Type de contrat : CDD de la fonction publique
Niveau de diplôme exigé : Bac + 5 ou équivalent
Fonction : Doctorant
A propos du centre ou de la direction fonctionnelle
About the research center or the Inria department :
The Inria Lille - Nord Europe Research Centre was founded in 2008 and employs a staff of 360, including 300 scientists working in sixteen research teams. Recognised for its outstanding contribution the socio-economic development of the Nord - Pas-de-Calais Region, the Inria Lille - Nord Europe Research Centre undertakes research in the field of computer science in collaboration with a range of academic, institutional and industrial partners.
The strategy of the Centre is to develop an internationally renowned centre of excellence with a significant impact on the City of Lille and its surrounding area. It works to achieve this by pursuing a range of ambitious research projects in such fields of computer science as the intelligence of data and adaptive software systems. Building on the synergies between research and industry, Inria is a major contributor to skills and technology transfer in the field of computer science.
Contexte et atouts du poste
Job environnements :
Browser fingerprinting techniques evolve with the addition and deprecation of APIs, web standards and new technologies. To protect users from long term tracking, we need countermeasures that can easily be maintained to adapt to new fingerprinting vectors. To address as many users as possible, not only effectiveness but also usability should be an important objective.
Positioned in the context of online privacy and web tracking, this Ph.D. topic will focus on developing effective browser fingerprinting countermeasures. The PhD will benefit from our fingerprint research infrastructure, and associated datasets we collected through the AmIUnique.org website and browser extensions for over 3 years. These datasets will leverage the study of browser fingerprint diversity and the way fingerprints evolve over long periods of time.
This Ph.D. will address the design and experimentation of collaborative strategies to protect users from browser fingerprinting. The Ph.D. student will therefore explore algorithmic and mathematical approaches to enhance users’ privacy, and is expected to empirically assess theoretical results with proof-of-concept tools. We are particularly interested in the use of advanced classification algorithms that will allow creating tight-knit groups of users that share the same fingerprint or similar fingerprints, as well as recommender systems to suggest configuration changes that improve privacy by decreasing fingerprint uniqueness. The goal of this Ph.D. project is to reduce the capacity of nowadays and upcoming browser fingerprinting techniques to uniquely identify browsers.
The objectif of this Ph.D is to define and implement new strategies to protect against browser fingerprinting, in particular by reducing fingerprint uniqueness, while ensuring that the proposed solutions are acceptable by non-technical users.
In order to do so, we propose to apply the following methodology:
Evaluate and classify the state of the art of browser fingerprinting techniques, including academic and those found in-the-wild (e.g., by reverse engineering commercial fingerprinting scripts and inferring their tracking strategies) ;
Evaluate the impact of current browser fingerprinting countermeasures. One of the ways to detect the presence of fingerprinting countermeasures is to look at inconsistencies they introduce in the fingerprint. Indeed, when these countermeasures alter attributes to spoof the browser’s identity, they may introduce impossible combination of attributes ;
Model the distance between fingerprinted attribute values and between browser fingerprints.
Build a countermeasure that generates consistent fingerprints, and takes into account the strategies used by fingerprinters. One possible strategy to investigate would be to find users with similar fingerprints, and to apply minimal changes so that altered browser fingerprints look the same to fingerprinters.
Analyze the usability and the impact of the proposed countermeasure.
This Ph.D. builds upon our previous work, Blink [Laperdrix15] , a countermeasure that relies on virtualization (virtual machines or containers) and random reconfiguration to break fingerprint linkability. Although effective against tracking, Blink’s has overhead has shown to be a deterrent to its use and a new approach is needed. This Ph.D. also benefits from our studies regarding fingerprint statistical analyses [Laperdrix16], as well as advanced machine learning techniques to track browsers over long periods of time [Vastel18].
|[Acar13]||G. Acar, M. Juarez, N. Nikiforakis, C. Diaz, S. Gurses, F. Piessens, and B. Preneel, “ FPDetective: Dusting the web for fingerprinters, ” in Proc. of the ACM SIGSAC Conf. on Computer and Communications Security (CCS’13).|
|[Bursztein16]||E. Bursztein, A. Malyshev, T. Pietraszek and K. Thomas, “ Picasso: Lightweight Device Class Fingerprinting for Web Clients” , Proc. of the Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM’16).|
|[Eckersley10]||P. Eckersley. “ How unique is your web browser? ”, Proc. of the International Conference on Privacy Enhancing Technologies (PETS’10).|
|[Englehardt16]||S. Englehardt and A. Narayanan, “ Online tracking: A 1-million-site measurement and analysis ,” Proc. of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16).|
|[Laperdrix15]||P. Laperdrix, W. Rudametkin and B. Baudry. “ Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification ”, Proc. of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’15).|
|[Laperdrix16]||P. Laperdrix, W. Rudametkin, and B. Baudry. “ Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints ”, Proc. of the IEEE Symposium on Security and Privacy (S&P’16).|
|[Vastel18]||A. Vastel, P. Laperdrix, W. Rudametkin, and R. Rouvoy. “ FP-STALKER: Tracking Browser Fingerprint Evolutions” , Proc of the IEEE Symposium on Security and Privacy (S&P’18).|
|[Mowery12]||K. Mowery and H. Shacham, “ Pixel perfect: Fingerprinting canvas in html5 ”, 2012.|
|[Nikiforakis13]||N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. “ Cookieless monster: Exploring the ecosystem of web-based device fingerprinting ”, Proc. of the IEEE Symposium on Security and Privacy (S&P’13).|
|[Alaca13]||F. Alaca and P.C. Van Oorschot, “ Device fingerprinting for augmenting web authentication: Classification and analysis of methods ”, Proc. of the Annual Conference on Computer Security Applications (ACSAC’16).|
|[Laperdrix17]||P. Laperdrix., B. Baudry and V. Mishra, “ FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques ”, Proc. of the International Symposium on Engineering Secure Software and Systems (ESSoS’17).|
|[Preuveneers15]||D. Preuveneers and W. Joosen, “ Smartauth, Dynamic context fingerprinting for continuous user authentication ”, Proc. of the Annual ACM Symposium on Applied Computing (SAC’15).|
|[Vasilyev15]||V. Vasilyev. “ fingerprintjs2: Modern & flexible browser fingerprinting library ”, Aug. 2017. original-date: 2015-02-11T08:49:54Z.|
|[Iovation]||iovation, “ Multifactor Authentication and Online Fraud Prevention Solutions ”.|
As is a common practice in the Spirals research team, all source code is expected to be open sourced. The student should publish high-level academic papers, as well as participate in related open source communities. This should assist in the technological transfer from academic prototypes to industry-ready tools.
The gross monthly salary is 1982€ for the 1st and 2nd year and 2085€ for the 3rd year.
- Thème/Domaine :
Systèmes distribués et intergiciels
Développement web (BAP E)
- Ville : Villeneuve d'Ascq
- Centre Inria : CRI Lille - Nord Europe
- Date de prise de fonction souhaitée : 01-10-2018
- Durée de contrat : 3 ans
- Date limite pour postuler : 02-05-2018
A propos d'Inria
Inria, institut de recherche dédié au numérique, promeut « l'excellence scientifique au service du transfert technologique et de la société ». Inria emploie 2700 collaborateurs issus des meilleures universités mondiales, qui relèvent les défis des sciences informatiques et mathématiques. Son modèle ouvert et agile lui permet d’explorer des voies originales avec ses partenaires industriels et académiques. Inria répond ainsi efficacement aux enjeux pluridisciplinaires et applicatifs de la transition numérique. Inria est à l'origine de nombreuses innovations créatrices de valeur et d'emplois.
Conditions pour postuler
Instructions to apply:
Candidates will be treated firstly with a complete file : CV + letter of motivation + one or more letters of recommendation + transcripts from previous years.
Sécurité défense :
Ce poste est susceptible d’être affecté dans une zone à régime restrictif (ZRR), telle que définie dans le décret n°2011-1425 relatif à la protection du potentiel scientifique et technique de la nation (PPST). L’autorisation d’accès à une zone est délivrée par le chef d’établissement, après avis ministériel favorable, tel que défini dans l’arrêté du 03 juillet 2012, relatif à la PPST. Un avis ministériel défavorable pour un poste affecté dans une ZRR aurait pour conséquence l’annulation du recrutement.
Politique de recrutement :
Dans le cadre de sa politique diversité, tous les postes Inria sont accessibles aux personnes en situation de handicap.
Attention: Les candidatures doivent être déposées en ligne sur le site Inria. Le traitement des candidatures adressées par d'autres canaux n'est pas garanti.