Fingerprinting for Web Applications: From Devices to Related Groups

Blakemore, Christine; Redol, João; Correia, Miguel

doi:10.1109/trustcom.2016.0057

Cited by 7 publications

(8 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacker can retrieve the attributes of the fingerprinting probe (assumption 3) by reverse-engineering the probe (e.g., static or dynamic analysis of the probe [6], analysis of the network packets). The attacker knows the domain of the fingerprints, and can infer a fingerprint distribution (assumption 4) from documentation [47], datasets 8 , or statistics 9 available online. He can also leverage phishing attacks [57], a pool of controlled browsers [41], or stolen fingerprints [34].…”

Section: Attack Modelmentioning

confidence: 99%

“…The Attribute Selection Problem consists in finding the attribute set that provides the lowest usability cost and keeps the sensitivity below a threshold α set by the verifier 15 . Let A denote the set of 8 https://www.henning-tillmann.de/en/2014/05/browser-fingerprinting-93-of-alluser-configurations-are-unique 9 http://carat.cs.helsinki.fi/statistics 10 We do not consider the attackers that exactly know the fingerprint of the users they target (or their local configuration) because they are able to bypass trivially any fingerprinting authentication mechanism. 11 These tools are able to control both the fixed and the dynamic attributes.…”

Section: Attribute Selection Problemmentioning

confidence: 99%

“…We compare our method with common attribute selection methods. The entropy-based method [8,23,29,35] consists into picking the attributes of the highest entropy until reaching an arbitrary number of attributes. The method based on the conditional entropy [14] consists into iteratively picking the most entropic attribute according to the attributes that are already chosen, and re-evaluating the conditional entropy of the remaining attributes at each step, until an arbitrary number of attributes is reached.…”

Section: Baselinesmentioning

confidence: 99%

“…Previous works only consider the well-known attributes [13,19,33], remove the attributes of the lowest entropy [59], iteratively pick the attribute of the highest weight (typically the entropy) until a threshold is reached [8,14,23,29,35,56], or evaluate every possible set [16]. The entropy measures the skewness of the distribution of fingerprints or attribute values.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms

Andriamilanto

Allard

Guelvouit³

2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Browser fingerprinting consists into collecting attributes from a web browser. Hundreds of attributes have been discovered through the years. Each one of them provides a way to distinguish browsers, but also comes with a usability cost (e.g., additional collection time). In this work, we propose FPSelect, an attribute selection framework allowing verifiers to tune their browser fingerprinting probes for web authentication. We formalize the problem as searching for the attribute set that satisfies a security requirement and minimizes the usability cost. The security is measured as the proportion of impersonated users given a fingerprinting probe, a user population, and an attacker that knows the exact fingerprint distribution among the user population. The usability is quantified by the collection time of browser fingerprints, their size, and their instability. We compare our framework with common baselines, based on a real-life fingerprint dataset, and find out that in our experimental settings, our framework selects attribute sets of lower usability cost. Compared to the baselines, the attribute sets found by FPSelect generate fingerprints that are up to 97 times smaller, are collected up to 3, 361 times faster, and with up to 7.2 times less changing attributes between two observations, on average.

show abstract

Section: Attack Modelmentioning

confidence: 99%

Section: Attribute Selection Problemmentioning

confidence: 99%

Section: Baselinesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms

Andriamilanto

Allard

Guelvouit³

2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…HyperText Markup Language (HTML) and JavaScript jQuery are adopted to develop the front-end interface and associated functions. Several web applications and platforms [13]- [15] were implemented for fingerprinting information and recognition. In order to interact with the images, it is necessary to have a listener (handler) to catch and process mouse event including mouse move, click down and up.…”

Section: A Front-end Functionsmentioning

confidence: 99%

An Online Integrated Fingerprint Image System

Huang¹,

Liu²,

Chen³

2019

IJMLC

View full text Add to dashboard Cite

Fingerprint analysis is one of the most commonly-used biometrics technologies, primarily used in forensic science to identify people. Due to various reasons, most fingerprint related studies are conducted in an isolated environment which makes it hard for researchers to collaborate across institutes. Web-based client/server applications have become an important component for international collaboration because such an application allows users from different locations to execute the same program on the same data. Such systems can be quickly developed and are easy to use. In this paper, a 3-tier integrated online fingerprint system was developed to manage and process fingerprint images in real-time. This system allows users all over the world to access the public NIST-14 fingerprint dataset and collaborate with other researchers to conduct the research task. The front-end of the system is an advanced web-based interface that allows users to view fingerprint images in different resolution, singular points, enter, and update the location of singular points. This system can also preserve the entered information in the back-end database.

show abstract