PERSISTENT COOKIES WITH
BROWSER FINGERPRINTING
PGN5: KAING, RISHER AND SCHULTE
DEFINITIONS & BACKGROUND
• Persistent Cookies: cookies that are resistant to
deletion.
• Browser Fingerprint: set of browser attributes that
can be used to uniquely identify a user.
• Used in combination with passwords to verify users.
• Browser Fingerprint is alternative to two-factor
authentication.
• Requires no additional hardware tokens
• Is passive (convenient)
FINGERPRINT ATTRIBUTES
BITS OF ENTROPY
• Describes how likely a piece of information will be
identical between any two random users.
• Example: 8 bits of entropy indicates attribute has
potential to uniquely identify 28 or 256 different
users.
Attribute
Boda Study (2012)
Eckersley Study (2010)
User Agent String
8.095
10.0
Timezone
2.22
3.04
User ID
9.03
-
All fonts
8.57
13.9
Universal fonts
6.83
-
Detected fonts
7.63
-
Plugins
-
15.4
EVERCOOKIE
• API for persistent cookies
• Multiple storage locations throughout the client
• If any cookie is deleted, all are replaced as long as
at least one cookie remains
• Stored in locations typical users will not be able to
remove (Silverlight storage, flash cookies)
STORAGE LOCATIONS
• Standard cookies
• Typical browser cookies, easy to implement, easy to remove
• Local Shared Objects
• Flash cookies
• Flash does not by default ask for permission
• Not cross domain
STORAGE LOCATIONS
• Silverlight Isolated Storage
• Virtual file system on client
• Any type of data can be stored
• PNG caching
• Image created using RGB values equal to the cookies value
• Stored in browser’s cache
• If needed to be retrieved (other cookies have been
deleted) the browser is made to make a request for the
PNG
• 304 “Not Modified” message sent back, telling browser to look
into the cache
STORAGE LOCATIONS
• Etags
• Used for cache validation
• Can be set in a similar way to a cookie
• Web cache
• Standard web cache mechanism
• Persistent cookie stored in cache
• window.name
• DOM property with 2-32MB of data available
• Cross domain
• Can be read by other websites
STORAGE LOCATIONS
• HTML5 locations
• Global storage outdated, instead use local storage
• Persistent, no expiration date
• Session data
• Not very persistent. Cleared when user exits browser
• Database storage
• SQL storage in database on client
RESULTS
Firefox (20.0.1)
Evercookie
Project
PNG
YES
YES
eTag
YES
YES
Cache
YES
YES
YES
YES
sessionData
YES
YES
windowData
YES
YES
Cookie
YES
YES
YES
YES
userData
localData
globalData
History
DB
Flash
Silverlight
YES
RESULTS
Safari (5.1.7)
Evercookie
Project
PNG
YES
YES
eTag
YES
YES
Cache
YES
YES
YES
YES
sessionData
YES
YES
windowData
YES
YES
Cookie
YES
YES
YES
YES
userData
localData
globalData
History
DB
Flash
Silverlight
YES
RESULTS
IE (9.0.8112.16421)
Evercookie
PNG
Project
YES
eTag
Cache
YES
YES
YES
YES
sessionData
YES
YES
windowData
YES
YES
Cookie
YES
YES
userData
localData
globalData
History
DB
Flash
Silverlight
RESULTS
Chrome (26.0.1410.64)
Evercookie
Project
PNG
YES
eTag
YES
Cache
YES
userData
localData
YES
globalData
sessionData
YES
windowData
YES
Cookie
YES
History
DB
Flash
Silverlight
YES
YES
YES
YES
RESULTS
Features
Evercookie
Project
Cross browser storage
No
Yes
Retrievable after close
Yes
Yes
Retrievable after restart
Yes
Yes
Retrievable w/o JS
Yes
Yes
Retrievable after clearing
Yes
Yes
Retrievable in Private Browsing FF/S
FF/S
Retrievable via fingerprinting
Yes
No
RESULTS
RESULTS
RESULTS
FUTURE WORK
• New storage locations?
• Javascript file I/O?
• Performance measurements
• Improved Fingerprinting
• Additional attributes
• Location capturing (combined with last seen time/location)
• Fuzzy matching