Um método de identificação de navegadores Web baseado na Web Audio API
Abstract
Web fingerprinting is a process in which the user is, with high likelihood, uniquely identified by the extracted characteristics of his / her device, generating an identifier key (fingerprint). Although it can be used for malicious purposes, Web fingerprinting can also be used for good intention: enhance usability in Web pages, enhance two-factor authentication and so on. This paper investigates the Web Audio API as a Web fingerprinting method capable of identifying the devices' class. As outcome, it is found that the method is capable of identifying the device's class, based on features like device's type, Web browser's version and rendering engine.
References
Bursztein, E., Malyshev, A., Pietraszek, T., and Thomas, K. (2016). Picasso: Lightweight Device Class Fingerprinting for Web Clients. In Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices, pages 93 –102, Austria.
Eckersley, P. (2010). How Unique is Your Web Browser? In Proceedings of the 10th International Conference on Privacy Enhancing Technologies, pages 1–18, Berlin, Germany. Springer-Verlag.
Englehardt, S. and Narayanan, A. (2016). Online Tracking: A 1-million-site Measurement and Analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1388–1401. ACM.
Khademi, A. F., Zulkernine, M., and Weldemariam, K. (2015). An Empirical Evaluation of Web-Based Fingerprinting. IEEE Software, 32(4):46–52.
Laperdrix, P., Rudametkin, W., and Baudry, B. (2016). Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints. In IEEE Symposium on Security and Privacy (SP), pages 878–894. IEEE.
MDN (2016). Web audio: conceitos e uso. https://developer.mozilla.org/pt-BR/docs/Web/API/.
Mowery, K., Bogenreif, D., Yilek, S., and Shacham, H. (2011). Fingerprinting Information in JavaScript Implementations. In Proceedings of W2SP 2011, pages 1–11. IEEE.
Mowery, K. and Shacham, H. (2012). Pixel perfect: Fingerprinting canvas in HTML5. In Proceedings of W2SP, pages 1–12. IEEE.
Mulazzani, M., Reschl, P., Huber, M., Leithner, M., Schrittwieser, S., Weippl, E., and Wien, F. (2013). Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting. In Web 2.0 Workshop on Security and Privacy (W2SP).
Nakibly, G., Shelef, G., and Yudilevich, S. (2015). Hardware Fingerprinting Using HTML5. CoRR, abs/1503.0.
Saraiva, A., Feitosa, E., Elleres, P., and Carneiro, G. (2014). Device Fingerprinting: Conceitos e Técnicas, Exemplos e Contramedidas. In Livro de Minicursos do XIV SBSeg, pages 49–98, Belo Horizonte - MG. SBC.
W3C (2017). Web Audio API. https://webaudio.github.io/web-audio-api/.
Ximenes, P., Correia, M., Mello, P., Carvalho, F., Franklin, M., and Andrade, R. (2016). TARP Fingerprinting: Um Mecanismo de Browser Fingerprinting Baseado em HTML5 Resistente a Contramedidas. In Anais do XVI SBSeg, pages 100–113, Niterói - RJ, Brazil.
Eckersley, P. (2010). How Unique is Your Web Browser? In Proceedings of the 10th International Conference on Privacy Enhancing Technologies, pages 1–18, Berlin, Germany. Springer-Verlag.
Englehardt, S. and Narayanan, A. (2016). Online Tracking: A 1-million-site Measurement and Analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 1388–1401. ACM.
Khademi, A. F., Zulkernine, M., and Weldemariam, K. (2015). An Empirical Evaluation of Web-Based Fingerprinting. IEEE Software, 32(4):46–52.
Laperdrix, P., Rudametkin, W., and Baudry, B. (2016). Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints. In IEEE Symposium on Security and Privacy (SP), pages 878–894. IEEE.
MDN (2016). Web audio: conceitos e uso. https://developer.mozilla.org/pt-BR/docs/Web/API/.
Mowery, K., Bogenreif, D., Yilek, S., and Shacham, H. (2011). Fingerprinting Information in JavaScript Implementations. In Proceedings of W2SP 2011, pages 1–11. IEEE.
Mowery, K. and Shacham, H. (2012). Pixel perfect: Fingerprinting canvas in HTML5. In Proceedings of W2SP, pages 1–12. IEEE.
Mulazzani, M., Reschl, P., Huber, M., Leithner, M., Schrittwieser, S., Weippl, E., and Wien, F. (2013). Fast and Reliable Browser Identification with JavaScript Engine Fingerprinting. In Web 2.0 Workshop on Security and Privacy (W2SP).
Nakibly, G., Shelef, G., and Yudilevich, S. (2015). Hardware Fingerprinting Using HTML5. CoRR, abs/1503.0.
Saraiva, A., Feitosa, E., Elleres, P., and Carneiro, G. (2014). Device Fingerprinting: Conceitos e Técnicas, Exemplos e Contramedidas. In Livro de Minicursos do XIV SBSeg, pages 49–98, Belo Horizonte - MG. SBC.
W3C (2017). Web Audio API. https://webaudio.github.io/web-audio-api/.
Ximenes, P., Correia, M., Mello, P., Carvalho, F., Franklin, M., and Andrade, R. (2016). TARP Fingerprinting: Um Mecanismo de Browser Fingerprinting Baseado em HTML5 Resistente a Contramedidas. In Anais do XVI SBSeg, pages 100–113, Niterói - RJ, Brazil.
Published
2017-11-06
How to Cite
QUEIROZ, Jordan S.; FEITOSA, Eduardo L..
Um método de identificação de navegadores Web baseado na Web Audio API. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 17. , 2017, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 70-83.
DOI: https://doi.org/10.5753/sbseg.2017.19491.
