Professional Documents
Culture Documents
Our
Agenda
Background
of
geo-loca2ons
in
browsers,
browser
cache,
and
2ming
channels
Geo-inference
aBacks
via
the
browser
cache
Prevalence
of
geo-inference
aBacks
Pros
&
cons
of
poten2al
solu2ons
Demo
Video
for
aBacks
in
TorBrowser
Q
&
A
4!
Geo-locaCon in Browsers
5!
Geo-locaCon in Browsers
6!
Geo-locaCon
in
Browsers:
Benets
&
Threats
Benets
Threats
7!
8!
Browser
Not
reliable
9!
Problem Statement
?
Browser
Can
the
aBacker
infer
the
users
geo-loca2on
from
his
browser?
10!
Network
Module
Parser
Cache
Browser
11!
12!
Browser
stores
site-related
states
Browser!
13!
1st: 1360ms
2nd: 320ms
3rd: 350ms
Save
Time!
Browser Cache!
14!
Browser Cache!
15!
Browser Cache!
16!
Our
A6acks:
Infer
a
Users
Geo-locaCon
without
the
Manual
Input,
Accessing
GPS
Sensors
or
IP
Addresses
17!
18!
aBacker.com
19!
iframe.onload Fires
aBacker.com
20!
onloadend Fires
aBacker.com
21!
22!
23!
google.com.sg/images/srpr/
logo11w.png
24!
Cached!
Browser Cache!
25!
26!
singapore.craigslist.
com.sg
tokyo.craigslist.jp
Cached!
Browser Cache!
27!
Map Tiles
28!
Cached!
Browser Cache!
29!
EvaluaCon
Ques2ons
to
be
answered:
(Prevalence)
How
many
websites
and
browsers
can
be
u2lized
to
conduct
aBacks?
(Reliability)
How
big
is
the
2me
dierence
between
the
loading
2me
of
resources
without
cache
and
that
with
cache?
30!
EvaluaCon
Setup
Websites:
191
Googles
sites,
100
Craigslists
sites,
and
55
top
Alexa
sites.
Maps:
Google
Maps,
and
other
10
map
service
sites.
Browsers:
Five
mainstream
browsers
and
TorBrowser
Loca2ons:
US,
UK,
Australia,
Singapore,
and
Japan.
31!
32!
34!
Desktop Plakorms
Par2al
Mobile Plakorms
35!
36!
Without Cache
600
With Cache
400
200
120ms
1
7
13
19
25
31
37
43
49
55
61
67
73
79
85
91
97
103
109
115
121
127
133
139
145
151
157
163
169
175
181
187
Dierence
in
image
load
/me
(in
millisecond):
Without
Cache
(>
129
ms)
v.s.
With
Cache
(0
1
ms),
for
191
Googles
regional
domains
in
Chrome
on
Mac
OS
X
37!
700ms
500
0
7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97 100
Without Cache
With Cache
The
signicant
dierence
between
the
page
load
2me
(in
millisecond)
of
100
Craigslist
sites
without
cache
(>
1000
ms)
and
with
cache
(
220
ms)
indicates
geo-inference
aBacks
with
Craigslist
38!
Without
Cache
With
Cache
100
50
0
1
127
253
379
505
631
757
883
1009
1135
1261
1387
1513
1639
1765
1891
2017
2143
2269
2395
2521
2647
2773
2899
3025
3151
3277
3403
3529
3655
3781
3907
4033
4159
4285
4411
4537
50ms
Dierence
in
page
load
/me
(in
millisecond):
Without
Cache
(>
50
ms)
v.s.
With
Cache
(0
1
ms),
for
4,646
map
2les
of
New
York
City
from
Google
Maps
in
Chrome
on
Mac
OS
X.
39!
700ms
500
0
1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97 100
Without Cache
With Cache
42!
Browser Cache!
44!
45!
Demo Video
46!
47!
We
experimented
in
200%
Chromium
34
100%
High
performance
overhead
for
Alexa
Top
100
0%
1
3
5
7
9
11
13
15
17
19
21
23
25
27
29
31
33
35
37
39
41
43
45
47
49
51
53
55
57
59
61
63
65
67
69
71
73
75
77
79
81
83
85
87
89
91
93
95
97
websites
Browser Cache!
48!
49!
Take-away
Timing
channels
are
s2ll
open
on
mainstream
browsers.
Knowing
the
power
and
prevalence
of
geo-inference
aBack
(inferring
country,
city,
neighbourhood)
and
be
cau2ous
about
it.
Disable
cache?
No
JavaScript?
Never
give
addi2onal
permissions
to
unfamiliar
sites
or
open
it
for
a
long
2me.
Clear
cache
before
and
aser
visi2ng
a
site
with
your
private
informa2on,
e.g.,
online
banking
site.
50!
Yaoqi
JIA
E-mail:
jiayaoqi@comp.nus.edu.sg
References
D.
Akhawe,
A.
Barth,
P.
E.
Lam,
J.
Mitchell,
and
D.
Song,
Towards
a
formal
founda2on
of
web
security,
in
Computer
Security
Founda/ons
Symposium
(CSF),
2010
23rd
IEEE,
2010.
A.
Bortz
and
D.
Boneh,
Exposing
private
informa2on
by
2ming
web
applica2ons,
in
Proceedings
of
the
16th
interna/onal
conference
on
World
Wide
Web,
2007.
G.
Wondracek,
T.
Holz,
E.
Kirda,
and
C.
Kruegel,
A
prac2cal
aBack
to
de-anonymize
social
network
users,
in
Security
and
Privacy
(SP),
2010
IEEE
Symposium
on,
2010.
Z.
Weinberg,
E.
Y.
Chen,
P.
R.
Jayaraman,
and
C.
Jackson,
I
s2ll
know
what
you
visited
last
summer:
Leaking
browsing
history
via
user
interac2on
and
side
channel
aBacks,
in
Security
and
Privacy
(SP),
2011
IEEE
Symposium
on,
2011.
M.
Jakobsson
and
S.
Stamm,
Invasive
browser
sning
and
countermeasures,
in
Proceedings
of
the
15th
interna/onal
conference
on
World
Wide
Web,
2006.
G.
Aggarwal,
E.
Bursztein,
C.
Jackson,
and
D.
Boneh,
An
analysis
of
private
browsing
modes
in
modern
browsers,
in
Proceedings
of
the
19th
USENIX
Conference
on
Security,
ser.
USENIX
Security10,
2010.