FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2021

FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security

Résumé

Browser fingerprinting has established itself as a stateless technique to identify users on the Web. In particular, it is a highly criticized technique to track users. However, we believe that this identification technique can serve more virtuous purposes, such as bot detection or multi-factor authentication. In this paper, we explore the adoption of browser fingerprinting for security-oriented purposes. More specifically, we study 4 types of web pages that require security mechanisms to process user data: sign-up, sign-in, basket and payment pages. We visited 1, 485 pages on 446 domains and we identified the acquisition of browser fingerprints from 405 pages. By using an existing classification technique, we identified 169 distinct browser fingerprinting scripts included in these pages. By investigating the origins of the browser fingerprinting scripts, we identified 12 security-oriented organizations who collect browser fingerprints on sign-up, sign-in, and payment pages. Finally, we assess the effectiveness of browser fingerprinting against two potential attacks, namely stolen credentials and cookie hijacking. We observe browser fingerprinting being successfully used to enhance web security.
Fichier principal
Vignette du fichier
main.pdf (332.13 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03212726 , version 1 (05-05-2021)

Identifiants

  • HAL Id : hal-03212726 , version 1

Citer

Antonin Durey, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy. FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security. International Conference on the Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Jul 2021, lisboa, Portugal. ⟨hal-03212726⟩
502 Consultations
841 Téléchargements

Partager

Gmail Facebook X LinkedIn More