CSE assistant professor Yinzhi Cao and his group have developed a new way to track web users across browsers.
For good or ill, what users do on the web is tracked. Banks track users as an authentication technique, to offer their customers enhanced security protection. Retailers track customers and potential customers in order to deliver personalized service tailored to their tastes and needs.
The method commonly used for tracking is called web fingerprinting. Web fingerprinting is a way of collecting information that can be used to fully or partially identify a given user, even when cookies are disabled.
Such techniques have been evolving quickly. Yet, the most advanced and commonly used methods track users in a single browser only.
Now a team of researchers led by Yinzhi Cao, assistant professor computer science and engineering — and including graduate student Song Li of Lehigh and Erik Wijmans of Washington University in St. Louis — has developed the first cross-browser fingerprinting technique to use machine-level features to identify users.
The researchers describe the technique in a paper titled “(Cross-) Browser Fingerprinting via OS and Hardware Level Features.” Cao and his colleagues presented their findings at the Internet Society’s Network and Distributed System Security (NDSS) Symposium this year in San Diego, California.
“The only other cross-browser fingerprinting work uses the IP [Internet Protocol] address as the main feature by which to identify users,” says Cao. “This method has been criticized as too unstable as people use the internet at home, work and on different devices. Using an IP address is too dynamic and unreliable.”
Read the full story at the Lehigh University News Center.
-Lori Friedman is Director of Media Relations in the Office of Communications and Public Affairs at Lehigh University.