web tracking continued
play

Web Tracking (Continued) Side Channels Autumn 2018 Tadayoshi - PowerPoint PPT Presentation

Sep 23, 2022 •329 likes •737 views

CSE 484 / CSE M 584: Computer Security and Privacy Web Tracking (Continued) Side Channels Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Web Tracking (Continued) Side Channels Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell, Franziska Roesner, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Admin • Lab 2 out Nov 5, due Nov 20, 4:30pm • Looking ahead: • HW 3 out ~Nov 19, due ~Nov 30 • Lab 3 out ~Nov 26, due Dec 7 (Quiz Section on Nov 29) • No class Nov 12 (holiday) • No class Nov 21; video review assignment instead 11/13/2018 CSE 484 / CSE M 584 2

  3. Admin • Final Project Proposals: Nov 16 – group member names and brief description • Final Project Checkpoint: Nov 30 – preliminary outline and references • Final Project Presentation: Dec 10 – 12-15-minute video – must be on time • Explore something of interest to you, that could hopefully benefit you or your career in some way – technical topics, current events, etc 11/13/2018 CSE 484 / CSE M 584 3

  4. Review: Ads That Follow You Advertisers (and others) track your browsing behaviors for the purposes of targeted ads, website analytics, and personalized content. 11/13/2018 4

  5. Review: Tracking Technologies • HTTP Cookies • Flash cookies • HTTP Auth • Silverlight storage • HTTP Etags • TLS session ID & resume • Content cache • Browsing history • IE userData • window.name • HTML5 protocol and • HTTP STS content handlers • DNS cache • HTML5 storage • “Zombie” cookies that respawn (http://samy.pl/evercookie) 11/13/2018 5

  6. Review: Fingerprinting Web Browsers • User agent • Installed fonts • HTTP ACCEPT headers • Cookies enabled? • Browser plug-ins • Browser add-ons • MIME support • Screen resolution • Clock skew • HTML5 canvas (differences in graphics SW/HW!) 11/13/2018 6

  7. EFF’s Panopticlick • https://panopticlick.eff.org/ 11/13/2018 CSE 484 / CSE M 584 7

  8. History Sniffing How can a webpage figure out which sites you visited previously? • Color of links – CSS :visited property – getComputedStyle() • Cached Web content timing • DNS timing 11/13/2018 8

  9. How Websites Get Your Identity Personal trackers Leakage of identifiers GET http:/​/ ad.doubleclick.net/adj/... Referer : http:/​/ submit.SPORTS.com/...?email=jdoe@email.com Cookie: id=35c192bcfe0000b1... Security bugs Third party buys your identity 11/13/2018 9

  10. Measurement Study (2011) • Questions: – How prevalent is tracking (of different types)? – How much of a user’s browsing history is captured? – How effective are defenses? • Approach: Build tool to automatically crawl web, detect and categorize trackers based on our taxonomy. Longitudinal studies since then: tracking has increased and become more complex. 11/13/2018 10

  11. How prevalent is tracking? 524 unique trackers on Alexa top 500 websites (homepages + 4 links) 457 domains (91%) embed at least one tracker. (97% of those include at least one cross-site tracker.) 50% of domains embed between 4 and 5 trackers. One domain includes 43 trackers. 11/13/2018 11

  12. Who/what are the top trackers? (2011) 11/13/2018 12

  13. How has this changed over time? • The web has existed for a while now … - What about tracking before 2011? (our first study) - What about tracking before 2009? (first academic study) • Solution: time travel! [USENIX Security ’16] 11/13/2018 13

  14. The Wayback Machine to the Rescue Time travel for web tracking: http://trackingexcavator.cs.washington.edu 11/13/2018 14

  15. 1996-2016: More & More Tracking • More trackers of more types 11/13/2018 15

  16. 1996-2016: More & More Tracking • More trackers of more types, more per site 11/13/2018 16

  17. 1996-2016: More & More Tracking • More trackers of more types, more per site, more coverage 11/13/2018 17

  18. ADINT (2017) • Advertising for Intelligence Gathering • Adversary can buy ads and use analytics from those ads to learn information about targets – Some ad networks provide location-based ad services • Purchaser of ads can figure out – What mobile phone applications are in use in individual homes – A target’s movements through the physical world (e.g., stores, doctors offices, etc) 11/13/2018 CSE 484 / CSE M 584 18

  19. Side Channels 11/13/2018 CSE 484 / CSE M 584 19

  20. Side Channel Attacks • Attacks based on information that can be gleaned from the physical implementation of a system, rather than breaking its theoretical properties – Most commonly discussed in the context of cryptosystems – But also prevalent in many contexts 11/13/2018 20

  21. Examples (on Cryptosystems) • Timing attacks • Power analysis • Good overview: http://www.nicolascourtois.com/papers/sc/side ch_attacks.pdf If you do something different for secret key bits 1 vs. 0, attacker can learn something… 11/13/2018 21

  22. Example Timing Attacks • RSA: Leverage key-dependent timings of modular exponentiations – https://www.rambus.com/timing-attacks-on- implementations-of-diffie-hellman-rsa-dss-and- other-systems/ – http://crypto.stanford.edu/~dabo/papers/ssl- timing.pdf • Block Ciphers: Leverage key-dependent cache hits/misses 11/13/2018 CSE 484 / CSE M 584 22

  23. Power Analysis • Simple power analysis: Directly read off bits from powerline traces • Differential power analysis: Look for statistical differences in power traces, based on guesses of a key bit Image from https://en.wikipedia.org/wiki/Power_analysis 11/13/2018 23

  24. Key Extraction via Electric Potential Genkin et al. “Get Your Hands Off My Laptop: Physical Side -Channel Key-Extraction Attacks On PCs” CHES 2014 11/13/2018 24

  25. Accelerometer Eavesdropping Aviv et al. “Practicality of Accelerometer Side Channels on Smartphones” ACSAC 2012 11/13/2018 25

  26. Gyroscope Eavesdropping Michalevsky et al. “ Gyrophone: Recognizing Speech from Gyroscope Signals” USENIX Security 2014 11/13/2018 26

  27. More Gyroscope Chen et al. “ TouchLogger: Inferring Keystrokes On Touch Screen From Smartphone Motion” HotSec 2011 11/13/2018 27

  28. Keyboard Eavesdropping Zhuang et al. “Keyboard Acoustic Emanations Revisited” CCS 2005 Vuagnoux et al. “Compromising Electromagnetic Emanations of Wired and Wireless Keyboards” USENIX Security 2009 11/13/2018 28

  29. [Backes et al.] Compromising Reflections 11/13/2018 29

  30. Audio from Video Davis et al. “The Visual Microphone: Passive Recovery of Sound from Video” SIGGRAPH 2014 11/13/2018 30

  31. Identifying Web Pages: Traffic Analysis Herrmann et al. “Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve- Bayes Classifier” CCSW 2009 11/13/2018 31

  32. Identifying Web Pages: Electrical Outlets Clark et al. “Current Events: Identifying Webpages by Tapping the Electrical Outlet” ESORICS 2013 11/13/2018 32

  33. Powerline Eavesdropping Enev et al.: Televisions, Video Privacy, and Powerline Electromagnetic Interference, CCS 2011 11/13/2018 33

  34. Spectre • Exploit speculative execution and cache timing information to extract private information from the same process – Example: JavaScript from web page trying to extract information from Browser • Architecture Background: – Hardware architecture provides “promises” to software – Those proposes focus on the functional properties of the software, not performance properties – Architectures do a lot to try to increase performance 11/13/2018 34

  35. Material from http://research.cs.wisc.edu/multifacet/papers/hill_mark_wisconsin_meltdown_spectre.pptx Instruction Speculation Tutorial Many steps (cycles) to execute one instruction; time flows left to right → add load Go Faster: Pipelining, branch prediction, & instruction speculation add load Predict direction: target or fall thru branch and Speculate! store Speculate more! Speculation correct: Commit architectural changes of and (register) & store (memory) go fast! Mis-speculate: Abort architectural changes (registers, memory); go in other branch direction

  36. Material from http://research.cs.wisc.edu/multifacet/papers/hill_mark_wisconsin_meltdown_spectre.pptx Hardware Caching Tutorial Main Memory (DRAM) 1000x too slow Add Hardware Cache(s): small, transparent hardware memory ● Like a software cache: speculate near-term reuse (locality) is common ● Like a hash table: an item (block or line) can go in one or few slots E.g., 4-entry cache w/ slot picked with address (key) modulo 4 -- 12 12 12 16 12 ? 07 ? 12 ? 16 ? Note 12 0 0 0 0 0 -- -- -- -- -- 1 1 1 1 1 Miss Miss HIT! Miss victimized -- -- -- -- -- 2 2 2 2 2 Insert 12 Insert 07 Victim 12 No “early” due -- -- 07 07 07 3 3 3 3 3 Insert 16 changes to “alias”

Recommend

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location of one target in video starting from a bounding box in the first frame. When conceived as an instant learning problem, the task is to discriminate

651 views • 39 slides
Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth

Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth

Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth Infra-red point-clouds (structured light) Affordable sensors (Primesense) Large body of work on people-tracking Complex tracking

409 views • 23 slides
Tracking Catalog: Uncovering and analyzing user tracking on the Internet Tomasz Bujlow Valentn

Tracking Catalog: Uncovering and analyzing user tracking on the Internet Tomasz Bujlow Valentn

Introduction Tracking catalog Tracking mechanisms Open questions Tracking Catalog: Uncovering and analyzing user tracking on the Internet Tomasz Bujlow Valentn Carela-Espaol Pere Barlet-Ros Computer Architecture Dept. (DAC) UPC

581 views • 10 slides
Eye Tracking and Topics EMA in Computer Eye tracking definition Science Eye tracker

Eye Tracking and Topics EMA in Computer Eye tracking definition Science Eye tracker

Eye Tracking and Topics EMA in Computer Eye tracking definition Science Eye tracker history Eye tracking theory Computer Literacy 1 Lecture 23 Different kinds of eye trackers 11/11/2008 Electromagnetic Articulography (EMA)

459 views • 6 slides
Tracking - VSO Framework Tracking Status Controlling Actions 100% Configuring Actions Device

Tracking - VSO Framework Tracking Status Controlling Actions 100% Configuring Actions Device

Tracking - VSO Framework Tracking Status Controlling Actions 100% Configuring Actions Device List 0% Device handling View drawing 100% Federico Tessmann Test-Tracking - Orchestra VSO- VSOUI Tracking VSO- Orchestra VSOAudio

76 views • 7 slides
Video Object Tracking Real-time tracking of objects in video is an important problem in various

Video Object Tracking Real-time tracking of objects in video is an important problem in various

Tracking Objects Better, Faster, Longer Assoc. Prof. Dr. Alptekin Temizel atemizel@metu.edu.tr Graduate School of Informatics, METU 18 March 2015 GPU Technology Conference Video Object Tracking Real-time tracking of objects in video is an

472 views • 19 slides
Detection vs. tracking Lecture 21: Motion and tracking Thursday, Nov 29 Prof. Kristen

Detection vs. tracking Lecture 21: Motion and tracking Thursday, Nov 29 Prof. Kristen

11/30/2007 Detection vs. tracking Lecture 21: Motion and tracking Thursday, Nov 29 Prof. Kristen Grauman Tracking with dynamics : We use image measurements to estimate position of object, but also incorporate position predicted by

486 views • 12 slides
People-Tracking-by-Detection and People-Detection-by-Tracking Mykhaylo Andriluka Stefan Roth

People-Tracking-by-Detection and People-Detection-by-Tracking Mykhaylo Andriluka Stefan Roth

People-Tracking-by-Detection and People-Detection-by-Tracking Mykhaylo Andriluka Stefan Roth Bernt Schiele Department of Computer Science TU Darmstadt People-Tracking-by-Detection and People-Detection-by-Tracking - CVPR 2008 Motivation

899 views • 89 slides
Overview Introduction Object Tracking Vehicle Tracking Theory & Implementation

Overview Introduction Object Tracking Vehicle Tracking Theory & Implementation

Overview Introduction Object Tracking Vehicle Tracking Theory & Implementation Segmentation Tracking Results Q & A Introduction Object Tracking Object Tracking Object representation Feature

500 views • 28 slides
Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Computer Vision Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D. Wagner, V Lepetit, M. Breitenstein, P. Sabzmeydani, Z. Kalal from whom I borrowed many slides and videos. We all know what

1.62k views • 138 slides
Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D.

Computer Vision Tracking Tracking Many thanks to: H. Bischof, B. Leibe, V. Ferrari, K. Graumann, Y. Ukrainitz, D. Wagner, V Lepetit, M. Breitenstein, P. Sabzmeydani, Z. Kalal from whom I borrowed many slides and videos. We all know what

1.5k views • 137 slides
RFID KEG TRACKING SOLUTION Proteus Tracking is a class leading innovative Internet of Things

RFID KEG TRACKING SOLUTION Proteus Tracking is a class leading innovative Internet of Things

RFID KEG TRACKING SOLUTION Proteus Tracking is a class leading innovative Internet of Things company. Proteus Tracking prides itself in identifying the clients problem areas and delivering breakthrough industry technology solutions in both

150 views • 4 slides
Eye-tracking for capturing human visual attention Eye-tracking for capturing human visual

Eye-tracking for capturing human visual attention Eye-tracking for capturing human visual

BubbleView : an interface for crowdsourcing image importance maps and tracking visual attention Nam Wook Zoya Michelle Krzysztof Aude Fredo Hanspeter Kim* Bylinskii* Borkin Gajos Oliva Durand Pfister Eye-tracking for capturing human

830 views • 69 slides
Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &

Inter Internet monitoring net monitoring and web tracking and web tracking Engineering &

CyLab Inter Internet monitoring net monitoring and web tracking and web tracking Engineering & Public Policy Lorrie Faith Cranor September 30, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533

440 views • 42 slides
Overview Introduction Cooperative Object Tracking Calibration with Tracking

Overview Introduction Cooperative Object Tracking Calibration with Tracking

Overview Introduction Cooperative Object Tracking Calibration with Tracking Multiple PTZ Cameras Segmentation Target handover Ivo Everts Conclusion PhD student at UvA Kingston University London University of

173 views • 14 slides
Tracking, De-Tracking, and Student Achievement: Is There A Better Way? Adam Gamoran William T.

Tracking, De-Tracking, and Student Achievement: Is There A Better Way? Adam Gamoran William T.

Tracking, De-Tracking, and Student Achievement: Is There A Better Way? Adam Gamoran William T. Grant Foundation Why Do Schools Assign Students to Classes by Ability? Seems logical and efficient Students differ in their performance

1.09k views • 50 slides
INR Self Tracking Rob Rothfarb 1 Patient <==> Tracker Proactive patient, tracking

INR Self Tracking Rob Rothfarb 1 Patient <==> Tracker Proactive patient, tracking

INR Self Tracking Rob Rothfarb 1 Patient <==> Tracker Proactive patient, tracking several vital signs, blood values, diet, weight, sleep, and activity. Medical devices getting more miniaturized, new devices being created that allow

396 views • 20 slides
Multi-Object Tracking Challenge CV3DST Lecture Exercises Multi-Object Tracking Multi-Object

Multi-Object Tracking Challenge CV3DST Lecture Exercises Multi-Object Tracking Multi-Object

Multi-Object Tracking Challenge CV3DST Lecture Exercises Multi-Object Tracking Multi-Object Tracking Origins SONAR, RADAR Given a raw stream of sensory data: Localize objects Estimate object identities over time

340 views • 16 slides
Smart Vis isitor Tracking System VISITOR Visitor Tracking Features: Quick and seamless visitor

Smart Vis isitor Tracking System VISITOR Visitor Tracking Features: Quick and seamless visitor

Smart Vis isitor Tracking System VISITOR Visitor Tracking Features: Quick and seamless visitor entrance & exit. Real-time indoor & outdoor tracking of visitors. SMS, screen pop up & email alerts. Alerts if a visitor strays from

382 views • 12 slides
From Tracking Pixels to Tracking Predicates Leonidas J. Guibas Xerox PARC and Stanford

From Tracking Pixels to Tracking Predicates Leonidas J. Guibas Xerox PARC and Stanford

From Tracking Pixels to Tracking Predicates Leonidas J. Guibas Xerox PARC and Stanford University Sensing for Reasoning and Acting A system of collaborating sensors should provide data that can: Lead to high-level Clustering of enemy

276 views • 16 slides
STT TRACKING & PID STATUS 6 JUNE 2018 | PETER WINTZ OUTLINE System Overview Tracking

STT TRACKING & PID STATUS 6 JUNE 2018 | PETER WINTZ OUTLINE System Overview Tracking

STT TRACKING & PID STATUS 6 JUNE 2018 | PETER WINTZ OUTLINE System Overview Tracking & PID Methods & Results (Data) 6 June 18 Peter Wintz - STT Tracking & PID - CM 18/2 p. 2 CENTRAL STRAW TUBE TRACKER 4224 straws

492 views • 15 slides
Computer Vision Aided Structural Identification: Feature Tracking Using Particle Tracking

Computer Vision Aided Structural Identification: Feature Tracking Using Particle Tracking

Computer Vision Aided Structural Identification: Feature Tracking Using Particle Tracking Velocimetry versus Optical Flow Yunus Emre Harmanci 1 , Zhilu Lai 1 , Utku Glan 2 , Markus Holzner 2 and Eleni Chatzi 1 1 Institute of Structural

469 views • 12 slides
Spatiotemporal Cell Population Tracking & Cell Population Tracking and Lineage Construction

Spatiotemporal Cell Population Tracking & Cell Population Tracking and Lineage Construction

Spatiotemporal Cell Population Tracking & Cell Population Tracking and Lineage Construction Lineage Construction Kang Li , Takeo Kanade Carnegie Mellon University Mei Chen Intel Research Pittsburgh Cell Population Tracking Cell Population

357 views • 25 slides
Tracking resolution 9th December 2016 1 Material for tracking seminar intrinsic pt resolution

Tracking resolution 9th December 2016 1 Material for tracking seminar intrinsic pt resolution

Tracking resolution 9th December 2016 1 Material for tracking seminar intrinsic pt resolution for equidistant measurement resolution in case of correlated errors N ef vs Np e.g Space charge distortion, Time response function requirement

88 views • 8 slides

More recommend