efforts to obtain
as much information as they can about the things we search, the sites we visit,
the people with who we contact, and the products we buy. Tracking is usually
performed for commercial purposes. We present 5 main groups of methods used for
user tracking, which are based on sessions, client storage, client cache,
fingerprinting, or yet other approaches. A special focus is placed on
mechanisms that use web caches, operational caches, and fingerprinting, as they
are usually very rich in terms of using various creative methodologies. We also
show how the users can be identified on the web and associated with their real
names, e-mail addresses, phone numbers, or even street addresses. We show why
tracking is being used and its possible implications for the users (price
discrimination, assessing financial credibility, determining insurance
coverage, government surveillance, and identity theft). For each of the
tracking methods, we present possible defenses. Apart from describing the
methods and tools used for keeping the personal data away from being tracked,
we also present several tools that were used for research purposes - their main
goal is to discover how and by which entity the users are being tracked on
their desktop computers or smartphones, provide this information to the users,
and visualize it in an accessible and easy to follow way. Finally, we present
the currently proposed future approaches to track the user and show that they
can potentially pose significant threats to the users' privacy.Comment: 29 pages, 212 reference
Improving the efficiency of spam filtering through cache architecture
Blacklists (BLs), also called Domain Name Systembased Blackhole List (DNSBLs) are the databases of known internet addresses used by the spammers to send out the spam mails. Mail servers use these lists to filter out the e-mails coming from different spam sources. In contrary, Whitelists (WLs) are the explicit list of senders from whom e-mail can be accepted or delivered. Mail Transport Agent (MTA) is usually configured to reject, challenge or flag the messages which have been sent from the sources listed on one or more DNSBLs and to allow the messages from the sources listed on the WLs. In this paper, we are demonstrating how the bandwidth (the overall requests and responses that need to go over the network) performance is improved by using local caches for BLs and WLs. The actual sender\u27s IP addresses are extracted from the e-mail log. These are then compared with the list in the local caches to find out if they should be accepted or not, before they are checked against the global DNSBLs by running \u27DNSBL queries\u27 (if required). Around three quarters of the e-mail sources have been observed to be filtered locally through caches with this method. Provision of local control over the lists and lower search (filtering) time are the other related benefits. © 2008 IEEE
The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines
Web-based single sign-on (SSO) services such as Google Sign-In and Log In
with Paypal are based on the OpenID Connect protocol. This protocol enables
so-called relying parties to delegate user authentication to so-called identity
providers. OpenID Connect is one of the newest and most widely deployed single
sign-on protocols on the web. Despite its importance, it has not received much
attention from security researchers so far, and in particular, has not
undergone any rigorous security analysis.
In this paper, we carry out the first in-depth security analysis of OpenID
Connect. To this end, we use a comprehensive generic model of the web to
develop a detailed formal model of OpenID Connect. Based on this model, we then
precisely formalize and prove central security properties for OpenID Connect,
including authentication, authorization, and session integrity properties.
In our modeling of OpenID Connect, we employ security measures in order to
avoid attacks on OpenID Connect that have been discovered previously and new
attack variants that we document for the first time in this paper. Based on
these security measures, we propose security guidelines for implementors of
OpenID Connect. Our formal analysis demonstrates that these guidelines are in
fact effective and sufficient.Comment: An abridged version appears in CSF 2017. Parts of this work extend
the web model presented in arXiv:1411.7210, arXiv:1403.1866,
arXiv:1508.01719, and arXiv:1601.0122
How Do Tor Users Interact With Onion Services?
Onion services are anonymous network services that are exposed over the Tor
network. In contrast to conventional Internet services, onion services are
private, generally not indexed by search engines, and use self-certifying
domain names that are long and difficult for humans to read. In this paper, we
study how people perceive, understand, and use onion services based on data
from 17 semi-structured interviews and an online survey of 517 users. We find
that users have an incomplete mental model of onion services, use these
services for anonymity and have varying trust in onion services in general.
Users also have difficulty discovering and tracking onion sites and
authenticating them. Finally, users want technical improvements to onion
services and better information on how to use them. Our findings suggest
various improvements for the security and usability of Tor onion services,
including ways to automatically detect phishing of onion services, more clear
security indicators, and ways to manage onion domain names that are difficult
to remember.Comment: Appeared in USENIX Security Symposium 201
An Analysis of various web tracking methods
The accurate tracking of web clients has historically been a difficult problem. Accurate tracking can be used to monitor the activity of attackers which would otherwise be anonymous. Since HTTP is a stateless protocol, there is no built-in method for tracking clients. Many methods have been developed for this purpose; however they primarily rely on the cooperation of the client and are limited to the current session and are not designed to track a client long-term or through different environments. This paper takes an in-depth look at the most popular methods of tracking web users and how well they preserve information when a client attempts to remove them. Each method is evaluated based on the amount of unique information they provide and how easy a client can defeat the method. The tracking methods are then combined using a profiling algorithm to correlate all of the available information into a single profile. The algorithm is designed with different weights for each method, allowing for environmental flexibility. Test results demonstrate that this approach accurately determines the correct profile for a client in situations where the individual methods alone could not
- …