Protecting Browser State from Web Privacy Attacks - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Protecting Browser State from Web Privacy Attacks

Description:

Protecting Browser State. from Web Privacy Attacks. Collin Jackson, Andrew Bortz, ... Phished site: Can I check history against phishing blacklist? ... – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 21
Provided by: adam226
Category:

less

Transcript and Presenter's Notes

Title: Protecting Browser State from Web Privacy Attacks


1
Protecting Browser Statefrom Web Privacy Attacks
  • Collin Jackson, Andrew Bortz,
  • Dan Boneh, John Mitchell
  • Stanford University

2
Context-aware Phishing
  • Bank of America
  • customers see
  • Wells Fargo
  • customers see
  • Works in all major browsers
  • Design issue, not a just bug

3
Example Attacks
  • Query visited links
  • ltstylegtavisited
  • background url(track.php?example.com)
  • lt/stylegtlta href"http//example.com/"gtHilt/agt
  • Time browser cache
  • ltscriptgtstart new Date()lt/scriptgt
  • ltimg src"http//example.com/logo.gif"
  • onload"end new Date()
  • if (end.getTime() start.getTime() lt 5)
  • // image was in cache
  • "gt
  • Can we block script, background image?

4
Chameleon Pages
  • No JavaScript required
  • No server involvement
  • Even works in Outlook 2002

5
Perspectives
  • Phisher Where do you bank?
  • China Have you been to subversive sites?
  • Amazon Can I show contexual ads?
  • Phished site Can I check history
    against phishing blacklist?
  • PayPal Can I use history as 2nd factor?
  • Sensitive website Can I protect visitors?
  • Browser vendor
  • Can I protect users at every site?

6
Same Origin Principle (strict)
  • Only the site that stores some information in
    the browser may later read or modify that
    information.
  • Site protocol port host
  • Too restrictive to use in practice
  • Web relies on site interconnections

7
Same Origin Policy (relaxed)
  • Only the site that stores some information in
    the browser may later read or modify that
    information, unless it is shared.
  • What is sharing?
  • No strict definition
  • Relies on expectations of developer/user

8
Sharing Browser State
  • Pass information in query parameters
  • Modify document.domain
  • User permission (IEs trusted zones, Mozillas
    UniversalBrowserRead)
  • Stylesheets
  • Scripts
  • Image size
  • JSONRequest (not XMLHttpRequest)

ltscript type"text/javascript"gtlt!-- google_ad_clie
nt "pub-2966125433144242" google_ad_width
110 google_ad_height 32 google_ad_format
"110x32_as_rimg" google_cpa_choice
"CAAQ_-KZzgEaCHfyBUS9wT0_KOP143Q" //--gtlt/scriptgt
ltscript type"text/javascript" src "http//pagead
2.googlesyndication.com/pagead/show_ads.js"gt lt/scr
iptgt
9
Inappropriate State Sharing
  • Common developer/user expectation browser
    history is secret
  • Options?
  • Change expectations
  • Change browser

Cookies
Visited links
Cache
JavaScript
CSS
93 94 95 96 97
10
SafeCache
  • Browser extension for Firefox
  • Intercept requests to browser cache
  • If no referrer, allow request
  • If URL has referrer
  • Store referrer host with cache entry
  • Cache hit only on referrer host match

11
SafeHistory
  • Intercept requests to browser history database
  • For each history entry, record referrers
  • Color visited link if
  • Its a same-site link, or
  • Cross-site link was visited from this site

12
Third Party Cookies
  • Site of embedded image can build history of
    visitors activities where image appears.
  • IP address is no longer sufficient for tracking
  • Solution Block access to sites own cookies if
    the domain of the embedding page does not match
  • Site accesses own state not same origin issue

13
Third Party Blocking Policy
  • A site may only store or read some persistent
    information in the browser if it is the same
    site as the top level page.
  • Alternate definition referrer is same site
  • Top level page is the primary interaction
  • Storing or reading allows tracker to build full
    record of users history.

14
Block on set or read?
  • If setting is allowed
  • Tracker site sets different cookie at every
    participating site
  • When user visits tracker site in first party
    context, entire history is visible
  • If reading is allowed
  • Tracker site sets unique user identifier cookie
    when user visits tracker in first party context
  • When user visits any participating site, tracker
    updates history database entry on server

15
Broken Cookie Blocking
16
Third Party Cache Example
  • Offsite script included with ltscript src"..."gt
  • Script generated dynamically and cached
  • Unique identifier now appended to all links

17
General Third Party Blocking
  • SafeCache
  • Disallow cache for offsite content
  • SafeHistory
  • Show links as unvisited in cross-site frames

18
Bypassing Third Party Blocking
  • Protects sites from each other
  • Many covert channels if sites cooperate
  • JavaScript redirection
  • Meta refresh
  • Popup windows
  • Cross-site hyperlinks
  • Certain techniques are implicit cooperation
  • Frames, scripts, CSS can have active content
  • Defense Disable or clear persistent state

19
Summary
  • Same origin policy critical for security
  • Restricts cross-site state access
  • Third party blocking additional privacy
  • Restricts sites access to its own state
  • Incorrectly implemented in all major browsers
  • Most effective for images
  • Neither technique stops cooperative sharing
  • safecache.com safehistory.com

20
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Protecting Browser State from Web Privacy Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!