Security considerations around the usage of client-side storage APIs.

Belloro, S. and Mylonas, A., 2018. Security considerations around the usage of client-side storage APIs. Technical Report. Poole, England: Bournemouth University.

Full text available as:

[img]
Preview
PDF
BUCSR-2018-01 Client side security considerations.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

2MB

Abstract

Web Storage, Indexed Database API and Web SQL Database are primitives that allow web browsers to store information in the client in a much more advanced way compared to other techniques such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites. This work is divided in two parts. First, it quantifies the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The results highlight that code snippets belonging to those primitives can be found in tracking scripts at a surprising high rate, suggesting that user tracking is a major use case of these technologies. The second part reviews of the effectiveness of the removal of client-side storage data in modern browsers. A web application, built for specifically for this study, is used to highlight that it is often extremely hard, if not impossible, for users to remove personal data stored using the three primitives considered. This finding has significant implications, because those techniques are often uses as vector for cookie resurrection.

Item Type:Monograph (Technical Report)
Group:Faculty of Science & Technology
ID Code:30202
Deposited By: Unnamed user with email symplectic@symplectic
Deposited On:15 Jan 2018 14:43
Last Modified:15 Jan 2018 14:43

Downloads

Downloads per month over past year

More statistics for this item...
Repository Staff Only -