Abstract
Different web browsers have developed approaches to better isolate the activities of users on different websites. However, those only work on the application-level and using the user’s IP address, all actions of the users can be linked. We present a context-aware IP address alteration scheme that utilizes the large IPv6 address space to protect against IP-address-based tracking.
We propose a scheme where a distinct outbound IPv6 address is used for each visited website and its dependencies. A prototype has been implemented and support for several web protocols and applications has been ensured. We evaluated the impact of the prototype on browsing performance. The results indicate that the impact is negligible. In combination with existing application-level measures, effective protection against tracking can be achieved.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The source code can be found at [39].
- 2.
The browser profiles of the The Browser and our protoype had to be configured to allow accessing Firefox’s Performance API: privacy.resistFingerprinting =false.
References
Alexa Internet Inc.: The Top 500 Sites on the Web (2019). https://www.alexa.com/topsites
Alvestrand, H.: Overview: real time protocols for browser-based applications. Internet-Draft draft-ietf-rtcweb-overview-19, November 2017
Alvestrand, H.T.: Transports for WebRTC. Technical report, draft-ietf-rtcweb-transports-17, Internet Engineering Task Force, October 2016. Work in Progress
Banse, C., Herrmann, D., Federrath, H.: Tracking users on the internet with behavioral patterns: evaluation of its practical feasibility. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 235–248. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_20
Bujlow, T., Carela-Español, V., Solé-Pareta, J., Barlet-Ros, P.: Web Tracking: Mechanisms, Implications, and Defenses. arXiv preprint arXiv:1507.07872 (2015)
Carpenter, B., Chown, T., Gont, F., Jiang, S., Petrescu, A., Yourtchenko, A.: Analysis of the 64-bit Boundary in IPv6 Addressing. RFC 7421, RFC Editor, January 2015
Chen, E.Y., Bau, J., Reis, C., Barth, A., Jackson, C.: App isolation: get the security of multiple browsers with just one. In: ACM Conference on Computer and Communications Security, pp. 227–238. ACM (2011)
Dunlop, M., Groat, S., Urbanski, W., Marchany, R., Tront, J.: MT6D: a moving target IPv6 defense. In: Military Communications Conference 2011, pp. 1321–1326. IEEE (2011)
Egevang, K.B., Francis, P.: The IP Network Address Translator (NAT). RFC 1631, RFC Editor, May 1994
Facebook: Facebook Login (2019). https://developers.facebook.com/docs/facebook-login/web
Fette, I., Melnikov, A.: The WebSocket protocol. RFC 6455, RFC Editor, December 2011
Google LLC: Google Sign-In for Websites (2019). https://developers.google.com/identity/sign-in/web/
Herrmann, D., Arndt, C., Federrath, H.: IPv6 Prefix Alteration: An Opportunity to Improve Online Privacy. CoRR abs/1211.4704 (2012)
Hinden, R., Deering, S.: IP Version 6 Addressing Architecture. RFC 4291, RFC Editor, February 2006
Judmayer, A., Ullrich, J., Merzdovnik, G., Voyiatzis, A.G., Weippl, E.: Lightweight address hopping for defending the IPv6 IoT. In: International Conference on Availability, Reliability and Security, p. 20. ACM (2017)
Kaazing Corporation: WebSocket echo test (2019). https://www.websocket.org/echo.html
Krishnamurthy, B., Wang, J.: On network-aware vclustering of web clients. ACM SIGCOMM Comput. Commun. Rev. 30(4), 97–110 (2000)
Lindqvist, J., Tapio, J.M.: Protecting privacy with protocol stack virtualization. In: Workshop on Privacy in the Electronic Society, pp. 65–74. ACM, New York (2008). https://doi.org/10.1145/1456403.1456416
Mozilla: Firefox 22.0 releasenotes (2013). https://website-archive.mozilla.org/www.mozilla.org/firefox_releasenotes/en-US/firefox/22.0/releasenotes/
Mozilla: PerformanceNavigationTiming - Web APIs | MDN (2018). https://developer.mozilla.org/en-US/docs/Web/API/PerformanceNavigationTiming
Mozilla: Anti tracking policy (2019). https://wiki.mozilla.org/Security/Anti_tracking_policy#1._Cross-site_tracking
Mozilla: Multi-Account Containers (2019). https://support.mozilla.org/en-US/kb/containers
Mozilla Foundation: Public Suffix List (2019). https://publicsuffix.org
Narten, T., Huston, G., Roberts, L.: IPv6 Address Assignment to End Sites. BCP 157, RFC Editor, March 2011
Narten, T., Draves, R., Krishnan, S.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 4941, RFC Editor, September 2007
Pan, X., Cao, Y., Chen, Y.: I do not know what you visited last summer: protecting users from third-party web tracking with trackingfree browser. In: Network and Distributed System Security Symposium (2015)
Panchenko, A., Pimenidis, L., Renner, J.: Performance analysis of anonymous communication channels provided by Tor. In: International Conference on Availability, Reliability and Security, pp. 221–228, March 2008. https://doi.org/10.1109/ARES.2008.63
Perry, M., Clark, E., Murdoch, S., Koppen, G.: The design and implementation of the Tor browser [DRAFT] (2018). https://www.torproject.org/projects/torbrowser/design/
Raghavan, B., Kohno, T., Snoeren, A.C., Wetherall, D.: Enlisting ISPs to improve online privacy: IP address mixing by default. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 143–163. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_9
Reis, C., Gribble, S.D.: Isolating web programs in modern browser architectures. In: ACM European Conference on Computer Systems, pp. 219–232. ACM (2009)
Ries, T., Panchenko, A., State, R., Engel, T.: Comparison of low-latency anonymous communication systems: practical usage and performance. In: Australasian Information Security Conference, pp. 77–86 (2011)
RIPE NCC: IPv6 Enabled Networks (2018). http://v6asns.ripe.net/v/6?s=_ALL;s=_RIR_RIPE_NCC
Selenium - Web Browser Automation (2019). https://docs.seleniumhq.org
Sifalakis, M., Schmid, S., Hutchison, D.: Network address hopping: a mechanism to enhance data protection for packet communications. In: International Conference on Communications, vol. 3, pp. 1518–1523. IEEE (2005)
Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration. RFC 4862, RFC Editor, September 2007
Uberti, J., Shieh, G.: WebRTC IP Address Handling Requirements. Internet-Draft draft-ietf-rtcweb-ip-handling-04, July 2017
Verde, N.V., Ateniese, G., Gabrielli, E., Mancini, L.V., Spognardi, A.: No NAT’d user left behind: fingerprinting users behind NAT from NetFlow records alone. In: International Conference on Distributed Computing Systems, pp. 218–227. IEEE (2014)
W3C: A Primer for Web Performance Timing APIs (2018). http://w3c.github.io/perf-timing-primer/
Wille, F.: IPv6 Address Hopping - SOCKS5 Proxy: Version 1, February 2018. https://doi.org/10.5281/zenodo.1184149
Acknowledgment
We thank the anonymous reviewers for their insightful comments and suggestions. This work is supported in part by the German Federal Ministry of Education and Research under the reference number 16KIS0368 and the German Federal Ministry for Economic Affairs and Energy under the reference number 03SIN432.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Marx, M., Schwarz, M., Blochberger, M., Wille, F., Federrath, H. (2020). Context-Aware IPv6 Address Hopping. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds) Information and Communications Security. ICICS 2019. Lecture Notes in Computer Science(), vol 11999. Springer, Cham. https://doi.org/10.1007/978-3-030-41579-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-41579-2_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41578-5
Online ISBN: 978-3-030-41579-2
eBook Packages: Computer ScienceComputer Science (R0)