Skip to main content
SpringerLink
Log in

Web Browser Tampering: Inspecting CPU Features from Side-Channel Information

  • Conference paper
  • First Online:
Advances on Broad-Band Wireless Computing, Communication and Applications (BWCCA 2017)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 12))

Abstract

Recently, JavaScript with HTML5 is becoming more popular in Web application design. This technology can also be used to collect Web client information such as Web browser families, OS, GPU, font lists or screen size. This collection is called Web browser fingerprinting. A Web viewer may use countermeasure tools for avoiding information collection. However, side-channel information from hardware performance and timing can also be used for identification. In this paper, we show a method to identify the following CPU features in Web browsers from side-channel information: number of CPU cores, Hyper Threading Technology (HTT) availability, Streaming SIMD Extensions2 (SSE2) availability, Advanced Encryption Standard New Instructions (AES-NI) availability, and CPU family type. We also introduce a concept model for Web browser tampering, which includes the use of side-channel information rather than legitimate Web messages, and discuss countermeasures against Web browser tampering with side-channel information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://w3techs.com/.

  2. 2.

    http://lcamtuf.coredump.cx/p0f3/.

  3. 3.

    http://nmap.org/.

  4. 4.

    http://gs.statcounter.com/.

  5. 5.

    http://www.cryptopp.com/.

  6. 6.

    https://www.webkit.org/perf/sunspider/sunspider.html.

  7. 7.

    http://krakenbenchmark.mozilla.org/.

  8. 8.

    https://developers.google.com/octane/.

  9. 9.

    http://www.lancers.jp/.

  10. 10.

    https://addons.mozilla.org/ja/firefox/addon/noscript/.

  11. 11.

    http://fingerprint.pet-portal.eu/?menu=6.

  12. 12.

    https://www.dephormation.org.uk/.

  13. 13.

    https://wiki.whatwg.org/wiki/Navigator_HW_Concurrency.

  14. 14.

    https://www.torproject.org/.

References

  1. Anderson, R., Kuhn, M..: Tamper resistance a cautionary note. In: 2nd USENIX Workshop on Electronic Commerce (1996)

    Google Scholar 

  2. Kommerling, O., Kuhn, M.: Design principles for tamper-resistant smartcard processors. In: USENIX Workshop on Smartcard Technology (1999)

    Google Scholar 

  3. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Advances in Cryptology: Proceedings of Eurocrypt 1997, pp. 37–51. Springer (1997)

    Google Scholar 

  4. Eckersley, P.: How unique is your Web browser? In: Proceedings of Privacy Enhancing Technologies Symposium. LNCS, vol. 6205 (2010)

    Google Scholar 

  5. Kocher, P.C.: Timing attacks on implementations of die-hellman, RSA, DSS, and other systems. In: Advances in Cryptology: Proceedings of CRYPTO 1996, pp. 104–113. Springer (1996)

    Google Scholar 

  6. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: USENIX Security Symposium, August 2003

    Google Scholar 

  7. Mowery, K., Bogenreif, D., Yilek, S., Shacham, H.: Fingerprinting information in JavaScript implementations. In: Proceedings of Web 2.0 Workshop on Security and Privacy (W2SP) (2011)

    Google Scholar 

  8. Kocher, P., Jae, J., Jun, B.: Differential power analysis. In: Advances in Cryptology: Proceedings of CRYPTO 1999, pp. 388–397. Springer (1999)

    Google Scholar 

  9. Kohno, T., Broido, A., Claffy, K.: Remote physical device fingerprinting. IEEE Trans. Dependable Secur. Comput. 2(2), 93–108 (2005)

    Article  Google Scholar 

  10. Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: Proceedings of Web 2.0 Security and Privacy (W2SP) (2012)

    Google Scholar 

  11. Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile Device Identification via Sensor Fingerprinting, arXiv:1408.1416 [cs.CR] (2014)

  12. Felten, E., Schneider, M.: Timing attacks on Web privacy. In: Proceedings of 7th ACM Conference on Computer and Communications Security, pp. 25–32 (2000)

    Google Scholar 

  13. Krovetz, T., Dai, W.: How to get fast AES calls?, Crypto++ user group, Retrieved 2010–08-11

    Google Scholar 

  14. Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of Web-based device fingerprinting. In: Proceedings of 34th IEEE Symposium of Security and Privacy (IEEE S&P 2013) (2013)

    Google Scholar 

  15. Nikiforakis, N., Joosen, W., Livshits, B.: PriVaricator: deceiving fingerprinters with little white lies. http://research.microsoft.com/apps/pubs/default.aspx?id=209989

Download references

Author information

Authors and Affiliations

  1. Meiji University, Higashimita 1-1-1, Kawasaki, Japan

    Takamichi Saito, Koki Yasuda, Kazuhisa Tanabe & Kazushi Takahashi

Authors
  1. Takamichi Saito
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Koki Yasuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kazuhisa Tanabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kazushi Takahashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takamichi Saito .

Editor information

Editors and Affiliations

  1. Faculty of Information Engineering, Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Technical University of Catalonia, Barcelona, Spain

    Fatos Xhafa

  3. Open University of Catalonia, Barcelona, Spain

    Jordi Conesa

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Saito, T., Yasuda, K., Tanabe, K., Takahashi, K. (2018). Web Browser Tampering: Inspecting CPU Features from Side-Channel Information. In: Barolli, L., Xhafa, F., Conesa, J. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2017. Lecture Notes on Data Engineering and Communications Technologies, vol 12. Springer, Cham. https://doi.org/10.1007/978-3-319-69811-3_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69811-3_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69810-6

  • Online ISBN: 978-3-319-69811-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation