Towards the Design of a Covert Channel by Using Web Tracking Technologies

Browser Fingerprinting is the process in which the device and browser-related properties (or attributes) are collected through the browser for various reasons, especially, for user identification. The user is monitored through the tracking and collection of technical information, also detecting intrinsic properties of the device being analyzed. In particular, the collected results provide, if properly combined, sufficient information to profile and even identify a device. Those attributes include system information, such as screen dimensions, software versions and plugins, user-installed system fonts list, time zone, language and browser configuration. Browser profiling techniques are activities that typically invade user privacy. The objective of this work is to use those technologies underlying profiling systems for a purpose opposite to the one just indicated, i.e., to provide a mechanism for protecting user privacy by creating hidden communication channels. Usually, privacy protection is achieved by using cryptographic techniques. The main limitation of those techniques consists in exposing not the content of the communication but the communication itself. In this paper, the use of Steganography is motivated by this. Considering the wide use of the web technologies, in addition to the increased attention to the privacy of users connected to the Network, the aim is to analyze and design a steganographic system in order to create a covert channel between two communicating peers through the HTTP protocol.