Web Tracking: Attack and Defense
时间：6月29日（周四）上午 10:00am – 11:00am
地点：清华大学 FIT 1-315
Web tracking is a technique to remember and recognize past website visitors. Up to now, web tracking has evolved into three generations that co-exist in today’s web. The first-generation tracking adopts stateful, server-set identifiers like cookies to track web users. After that, browser fingerprinting—defined as the second-generation tracking—emerges, moving from stateful identifiers to stateless. Nowadays people are developing third-generation, cross-device tracking.
In this talk, I will present our group’s research on web tracking and anti-tracking. In the first half of the talk, I will present a novel 2.5-generation tracking, which can track users across different browsers on the same machine. Then, in the second half of the talk, I will discuss an anti-tracking technique, which can defend against timing-based browser fingerprinting as well as other timing attacks.
Yinzhi Cao is an assistant professor in Lehigh University. He earned his PhD in computer science at Northwestern University and worked at Columbia University as a postdoc. Before that, he obtained his B.E. degree in electronics engineering at Tsinghua University in China. His research mainly focuses on the security and privacy of web, smart phones, and machine learning. He has published many papers at various security conferences, such as IEEE S&P (Oakland), NDSS, CCS, ACSAC and DSN. His JShield system has been adopted by Huawei, the world’s largest telecommunication company, and his SafePay system was widely featured by many media outlets, such as CCTV News, NSF science360 News and Yahoo! news. He has also invented machine unlearning, and this piece of work has been reported by the Atlantic Magazine and the Stack. Previously, he also conducted research at SRI International and UC Santa Barbara as a summer intern.