P G N 5 : KA I N G , R I S H E R A N D S C H U LT E

PERSISTENT COOKIES WITH BROWSER FINGERPRINTING

DEFINITIONS & BACKGROUND

• Persistent Cookies: cookies that are resistant to deletion.• Browser Fingerprint: set of browser attributes

that can be used to uniquely identify a user.

• Used in combination with passwords to verify users.• Browser Fingerprint is alternative to two-factor

authentication.• Requires no additional hardware tokens• Is passive (convenient)

FINGERPRINT ATTRIBUTES

BITS OF ENTROPY

• Describes how likely a piece of information will be identical between any two random users.• Example: 8 bits of entropy indicates attribute has

potential to uniquely identify 28 or 256 different users.

Attribute Boda Study (2012) Eckersley Study (2010)

User Agent String 8.095 10.0

Timezone 2.22 3.04

User ID 9.03 -

All fonts 8.57 13.9

Universal fonts 6.83 -

Detected fonts 7.63 -

Plugins - 15.4

EVERCOOKIE

• API for persistent cookies

• Multiple storage locations throughout the client

• If any cookie is deleted, all are replaced as long as at least one cookie remains

• Stored in locations typical users will not be able to remove (Silverlight storage, flash cookies)

STORAGE LOCATIONS

• Standard cookies• Typical browser cookies, easy to implement, easy to

remove

• Local Shared Objects• Flash cookies• Flash does not by default ask for permission• Not cross domain

STORAGE LOCATIONS

• Silverlight Isolated Storage• Virtual file system on client• Any type of data can be stored

• PNG caching• Image created using RGB values equal to the cookies

value• Stored in browser’s cache• If needed to be retrieved (other cookies have been

deleted) the browser is made to make a request for the PNG• 304 “Not Modified” message sent back, telling browser to

look into the cache

STORAGE LOCATIONS

• Etags• Used for cache validation• Can be set in a similar way to a cookie

• Web cache• Standard web cache mechanism• Persistent cookie stored in cache

• window.name• DOM property with 2-32MB of data available• Cross domain• Can be read by other websites

STORAGE LOCATIONS

• HTML5 locations• Global storage outdated, instead use local storage• Persistent, no expiration date

• Session data• Not very persistent. Cleared when user exits browser

• Database storage• SQL storage in database on client

RESULTS

Firefox (20.0.1) Evercookie Project

PNG YES YES

eTag YES YES

Cache YES YES

userData

localData YES YES

globalData

sessionData YES YES

windowData YES YES

Cookie YES YES

History

DB

Flash YES YES

Silverlight YES

RESULTS

Safari (5.1.7) Evercookie Project

PNG YES YES

eTag YES YES

Cache YES YES

userData

localData YES YES

globalData

sessionData YES YES

windowData YES YES

Cookie YES YES

History

DB

Flash YES YES

Silverlight YES

RESULTS

IE (9.0.8112.16421) Evercookie Project

PNG YES

eTag

Cache YES YES

userData

localData YES YES

globalData

sessionData YES YES

windowData YES YES

Cookie YES YES

History

DB

Flash

Silverlight

RESULTS

Chrome (26.0.1410.64)

Evercookie Project

PNG YES

eTag YES

Cache YES

userData

localData YES

globalData

sessionData YES

windowData YES

Cookie YES

History

DB YES

Flash YES YES

Silverlight YES

RESULTS

Features Evercookie Project

Cross browser storage No Yes

Retrievable after close Yes Yes

Retrievable after restart Yes Yes

Retrievable w/o JS Yes Yes

Retrievable after clearing Yes Yes

Retrievable in Private Browsing

FF/S FF/S

Retrievable via fingerprinting No Yes

RESULTS

RESULTS

RESULTS

FUTURE WORK

• New storage locations?• Javascript file I/O?

• Performance measurements

• Improved Fingerprinting• Additional attributes• Location capturing (combined with last seen time/location)

• Fuzzy matching