Browser Fingerprinting : Exploring Device Diversity to Augment Authentification and Build Client-Side Countermeasures

Pierre Laperdrix 1
1 DiverSe - Diversity-centric Software Engineering
Inria Rennes – Bretagne Atlantique , IRISA_D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Users are presented with an ever-increasing number of choices to connect to the Internet. From desktops, laptops, tablets and smartphones, anyone can find the perfect device that suits his or her needs while factoring mobility, size or processing power. Browser fingerprinting became a reality thanks to the software and hardware diversity that compose every single one of our modem devices. By collecting device-specific information with a simple script running in the browser, a server can fully or partially identify a device on the web and follow it wherever it goes. This technique presents strong privacy implications as it does not require the use of stateful identifiers like cookies that can be removed or managed by the user. In this thesis, we provide the following contributions: an analysis of 118,934 genuine fingerprints to understand the current state of browser fingerprinting, two countermeasures called Blink and FPRandom and a complete protocol based on canvas fingerprinting to augment authentication on the web. Browser fingerprinting is still in its early days. As the web is in constant evolution and as browser vendors keep pushing the limits of what we can do online, the contours of this technique are continually changing. With this dissertation, we shine a light into its inner-workings and its challenges along with a new perspective on how it can reinforce account security.
Document type :
Theses
Complete list of metadatas

Cited literature [69 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01729126
Contributor : Abes Star <>
Submitted on : Monday, March 12, 2018 - 1:26:08 PM
Last modification on : Monday, February 11, 2019 - 2:34:00 PM
Long-term archiving on : Wednesday, June 13, 2018 - 1:40:40 PM

File

These_2017ISAR0016_Laperdrix_P...
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01729126, version 1

Citation

Pierre Laperdrix. Browser Fingerprinting : Exploring Device Diversity to Augment Authentification and Build Client-Side Countermeasures. Cryptography and Security [cs.CR]. INSA de Rennes, 2017. English. ⟨NNT : 2017ISAR0016⟩. ⟨tel-01729126⟩

Share

Metrics

Record views

560

Files downloads

1567