Privacy Threat Analysis And Defense Research Of User Browsing History In Browsers

The browser is an important window for people to understand the external information world,and the privacy threat in it has become more and more prominent in recent years.In view of the emerging Internet privacy threats,existing research usually focuses on third-party tracking and threats such as web tracking and phishing,ignoring the question of whether the browser itself is a trustworthy platform.Since the user’s browsing history contain a lot of information related to the user’s characteristics,once it is leaked,it will pose a serious threat to the user’s privacy.Therefore,it is very important to protect the privacy and security of users to study the leakage of browsing history in the process of users using browsers.This thesis designs and analyzes the most common scenarios in the process of browsing web pages and using safe browsing services,which are the two most common scenarios for users to use browsers.It confirms that the existing browsers have the problem of leaking user browsing history in these two aspects.Taking this as a guide,this thesis designs two privacypreserving improvement schemes.The main research contents are as follows.(1)By obtaining the data transmitted by the browser to the back-end server at different stages of the user’s web browsing,proves that most browsers share the user’s browsing history with the backend server.By analyzing the privacy threat of the hash prefix transmitted by the Google Update API,proves that the transmission of the hash prefix cannot guarantee that the user’s browsing records are not leaked.(2)Aiming at the leakage of browsing history when users browse web pages,this thesis proposes an anonymization scheme for user browsing history.First,by quantifying the uncertainty of user privacy distribution and the loss of usability,makes it clear how to achieve a balance between privacy and usability and use the Kendall coefficient to measure the loss of usability,so that the measurement of usability loss is more in line with the existing recommendation ranking system,then guides the addition of noise webpage links through the selection of web topics.Finally,through experiments,this thesis shows that the algorithm proposed can better preserve the availability of browsing history,and at the same time has a better defense effect against new deanonymization attacks.(3)Aiming at the leakage of browsing history when users use the safe browsing service,this thesis proposes a safe browsing service based on the idea of security proxy.First,it assists the transmission of URLs during safe browsing by setting up a security proxy between the URL blacklist provider and the user.Next,EC-OPRF(Elliptic Curve Oblivious Pseudorandom Function)is used to provide protection for each step involved in URL transmission,and a pre-encrypted blacklist method is proposed,so that EC-OPRF can be applied to tripartite operations,also the improved method of pre-selecting base points is used to reduce Computation time of EC-OPRF.Finally,this thesis shows that the proposed improved EC-OPRF can effectively reduce the computing time and improve the detection efficiency of malicious URLs through experiments.