Pierre Laperdrix

3rd year PhD student

Contact Me

About Me

I'm a third year PhD student who works on browser fingerprinting in the DiverSE team at INRIA Rennes.

My main domains of interests are computer security and privacy with a touch of software engineering. Outside of computer science, I love to live thousands of adventures through video games, movies or comics.

Scientific publications

FPRandom: Randomizing core browser objects to break advanced device fingerprinting techniques

Pierre Laperdrix, Benoit Baudry, Vikas Mishra

Proceedings of the 9th International Symposium on Engineering Secure Software and Systems (ESSoS 2017)

PDF

The rich programming interfaces (APIs) provided by web browsers can be diverted to collect a browser fingerprint. A small number of queries on these interfaces are sufficient to build a fingerprint that is statistically unique and very stable over time. Consequently, the fingerprint can be used to track users. Our work aims at mitigating the risk of browser fingerprinting for users privacy by 'breaking' the stability of a fingerprint over time. We add randomness in the computation of selected browser functions, in order to have them deliver slightly different answers for each browsing session. Randomization is possible thanks to the following properties of browsers implementations: (i) some functions have a nondeterministic specification, but a deterministic implementation; (ii) multimedia functions can be slightly altered without deteriorating user's perception. We present FPRandom, a modified version of Firefox that adds randomness to mitigate the most recent fingerprinting algorithms, namely canvas fingerprinting, AudioContext fingerprinting and the unmasking of browsers through the order of JavaScript properties. We evaluate the effectiveness of FPRandom by testing it against known fingerprinting tests. We also conduct a user study and evaluate the performance overhead of randomization to determine the impact on the user experience.

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints

Pierre Laperdrix, Walter Rudametkin, Benoit Baudry

Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P 2016)

PDF Slides Video

Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more interactive web (e.g., boom of JavaScript libraries, weekly innovations in HTML5), a more available web (e.g., explosion of mobile devices), a more secure web (e.g., Flash is disappearing, NPAPI plugins are being deprecated), and a more private web (e.g., increased legislation against cookies, huge success of extensions such as Ghostery and AdBlock). Nevertheless, modern browser technologies, which provide the beauty and power of the web, also provide a darker side, a rich ecosystem of exploitable data that can be used to build unique browser fingerprints. Our work explores the validity of browser fingerprinting in today’s environment. Over the past year, we have collected 118,934 fingerprints composed of 17 attributes gathered thanks to the most recent web technologies. We show that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user’s system. In addition, we show that browser fingerprinting is as effective on mobile devices as it is on desktops and laptops, albeit for radically different reasons due to their more constrained hardware and software environments. We also evaluate how browser fingerprinting could stop being a threat to user privacy if some technological evolutions continue (e.g., disappearance of plugins) or are embraced by browser vendors (e.g., standard HTTP headers).

Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification

Pierre Laperdrix, Walter Rudametkin, Benoit Baudry

Proceedings of the 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2015)

PDF Slides

The diversity of software components (e.g., browsers, plugins, fonts) is a wonderful opportunity for users to customize their platforms. Yet, massive customization creates a privacy issue: browsers are slightly different from one another, allowing third parties to collect unique and stable fingerprints to track users. Although software diversity appears to be the source of this privacy issue, we claim that this same diversity, combined with automatic reconfiguration, provides the essential ingredients to constantly change browsing platforms. Constant change acts as a moving target defense strategy against fingerprint tracking by breaking one essential property: stability over time. We leverage virtualization and modular architectures to automatically assemble and reconfigure software components at multiple levels. We operate on operating systems, browsers, fonts and plugins. This work is the first application of software reconfiguration to build a moving target defense against browser fingerprint tracking. The main objective is to automatically modify the fingerprint a platform exhibits. We have developed a prototype called Blink to experiment the effectiveness of our approach at randomizing fingerprints. We have assembled and reconfigured thousands of platforms, and we observe that all of them exhibit different fingerprints, and that commercial fingerprinting solutions are not able to detect that the different platforms actually correspond to a single user.

Magazine publication

Le fingerprinting : une nouvelle technique de traçage

Pierre Laperdrix, Benoit Baudry

MISC n°81, french security-focused magazine. September/October 2015, pp.52-57

Full article (in French)

Le « browser fingerprinting » désigne l’activité de collecte par un navigateur d’un certain nombre d’informations sur l’appareil d’un internaute pour bâtir une empreinte (fingerprint). De nombreuses études ont montré que cette empreinte est unique dans la très grande majorité des cas et évolue très lentement. Il est ainsi possible de l’utiliser pour tracer les internautes, sans laisser aucune trace sur l’appareil.

Current projects




Past Projects

Blink

Blink
Open Source


Msvip

Multi-Screen Virtual Interactive Presentation (MSVIP) Project

In partnership with Excense, we created a virtual showcase to demonstrate the ability of connected devices to engage audiences in lively and interactive presentation. Built around the Microsoft PixelSense technology, the master of ceremony operates on a touch-enabled table and can control any number of tablets or computers remotely connected to it to provide added value to his or her presentation.

The example built for the device was an interactive presentation of my engineering school, the INSA de Rennes. The app is now used during Open days to give an overview of the school to visitors.

Overview of the MSVIP concept

MSVIP in action 1

MSVIP in action 2

MSVIP in action 3


Msvip

Daedalus Project

We built a maze generator for a Virtual reality game where one player is put against another to get out of a maze. The biggest challenge for this project was to build an easy-to-use software that proposed different generation strategies. A real effort was put into having a nice and comprehensive graphical interface that would give any creator the freedom to create the maze of his or her dream.

Overview of the VR game

Overview of the interface of the generator

From the generator to the VR game

Overview of the generation process