[go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

“Guess Who?” Large-Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication

  • Conference paper
  • First Online:
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1195))

Abstract

Browser fingerprinting consists in collecting attributes from a web browser to build a browser fingerprint. In this work, we assess the adequacy of browser fingerprints as an authentication factor, on a dataset of 4, 145, 408 fingerprints composed of 216 attributes. It was collected throughout 6 months from a population of general browsers. We identify, formalize, and assess the properties for browser fingerprints to be usable and practical as an authentication factor. We notably evaluate their distinctiveness, their stability through time, their collection time, and their size in memory. We show that considering a large surface of 216 fingerprinting attributes leads to an unicity rate of 81% on a population of 1, 989, 365 browsers. Moreover, browser fingerprints are known to evolve, but we observe that between consecutive fingerprints, more than 90% of the attributes remain unchanged after nearly 6 months. Fingerprints are also affordable. On average, they weigh a dozen of kilobytes, and are collected in a few seconds. We conclude that browser fingerprints are a promising additional web authentication factor.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.netiq.com/documentation/access-manager-44/admin/data/how-df-works.html.

  2. 2.

    https://docs.secureauth.com/pages/viewpage.action?pageId=33063454.

  3. 3.

    Here, usable refers to the adequacy of the characteristic to be used for authentication, rather than the ease of use by the users.

  4. 4.

    https://support.google.com/accounts/answer/1144110.

  5. 5.

    https://www.alexa.com/topsites/countries/FR.

  6. 6.

    https://httparchive.org/reports/loading-speed#ol.

References

  1. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: S&P (2012)

    Google Scholar 

  2. Bonneau, J., Herley, C., van Oorschot, P.C., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58, 78–87 (2015)

    Article  Google Scholar 

  3. Eckersley, P.: How unique is your web browser? In: PETS (2010)

    Google Scholar 

  4. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: CCS (2016)

    Google Scholar 

  5. Gómez-Boix, A., Laperdrix, P., Baudry, B.: Hiding in the crowd: an analysis of the effectiveness of browser fingerprinting at large scale. In: TheWebConf (2018)

    Google Scholar 

  6. Laperdrix, P., Avoine, G., Baudry, B., Nikiforakis, N.: Morellian analysis for browsers: making web authentication stronger with canvas fingerprinting. In: DIMVA (2019)

    Google Scholar 

  7. Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: S&P (2016)

    Google Scholar 

  8. Maltoni, D., Maio, D., Jain, A.K., Prabhakar, S.: Handbook of Fingerprint Recognition, pp. 8–11. Springer, London (2003)

    MATH  Google Scholar 

  9. Mowery, K., Shacham, H.: Pixel perfect: fingerprinting canvas in HTML5. In: W2SP (2012)

    Google Scholar 

  10. Preuveneers, D., Joosen, W.: SmartAuth: dynamic context fingerprinting for continuous user authentication. In: SAC (2015)

    Google Scholar 

  11. Rochet, F., Efthymiadis, K., Koeune, F., Pereira, O.: SWAT: seamless web authentication technology. In: TheWebConf (2019)

    Google Scholar 

  12. Spooren, J., Preuveneers, D., Joosen, W.: Mobile device fingerprinting considered harmful for risk-based authentication. In: EuroSec (2015)

    Google Scholar 

  13. Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., Markov, Y., Comanescu, O., Eranti, V., Moscicki, A., et al.: Data breaches, phishing, or malware?: understanding the risks of stolen credentials. In: CCS (2017)

    Google Scholar 

  14. Unger, T., Mulazzani, M., Frühwirt, D., Huber, M., Schrittwieser, S., Weippl, E.: SHPF: enhancing HTTP(S) session security with browser fingerprinting. In: ARES (2013)

    Google Scholar 

  15. Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In: CODASPY (2018)

    Google Scholar 

Download references

Acknowledgement

We want to thank the anonymous reviewers, Benoît Baudry, and David Gross-Amblard for their valuable comments; and Alexandre Garel for his work on the experiment.

Author information

Authors and Affiliations

  1. Institute of Research and Technology b-com, Cesson-Sévigné, France

    Nampoina Andriamilanto & Gaëtan Le Guelvouit

  2. Univ Rennes, CNRS, IRISA, Rennes, France

    Tristan Allard

Authors
  1. Nampoina Andriamilanto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tristan Allard
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gaëtan Le Guelvouit
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nampoina Andriamilanto .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Institute of Information Technology, Lodz University of Technology, Łódź, Poland

    Aneta Poniszewska-Maranda

  3. Department of Information and Communications Engineering, Myongji University, Yongin, Seoul, Korea (Republic of)

    Hyunhee Park

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Andriamilanto, N., Allard, T., Guelvouit, G.L. (2021). “Guess Who?” Large-Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication. In: Barolli, L., Poniszewska-Maranda, A., Park, H. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2020. Advances in Intelligent Systems and Computing, vol 1195. Springer, Cham. https://doi.org/10.1007/978-3-030-50399-4_16

Download citation

Publish with us

Policies and ethics

Search

Navigation