Skip to Main content Skip to Navigation
Theses

Leveraging browser fingerprinting to strengthen web authentication

Antonin Durey 1, 2 
2 SPIRALS - Self-adaptation for distributed services and large software systems
Inria Lille - Nord Europe, CRIStAL - Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189
Abstract : Security on the Web is a major concern for any user, and authentication solutions, such as multi-factor authentication, negatively impact the user experience and add cost and complexity that may prevent them from being more accepted by users and more largely deployed. Browser fingerprinting is a stateless and permission-less technique that collects information about the user’s device, OS, browser and configuration to form an identifier. While it has mainly been studied from a tracking perspective, its properties make it interesting for security, and more specifically, for Web authentication. In this thesis, I provide 3 main contributions: • I manually browse 1, 485 pages on 446 websites and measure fingerprint collection on sensitive pages of websites, such as sign-up and sign-in pages. I evaluate the resilience of these websites against 2 types of attack, stolen credentials and cookie hijacking, and show that fingerprinting, despite its potential, is barely used to protect against these attacks. • I collect fingerprints in a controlled environment to precisely measure the attributes that offer interesting uniqueness and stability properties. I use this knowledge to design and implement a fingerprints linking algorithm for Web authentication and evaluate it on a dataset of 952, 828 fingerprints collected from 64, 235 browser instances, and show the algorithm is reliable and relevant to link fingerprints. • I design and implement an authentication scheme that strengthens web authentication by using browser fingerprinting. I evaluate the scheme on a centralized authentication server with 82 users. I demonstrate that browser fingerprinting strengthens Web authentication while having a minimal impact on the user experience. With these contributions, I argue that browser fingerprinting improves web authentication and conclude this manuscript by providing short-term and long-term perspectives to improve this work.
Complete list of metadata

https://tel.archives-ouvertes.fr/tel-03544475
Contributor : Antonin Durey Connect in order to contact the contributor
Submitted on : Wednesday, January 26, 2022 - 4:40:59 PM
Last modification on : Tuesday, March 29, 2022 - 4:07:17 AM
Long-term archiving on: : Wednesday, April 27, 2022 - 7:24:12 PM

File

manuscript.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : tel-03544475, version 1

Citation

Antonin Durey. Leveraging browser fingerprinting to strengthen web authentication. Computer Science [cs]. Université de Lille, 2022. English. ⟨tel-03544475⟩

Share

Metrics

Record views

148

Files downloads

408