Browser Fingerprinting

Laperdrix, Pierre; Bielova, Nataliia; Baudry, Benoît; Avoine, Gildas

doi:10.1145/3386040

Cited by 121 publications

(91 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Only in the next study [10], where the research was conducted on a larger number of users, was it shown that fingerprinting can become a unique identifier. Works on browser or device fingerprinting usually contain comprehensive information on specific features comprising the fingerprint [3,10,11,12,14]. The studies also focus on the analysis of stability of particular parameters [3,12], examining different types of browsers [11,12] or applied security features limiting the possibility of obtaining fingerprint features [12].…”

Section: Related Workmentioning

confidence: 99%

“…A browser or device fingerprint is a set of data related to the user device. It contains information about the hardware, operating system and browser, and its configuration [11]. The information is collected only directly from the browser of a user by Javascript and by a web server.…”

Section: Definitionmentioning

confidence: 99%

“…A browser fingerprint is a set of information about a given browser, device, operating system and environmental and location settings of the user [11]. Due to a great variety of this information, fingerprint can be treated as a unique identifier.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Browser Fingerprint Coding Methods Increasing the Effectiveness of User Identification in the Web Traffic

Gabryel

Grzanek

Hayashi

2020

Journal of Artificial Intelligence and Soft Computing Research

View full text Add to dashboard Cite

Web-based browser fingerprint (or device fingerprint) is a tool used to identify and track user activity in web traffic. It is also used to identify computers that are abusing online advertising and also to prevent credit card fraud. A device fingerprint is created by extracting multiple parameter values from a browser API (e.g. operating system type or browser version). The acquired parameter values are then used to create a hash using the hash function. The disadvantage of using this method is too high susceptibility to small, normally occurring changes (e.g. when changing the browser version number or screen resolution). Minor changes in the input values generate a completely different fingerprint hash, making it impossible to find similar ones in the database. On the other hand, omitting these unstable values when creating a hash, significantly limits the ability of the fingerprint to distinguish between devices. This weak point is commonly exploited by fraudsters who knowingly evade this form of protection by deliberately changing the value of device parameters. The paper presents methods that significantly limit this type of activity. New algorithms for coding and comparing fingerprints are presented, in which the values of parameters with low stability and low entropy are especially taken into account. The fingerprint generation methods are based on popular Minhash, the LSH, and autoencoder methods. The effectiveness of coding and comparing each of the presented methods was also examined in comparison with the currently used hash generation method. Authentic data of the devices and browsers of users visiting 186 different websites were collected for the research.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Definitionmentioning

confidence: 99%

See 1 more Smart Citation

Browser Fingerprint Coding Methods Increasing the Effectiveness of User Identification in the Web Traffic

Gabryel

Grzanek

Hayashi

2020

Journal of Artificial Intelligence and Soft Computing Research

View full text Add to dashboard Cite

show abstract

“…Additionally, our scenario can handle situations where, two browser extensions developed by the same person or company but placed for instance at the beginning and at the end of the execution queue will actually access to different information and thus, collaborate to perform attacks like browser hijacking [19,13], or fingerprinting [15,10] attacks.…”

Section: Attacker Modelmentioning

confidence: 99%

After you, please: browser extensions order attacks and countermeasures

Picazo-Sanchez

Tapiador

Schneider

2019

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome's official extension repository has more than 63,000 extensions, with some of them having more than 10M users. When installed, extensions are pushed into an internal queue within the browser. The order in which each extension executes depends on a number of factors, including their relative installation times. In this paper, we demonstrate how this order can be exploited by an unprivileged malicious extension (i.e., one with no more permissions than those already assigned when accessing web content) to get access to any private information that other extensions have previously introduced. Our solution does not require modifying the core browser engine as it is implemented as another browser extension. We prove that our approach effectively protects the user against usual attackers (i.e., any other installed extension) as well as against strong attackers having access to the effects of all installed extensions (i.e., knowing who did what). We also prove soundness and robustness of our approach under reasonable assumptions.

show abstract

“…Device fingerprinting is very popular in internet-connected general purpose computing devices to track user behaviour and application usage. Some of the interesting applications include browser fingerprinting for web analytics, user tracking, fraud detection and accountability [9,23,27] and have gained a significant interests from cyber-security community. While it is clear that device fingerprinting can bring a lot of benefits -especially for providing automated and customisable user experience -there are also concerns that it can pose security and privacy risks [29,39].…”

Section: Introductionmentioning

confidence: 99%

Position paper

Yadav

Feraudo

Arief

et al. 2020

Proceedings of the 2nd International Workshop on Challenges in Artificial Intelligence and Machine Learning for Internet of Thi

View full text Add to dashboard Cite

The popularity of the Internet of Things (IoT) devices makes it increasingly important to be able to fingerprint them, for example in order to detect if there are misbehaving or even malicious IoT devices in one's network. However, there are many challenges faced in the task of fingerprinting IoT devices, mainly due to the huge variety of the devices involved. At the same time, the task can potentially be improved by applying machine learning techniques for better accuracy and efficiency. The aim of this paper is to provide a systematic categorisation of machine learning augmented techniques that can be used for fingerprinting IoT devices. This can serve as a baseline for comparing various IoT fingerprinting mechanisms, so that network administrators can choose one or more mechanisms that are appropriate for monitoring and maintaining their network. We carried out an extensive literature review of existing papers on fingerprinting IoT devices-paying close attention to those with machine learning features. This is followed by an extraction of important and comparable features among the mechanisms outlined in those papers. As a result, we came up with a key set of terminologies that are relevant both in the fingerprinting context and in the IoT domain. This enabled us to construct a framework called IDWork, which can be used for categorising existing IoT fingerprinting mechanisms in a way that will facilitate a coherent and fair comparison of these mechanisms. We found that the majority of the IoT fingerprinting mechanisms take a passive approach-mainly through network sniffing-instead of being intrusive and interactive with the device of interest. Additionally, a significant number of the surveyed mechanisms employ both static and dynamic approaches, in order to benefit from complementary features that can be more robust against certain attacks such as spoofing and replay attacks. CCS CONCEPTS • Security and privacy → Biometrics; • Networks → Layering; • Computer systems organization → Sensor networks; • Computing methodologies → Machine learning approaches; Modeling methodologies; • General and reference → Measurement.

show abstract

Browser Fingerprinting

Cited by 121 publications

References 42 publications

Browser Fingerprint Coding Methods Increasing the Effectiveness of User Identification in the Web Traffic

Browser Fingerprint Coding Methods Increasing the Effectiveness of User Identification in the Web Traffic

After you, please: browser extensions order attacks and countermeasures

Position paper

Contact Info

Product

Resources

About