Shades of Internetweb security and privacy analyses, and offensive techniques

Zusammenfassung

Since in the origins of the Internet in 1969 (known as ARPANET back then), and the creation of the World Wide Web (WWW) in 1990, much has changed. At the beginning, there were not many security and privacy attacks performed, but nowadays, millions of web attacks are happening all the time. Even if many attacks and vulnerabilities have already been identified, there are many waiting to be discovered or created. In this thesis, we followed a two path approach, one focusing on the analysis of problems and vulnerabilities, and another based on finding new methods to attack the security and privacy of web users. The first will allow us to understand how widespread are the problems and their possible consequences. The second will allow us to anticipate to possible future malicious attacks. In the analysis path, we started analyzing the tracking ecosystem on the surface web. As we found that most websites per- formed some type of tracking, we took a step further analyzing the deep web. After, we analyzed how the most common user/website interaction (a click) could create many security and privacy problems for the user. To finish this path, we checked how the biggest online privacy related regulation has affected the global web tracking ecosystem. Regarding the offensive attacks path, we discovered three completely new techniques that could vulnerate the security and privacy of a web user. The first one allows to detect the differ- ent extensions installed in the browser, bypassing the specified browser extension resources control policies. The seconds al- lows to fingerprint a computer based on the detection of small imperfections on the clocks of the computer. The last one allows to detect previous accesses to third-party websites simply using some lines of JavaScript.