Towards Mining Latent Client Identifiers from Network Traffic

TitleTowards Mining Latent Client Identifiers from Network Traffic
Publication TypeConference Paper
Year of Publication2016
AuthorsJain, S., Javed M., & Paxson V.
Published inProceedings of Privacy Enhancing Technologies Symposium
Date Published07/2016
PublisherDe Gruyter
Abstract

Websites extensively track users via identifiers that uniquely map to client machines or user accounts. Although such tracking has desirable properties like enabling personalization and website analytics, it also raises serious concerns about online user privacy, and can potentially enable illicit surveillance by adversaries who broadly monitor network traffic.
In this work we seek to understand the possibilities of latent identifiers appearing in user traffic in forms beyond those already well-known and studied, such as browser and Flash cookies. We develop a methodology for processing large network traces to semi-automatically discover identifiers sent by clients that distinguish users/devices/browsers, such as usernames, cookies, custom user agents, and IMEI numbers. We address the challenges of scaling such discovery up to enterprise-sized data by devising multistage filtering and streaming algorithms. The resulting methodology reflects trade-offs between reducing the ultimate analysis burden and the risk of missing potential identifier strings. We analyze 15 days of data from a site with several hundred users and capture dozens of latent identifiers, primarily in HTTP request components, but also in non-HTTP protocols.

URLhttp://www.icir.org/vern/papers/trackers-pets16.pdf
ICSI Research Group

Networking and Security