Fingerprinting users with cached intermediate certificates

[Kyle Hamilton]

Hi, this is not mine, but I just ran across it on Reddit and as it's
novel on this group I think it's appropriate to discuss?

https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/

-Kyle H

[Martin Thomson]

On Wed, Feb 22, 2017 at 4:12 PM, Kyle Hamilton <kya...@kyanha.net> wrote:
> https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/

HSTS can be used to do the same without relying on being able to
identify a large set of intermediates that the user hasn't already
seen. Also, Firefox isn't alone in caching intermediates. I think
that you will find that other browsers all do the same thing.

[Gervase Markham]

On 21/02/17 21:12, Kyle Hamilton wrote:
> https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/

This is https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 .

Gerv

[Daniel Veditz]

On Tue, Feb 21, 2017 at 9:33 PM, Martin Thomson <m...@mozilla.com> wrote:

> Also, Firefox isn't alone in caching intermediates. I think
> that you will find that other browsers all do the same thing.
>

​The difference isn't that Firefox caches intermediates, it's that it
doesn't fetch non-cached ones​. This paper describes taking advantage of
this fact to determine which intermediates have been cached in Firefox. You
might be able to use timing attacks to determine whether particular
intermediates have been cached in other browsers, but you'd only get one
sample per intermediate because it would be a destructive test. And then it
would be useless as an identifier to track the same person on a future
visit.

It's an interesting bit of information leakage. Less useful as a
"super-cookie" than HSTS, but probably equally bad news to Tor Browser
users.

-Dan Veditz

[Martin Thomson]

On Sat, Feb 25, 2017 at 6:45 AM, Daniel Veditz <dve...@mozilla.com> wrote:
> The difference isn't that Firefox caches intermediates, it's that it doesn't
> fetch non-cached ones.

As the bug that Gerv cited shows, the act of fetching also leaks the
same information. But there are plans to segment the intermediates
cache to avoid cross domain tracking, which should help. Tor disables
the intermediates cache so doesn't suffer the fingerprinting risk
(only the risk that the site can't be reached).

[tri...@mozilla.com]

On Friday, February 24, 2017 at 5:44:12 PM UTC-6, Martin Thomson wrote:
> On Sat, Feb 25, 2017 at 6:45 AM, Daniel Veditz <dve...@mozilla.com> wrote:
> > The difference isn't that Firefox caches intermediates, it's that it doesn't
> > fetch non-cached ones.
>
> As the bug that Gerv cited shows, the act of fetching also leaks the
> same information.

I'm confused - I don't believe that's the case. To Dan's point: the test isn't destructive - because we don't fetch missing. Running the test a second time doesn't show you that you're caching all of them. So while it's not perfectly reliable (since you can always start caching something new) the act of observing does not affect the observation.

> But there are plans to segment the intermediates
> cache to avoid cross domain tracking, which should help. Tor disables
> the intermediates cache so doesn't suffer the fingerprinting risk
> (only the risk that the site can't be reached).

Tor keeps it memory-only and clears it on New Identity but doesn't disable it at this time: https://trac.torproject.org/projects/tor/ticket/21559