39th IEEE Symposium on Security and Privacy
The 39th IEEE Security & Privacy International Symposium will be held in San Francisco from May 21‑23, 2018. A scientific article co-written by three members of the Spirals project team was accepted and will be presented by Antoine Vastel, PhD student and co-author of the paper.
An article from Spirals to be presented at the prestigious SP Symposium
Antoine Vastel, PhD student in the Spirals project team at Inria Lille - Nord Europe Research Center, will present his scientific article “FP-STALKER: Tracking Browser Fingerprint Evolutions” on fingerprinting at the prestigious IEEE Security & Privacy Symposium in San Francisco in May 2018.
The article “FP-STALKER: Tracking Browser Fingerprint Evolutions” was co-authored by Antoine Vastel (University of Lille, Inria), Pierre Laperdrix (Stony Brook University, formerly in Diverse project team, Inria Rennes Research Center), Walter Rudametkin (University of Lille, Inria) and Romain Rouvoy (University of Lille, Inria, Institut Universitaire de France).
Browser fingerprinting has emerged as a solution for tracking users without their consent. Unlike traditional techniques such as cookies, browser fingerprinting does not store any information on the devices to be tracked, but instead exploits unique combinations of attributes provided freely by browsers. It is this combination of attributes that, because of its uniqueness close to that of digital fingerprints, is called a browser fingerprint. Because of their uniqueness, fingerprints can be used for identification and tracking purposes. However, browser fingerprints change over time, and the effectiveness of fingerprinting for tracking users over longer durations has not yet been properly evaluated.
In this paper, we show that browser fingerprints tend to change frequently – from every few hours to every few days – due to software updates or configuration changes. Yet, despite these frequent changes, we show that browser fingerprints can still be linked, thus enabling long-term tracking.
FP-STALKER is our approach to linking browser fingerprint evolutions.
It compares browser fingerprints to determine whether they originate from the same browser. We have created two variants of FP-STALKER, a rule-based variant that is faster, and a second hybrid variant that exploits machine learning to boost accuracy. To evaluate our approach, we conducted an empirical study using 98,598 fingerprints collected from 1,905 distinct browser instances. The result shows that, on average, using our hybrid algorithm, we can track browsers for 54.48 days, and 26% of browsers can be tracked for more than 100 days.
IEEE is the world's largest professional organization whose core purpose is to foster technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community to innovate for a better tomorrow through their highly cited publications, conferences and technology standards, as well as their professional and educational activities. IEEE is the trusted “voice” for engineering, computing and technology information around the globe.