Skip to main content
Springer Nature Link
Log in

Extending the Exposure Score of Web Browsers by Incorporating CVSS

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13204))

Included in the following conference series:

  • 515 Accesses

Abstract

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Yet its content differs from one browser to another. Despite the privacy and security risks of User-Agent strings, very few works have tackled this problem. Our previous work proposed giving Internet browsers exposure relative scores to aid users to choose less intrusive ones. Thus, the objective of this work is to extend our previous work through: first, conducting a user study to identify its limitations. Second, extending the exposure score via incorporating data from the NVD. Third, providing a full implementation, instead of a limited prototype. The proposed system: assigns scores to users’ browsers upon visiting our website. It also suggests alternative safe browsers, and finally it allows updating the back-end database with a click of a button. We applied our method to a data set of more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available here [4].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aksu, M.U., et al.: A quantitative CVSS-based cyber security risk assessment methodology for it systems. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–2 (2017). https://doi.org/10.1109/CCST.2017.8167819

  2. Barona, R., Anita, E.A.M.: A survey on data breach challenges in cloud computing security: issues and threats. In: 2017 International Conference on Circuit, Power and Computing Technologies (ICCPCT), pp. 1–8 (2017). https://doi.org/10.1109/ICCPCT.2017.8074287

  3. Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14527-8_1

    Chapter  Google Scholar 

  4. Mohsen, F., Adel Shtayyeh, R.N., Mohammad, L.: 52k+ User-agent strings and their exposure scores. V1, Dataversed (2021). https://doi.org/10.34894/2SVOIE

  5. FaizKhademi, A., Zulkernine, M., Weldemariam, K.: FPGuard: detection and prevention of browser fingerprinting. In: Samarati, P. (ed.) DBSec 2015. LNCS, vol. 9149, pp. 293–308. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20810-7_21

    Chapter  Google Scholar 

  6. Fiore, U., Castiglione, A., Santis, A.D., Palmieri, F.: Countering browser fingerprinting techniques: constructing a fake profile with google chrome. In: 2014 17th International Conference on Network-Based Information Systems, pp. 355–360, September 2014. https://doi.org/10.1109/NBiS.2014.102

  7. GCFGlobal: Internet basics - using a web browser. https://edu.gcfglobal.org/en/internetbasics/using-a-web-browser/1/

  8. Gómez-Boix, A., Frey, D., Bromberg, Y.D., Baudry, B.: A collaborative strategy for mitigating tracking through browser fingerprinting. In: MTD 2019–6th ACM Workshop on Moving Target Defense, pp. 1–12. London, United Kingdom, November 2019. https://doi.org/10.1145/3338468.3356828, https://hal.inria.fr/hal-02282591

  9. Hoffman, C.: What is a browser’s user agent? https://cutt.ly/DW77C6v

  10. Hupperich, T., Maiorca, D., Kührer, M., Holz, T., Giacinto, G.: On the robustness of mobile device fingerprinting: can mobile users escape modern web-tracking mechanisms? In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 191–200 (2015)

    Google Scholar 

  11. Kaur, H., Zavarsky, P., Jaafar, F.: Unauthorised data leakage from corporate networks through web browser fingerprinting vulnerability. In: World Congress on Internet Security (WorldCIS-2017), pp. 55–61 (2017)

    Google Scholar 

  12. Laperdrix, P., Bielova, N., Baudry, B., Avoine, G.: Browser fingerprinting: a survey. CoRR abs/1905.01051 (2019). http://arxiv.org/abs/1905.01051

  13. Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 878–894. IEEE (2016)

    Google Scholar 

  14. Matteson, S.: 5 common browser security threats, and how to handle them. https://www.techrepublic.com/article/5-common-browser-security-threats-and-how-to-handle-them/

  15. Mohsen, F., Shehab, M., Lange, M., Karastoyanova, D.: Quantifying information exposure by web browsers. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) FTC 2020. AISC, vol. 1290, pp. 648–667. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63092-8_44

    Chapter  Google Scholar 

  16. Mulazzani, M., et al.: Fast and reliable browser identification with javascript engine fingerprinting. In: Web 2.0 Workshop on Security and Privacy (W2SP), vol. 5. Citeseer (2013)

    Google Scholar 

  17. NIST: nvd.nist.gov. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

  18. NIST: nvd.nist.gov. https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator

  19. Scientific, F.: Introduction to browsing the web. https://www.freedomscientific.com/SurfsUp/Introduction.htm

  20. Takeda, K.: User identification and tracking with online device fingerprints fusion, pp. 163–167, October 2012. https://doi.org/10.1109/CCST.2012.6393552

  21. Wikipedia: Web browser. https://en.wikipedia.org/wiki/Web_browser

  22. Yen, T.F., Xie, Y., Yu, F., Yu, R.P., Abadi, M.: Host fingerprinting and tracking on the web: Privacy and security implications. In: NDSS, vol. 62, p. 66 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Systems Group, Bernoulli Institute for Mathematics, Computer Science and Artificial Intelligence, University of Groningen, Groningen, The Netherlands

    Fadi Mohsen & Marten Struijk

  2. An-Najah National University, Nablus, Palestine

    Adel Shtayyeh, Riham Naser & Lena Mohammad

Authors
  1. Fadi Mohsen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adel Shtayyeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Riham Naser
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lena Mohammad
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marten Struijk
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fadi Mohsen .

Editor information

Editors and Affiliations

  1. University of Kansas, Lawrence, KS, USA

    Bo Luo

  2. University of Bordeaux, Bordeaux, France

    Mohamed Mosbah

  3. Polytechnique Montréal, Montréal, QC, Canada

    Frédéric Cuppens

  4. Iowa State University, Iowa Ciy, IA, USA

    Lotfi Ben Othmane

  5. Polytechnique Montréal, Montréal, QC, Canada

    Nora Cuppens

  6. University of Sfax, Sfax, Tunisia

    Slim Kallel

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mohsen, F., Shtayyeh, A., Naser, R., Mohammad, L., Struijk, M. (2022). Extending the Exposure Score of Web Browsers by Incorporating CVSS. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-02067-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-02066-7

  • Online ISBN: 978-3-031-02067-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics