FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms

10/13/2020
by   Nampoina Andriamilanto, et al.
0

Browser fingerprinting consists into collecting attributes from a web browser. Hundreds of attributes have been discovered through the years. Each one of them provides a way to distinguish browsers, but also comes with a usability cost (e.g., additional collection time). In this work, we propose FPSelect, an attribute selection framework allowing verifiers to tune their browser fingerprinting probes for web authentication. We formalize the problem as searching for the attribute set that satisfies a security requirement and minimizes the usability cost. The security is measured as the proportion of impersonated users given a fingerprinting probe, a user population, and an attacker that knows the exact fingerprint distribution among the user population. The usability is quantified by the collection time of browser fingerprints, their size, and their instability. We compare our framework with common baselines, based on a real-life fingerprint dataset, and find out that in our experimental settings, our framework selects attribute sets of lower usability cost. Compared to the baselines, the attribute sets found by FPSelect generate fingerprints that are up to 97 times smaller, are collected up to 3,361 times faster, and with up to 7.2 times less changing attributes between two observations, on average.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
04/19/2021

BrFAST: a Tool to Select Browser Fingerprinting Attributes for Web Authentication According to a Usability-Security Trade-off

In this demonstration, we put ourselves in the place of a website manage...
research
05/19/2020

"Guess Who ?" Large-Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication

Browser fingerprinting consists in collecting attributes from a web brow...
research
06/16/2020

A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication

Modern browsers give access to several attributes that can be collected ...
research
06/07/2023

The Effect of Length on Key Fingerprint Verification Security and Usability

In applications such as end-to-end encrypted instant messaging, secure e...
research
10/29/2021

2D-2FA: A New Dimension in Two-Factor Authentication

We propose a two-factor authentication (2FA) mechanism called 2D-2FA to ...
research
05/18/2020

DALock: Distribution Aware Password Throttling

Large-scale online password guessing attacks are wide-spread and continu...
research
03/10/2020

This PIN Can Be Easily Guessed

In this paper, we provide the first comprehensive study of user-chosen 4...

Please sign up or login with your details

Forgot password? Click here to reset