Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Towards Mining Latent Client Identifiers from Network Traffic

Towards Mining Latent Client Identifiers from Network Traffic Abstract Websites extensively track users via identifiers that uniquely map to client machines or user accounts. Although such tracking has desirable properties like enabling personalization and website analytics, it also raises serious concerns about online user privacy, and can potentially enable illicit surveillance by adversaries who broadly monitor network traffic. In this work we seek to understand the possibilities of latent identifiers appearing in user traffic in forms beyond those already well-known and studied, such as browser and Flash cookies. We develop a methodology for processing large network traces to semi-automatically discover identifiers sent by clients that distinguish users/devices/browsers, such as usernames, cookies, custom user agents, and IMEI numbers. We address the challenges of scaling such discovery up to enterprise-sized data by devising multistage filtering and streaming algorithms. The resulting methodology reflects trade-offs between reducing the ultimate analysis burden and the risk of missing potential identifier strings. We analyze 15 days of data from a site with several hundred users and capture dozens of latent identifiers, primarily in HTTP request components, but also in non-HTTP protocols. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings on Privacy Enhancing Technologies de Gruyter

Towards Mining Latent Client Identifiers from Network Traffic

Download PDF
15 pages

Loading next page...
 
/lp/de-gruyter/towards-mining-latent-client-identifiers-from-network-traffic-d1FuO0X8cZ
Publisher
de Gruyter
Copyright
Copyright © 2016 by the
ISSN
2299-0984
eISSN
2299-0984
DOI
10.1515/popets-2016-0007
Publisher site
See Article on Publisher Site

Abstract

Abstract Websites extensively track users via identifiers that uniquely map to client machines or user accounts. Although such tracking has desirable properties like enabling personalization and website analytics, it also raises serious concerns about online user privacy, and can potentially enable illicit surveillance by adversaries who broadly monitor network traffic. In this work we seek to understand the possibilities of latent identifiers appearing in user traffic in forms beyond those already well-known and studied, such as browser and Flash cookies. We develop a methodology for processing large network traces to semi-automatically discover identifiers sent by clients that distinguish users/devices/browsers, such as usernames, cookies, custom user agents, and IMEI numbers. We address the challenges of scaling such discovery up to enterprise-sized data by devising multistage filtering and streaming algorithms. The resulting methodology reflects trade-offs between reducing the ultimate analysis burden and the risk of missing potential identifier strings. We analyze 15 days of data from a site with several hundred users and capture dozens of latent identifiers, primarily in HTTP request components, but also in non-HTTP protocols.

Journal

Proceedings on Privacy Enhancing Technologiesde Gruyter

Published: Apr 1, 2016

References

  • Dung Selling off privacy at auction In Proceedings of Network and Distributed System
    Olejnik
  • uses Google cookies to pinpoint targets for hacking http tinyurl com oshq
  • Remote physical device fingerprinting Dependable and Secure Transactions on
    Kohno
  • Google Google s Cookie Matching Protocol https developers google com ad exchange rtb cookie guide Online
  • De - anonymizing the internet using unreliable ids In Proceedings of the ACM SIGCOMM Conference on Data
    Xie
  • Angry Birds and leaky phone apps targeted by NSA and GCHQ for user data http tinyurl com nfnd
  • monster Exploring the ecosystem of web - based device fingerprinting In the on and
    Nikiforakis
  • Bro https www bro org Online
  • Google Google s Cookie Matching Protocol https developers google com ad exchange rtb cookie guide Online
  • Detecting privacy leaks in ios applications In Proceedings of the Net work and Distributed System
    Egele
  • study of third - party tracking by mobile apps in the wild Technical Report
    Han
  • An information - flow tracking system for realtime privacy monitoring on smartphones In Proceedings of the th USENIX Conference on Operating Systems Design and Implementation
    Enck
  • Free Scanner http nmap org Online
    Nmap
  • Honeycomb Creating intrusion detection signatures using honeypots
    Kreibich
  • fingerprinting and tracking on the web : Privacy and security implications In Proceedings of Network and Distributed System
    Yen
  • Apple Push Notification Service http tinyurl com qebsrfy Online
  • Dung Selling off privacy at auction In Proceedings of Network and Distributed System
    Olejnik
  • Safe Browsing API https developers google com safebrowsing developers guide
  • study of third - party tracking by mobile apps in the wild Technical Report
    Han
  • On the leakage of personally identifiable information via online social networks In Proceedings of the nd ACM Workshop on Online
    Krishnamurthy
  • Privacy diffusion on the web : a longitudinal perspective In Proceedings of the th
    Krishnamurthy
  • fingerprinting and tracking on the web : Privacy and security implications In Proceedings of Network and Distributed System
    Yen
  • Honeycomb Creating intrusion detection signatures using honeypots
    Kreibich
  • Angry Birds and leaky phone apps targeted by NSA and GCHQ for user data http tinyurl com nfnd
  • Cookies that give you away : The surveillance implications of web tracking In Proceedings of the th Conference
    Englehardt
  • IP Peer to peer versus SIP MS
    Arranz
  • Free Scanner http nmap org Online
    Nmap
  • Safe Browsing API https developers google com safebrowsing developers guide
  • Apple Push Notification Service http tinyurl com qebsrfy Online
  • De - anonymizing the internet using unreliable ids In Proceedings of the ACM SIGCOMM Conference on Data
    Xie
  • IP Peer to peer versus SIP MS
    Arranz
  • Remote physical device fingerprinting Dependable and Secure Transactions on
    Kohno
  • Automated worm fingerprinting In Proceedings of the th Conference on Symposium on Operating Systems Design Implementation
    Singh
  • Bro https www bro org Online
  • Detecting privacy leaks in ios applications In Proceedings of the Net work and Distributed System
    Egele
  • Detecting privacy leaks in the RATP app : How we proceeded and what we found of and Hacking Techniques
    Achara
  • An information - flow tracking system for realtime privacy monitoring on smartphones In Proceedings of the th USENIX Conference on Operating Systems Design and Implementation
    Enck
  • The web never forgets : Persistent tracking mechanisms in the wild In Proceedings of the ACM SIGSAC Conference on Computer and Communications
    Acar
  • monster Exploring the ecosystem of web - based device fingerprinting In the on and
    Nikiforakis
  • The web never forgets : Persistent tracking mechanisms in the wild In Proceedings of the ACM SIGSAC Conference on Computer and Communications
    Acar
  • Detecting privacy leaks in the RATP app : How we proceeded and what we found of and Hacking Techniques
    Achara
  • uses Google cookies to pinpoint targets for hacking http tinyurl com oshq
  • Cookies that give you away : The surveillance implications of web tracking In Proceedings of the th Conference
    Englehardt
  • On the leakage of personally identifiable information via online social networks In Proceedings of the nd ACM Workshop on Online
    Krishnamurthy
  • Privacy diffusion on the web : a longitudinal perspective In Proceedings of the th
    Krishnamurthy
  • Automated worm fingerprinting In Proceedings of the th Conference on Symposium on Operating Systems Design Implementation
    Singh