{"id":14549,"date":"2018-02-25T10:33:26","date_gmt":"2018-02-25T10:33:26","guid":{"rendered":"https:\/\/www.revoscience.com\/en\/?p=14549"},"modified":"2020-05-27T06:08:50","modified_gmt":"2020-05-27T06:08:50","slug":"private-browsing-gets-private","status":"publish","type":"post","link":"https:\/\/www.revoscience.com\/en\/private-browsing-gets-private\/","title":{"rendered":"Private browsing gets more private"},"content":{"rendered":"<p style=\"text-align: justify\"><span style=\"color: #000000\"><strong><em>New system patches security holes left open by web browsers\u2019 private-browsing<\/em><\/strong><\/span><\/p>\n<figure id=\"attachment_14550\" aria-describedby=\"caption-attachment-14550\" style=\"width: 636px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-14550\" src=\"https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg\" alt=\"\" width=\"636\" height=\"428\" title=\"\"><figcaption id=\"caption-attachment-14550\" class=\"wp-caption-text\">Generally, a browser won\u2019t know where the data it downloaded has ended up. Even if it did, it wouldn\u2019t necessarily have authorization from the operating system to delete it.<\/figcaption><\/figure>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">CAMBRIDGE, Mass. &#8212; Today, most web browsers have private-browsing modes, in which they temporarily desist from recording the user\u2019s browsing history.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">But data accessed during private browsing sessions can still end up tucked away in a computer\u2019s memory, where a sufficiently motivated attacker could retrieve it.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">This week, at the Network and Distributed Systems Security Symposium, researchers from MIT\u2019s Computer Science and Artificial Intelligence Laboratory (CSAIL) and Harvard University presented a paper describing a new system, dubbed Veil, that makes private browsing more private.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">Veil would provide added protections to people using shared computers in offices, hotel business centers, or university computing centers, and it can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor, which was designed to protect the identity of web users living under repressive regimes.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">\u201cVeil was motivated by all this research that was done previously in the security community that said, \u2018Private-browsing modes are leaky \u2014 Here are 10 different ways that they leak,\u2019\u201d says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. \u201cWe asked, \u2018What is the fundamental problem?\u2019 And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser\u2019s best effort is, it still collects it. We might as well not collect that information in the first place.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">Wang is joined on the paper by his two thesis advisors: Nickolai Zeldovich, an associate professor of electrical engineering and computer science at MIT, and\u00a0<a style=\"color: #000000\" href=\"http:\/\/mit.pr-optout.com\/Tracking.aspx?Data=HHL%3d8262A7-%3eLCE9%3b4%3b8%3f%26SDG%3c90%3a.&amp;RE=MC&amp;RI=4334046&amp;Preview=False&amp;DistributionActionID=46953&amp;Action=Follow+Link\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https:\/\/www.google.com\/url?hl=en&amp;q=http:\/\/mit.pr-optout.com\/Tracking.aspx?Data%3DHHL%253d8262A7-%253eLCE9%253b4%253b8%253f%2526SDG%253c90%253a.%26RE%3DMC%26RI%3D4334046%26Preview%3DFalse%26DistributionActionID%3D46953%26Action%3DFollow%2BLink&amp;source=gmail&amp;ust=1519627861786000&amp;usg=AFQjCNFAV6oDBtPal3iQ4WUliQW4_fCrAw\">James Mickens<\/a>, an associate professor of computer science at Harvard.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\"><strong>Shell game<\/strong><\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">With existing private-browsing sessions, Wang explains, a browser will retrieve data much as it always does and load it into memory. When the session is over, it attempts to erase whatever it retrieved.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">But in today\u2019s computers, memory management is a complex process, with data continuously moving around between different cores (processing units) and caches (local, high-speed memory banks). When memory banks fill up, the operating system might transfer data to the computer\u2019s hard drive, where it could remain for days, even after it\u2019s no longer being used.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">Generally, a browser won\u2019t know where the data it downloaded has ended up. Even if it did, it wouldn\u2019t necessarily have authorization from the operating system to delete it.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">Veil gets around this problem by ensuring that any data the browser loads into memory remains encrypted until it\u2019s actually displayed on-screen. Rather than typing a URL into the browser\u2019s address bar, the Veil user goes to the Veil website and enters the URL there. A special server \u2014 which the researchers call a blinding server \u2014 transmits a version of the requested page that\u2019s been translated into the Veil format.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">The Veil page looks like an ordinary webpage: Any browser can load it. But embedded in the page is a bit of code \u2014 much like the embedded code that would, say, run a video or display a list of recent headlines in an ordinary page \u2014 that executes a decryption algorithm. The data associated with the page is unintelligible until it passes through that algorithm.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\"><strong>Decoys<\/strong><\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">Once the data is decrypted, it will need to be loaded in memory for as long as it\u2019s displayed on-screen. That type of temporarily stored data is less likely to be traceable after the browser session is over. But to further confound would-be attackers, Veil includes a few other security features.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">One is that the blinding servers randomly add a bunch of meaningless code to every page they serve. That code doesn\u2019t affect the way a page looks to the user, but it drastically changes the appearance of the underlying source file. No two transmissions of a page served by a blinding sever look alike, and an adversary who managed to recover a few stray snippets of decrypted code after a Veil session probably wouldn\u2019t be able to determine what page the user had visited.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">If the combination of run-time decryption and code obfuscation doesn\u2019t give the user an adequate sense of security, Veil offers an even harder-to-hack option. With this option, the blinding server opens the requested page itself and takes a picture of it. Only the picture is sent to the Veil user, so no executable code ever ends up in the user\u2019s computer. If the user clicks on some part of the image, the browser records the location of the click and sends it to the blinding server, which processes it and returns an image of the updated page.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\"><strong>The back end<\/strong><\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">Veil does, of course, require web developers to create Veil versions of their sites. But Wang and his colleagues have designed a compiler that performs this conversion automatically. The prototype of the compiler even uploads the converted site to a blinding server. The developer simply feeds the existing content for his or her site to the compiler.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">A slightly more demanding requirement is the maintenance of the blinding servers. These could be hosted by either a network of private volunteers or a for-profit company. But site managers may wish to host Veil-enabled versions of their sites themselves. For web services that already emphasize the privacy protections they afford their customers, the added protections provided by Veil could offer a competitive advantage.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New system patches security holes left open by web browsers\u2019 private-browsing CAMBRIDGE, Mass. &#8212; Today, most web browsers have private-browsing modes, in which they temporarily desist from recording the user\u2019s browsing history. But data accessed during private browsing sessions can still end up tucked away in a computer\u2019s memory, where a sufficiently motivated attacker could [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":14550,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43,17],"tags":[],"class_list":["post-14549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-science","category-research"],"featured_image_urls":{"full":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0-150x150.jpg",150,150,true],"medium":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"1536x1536":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"2048x2048":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"ultp_layout_landscape_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"ultp_layout_landscape":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"ultp_layout_portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",600,400,false],"ultp_layout_square":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",600,400,false],"newspaper-x-single-post":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"newspaper-x-recent-post-big":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",540,360,false],"newspaper-x-recent-post-list-image":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",95,63,false],"web-stories-poster-portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",639,426,false],"web-stories-publisher-logo":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",96,64,false],"web-stories-thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2018\/02\/MIT-Private-Browsing_0.jpg",150,100,false]},"author_info":{"info":["Amrita Tuladhar"]},"category_info":"<a href=\"https:\/\/www.revoscience.com\/en\/category\/computer-science\/\" rel=\"category tag\">Computer Science<\/a> <a href=\"https:\/\/www.revoscience.com\/en\/category\/news\/research\/\" rel=\"category tag\">Research<\/a>","tag_info":"Research","comment_count":"0","_links":{"self":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/14549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/comments?post=14549"}],"version-history":[{"count":0,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/14549\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media\/14550"}],"wp:attachment":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media?parent=14549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/categories?post=14549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/tags?post=14549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}