A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication - Hypermedia Domain, IRT b<>com Accéder directement au contenu
Article Dans Une Revue ACM Transactions on the Web Année : 2022

A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication

Résumé

Modern browsers give access to several attributes that can be collected to form a browser fingerprint. Although browser fingerprints have primarily been studied as a web tracking tool, they can contribute to improve the current state of web security by augmenting web authentication mechanisms. In this paper, we investigate the adequacy of browser fingerprints for web authentication. We make the link between the digital fingerprints that distinguish browsers, and the biological fingerprints that distinguish Humans, to evaluate browser fingerprints according to properties inspired by biometric authentication factors. These properties include their distinctiveness, their stability through time, their collection time, their size, and the accuracy of a simple verification mechanism. We assess these properties on a large-scale dataset of 4,145,408 fingerprints composed of 216 attributes, and collected from 1,989,365 browsers. We show that, by time-partitioning our dataset, more than 81.3% of our fingerprints are shared by a single browser. Although browser fingerprints are known to evolve, an average of 91% of the attributes of our fingerprints stay identical between two observations , even when separated by nearly 6 months. About their performance, we show that our fingerprints weigh a dozen of kilobytes, and take a few seconds to collect. Finally, by processing a simple verification mechanism, we show that it achieves an equal error rate of 0.61%. We enrich our results with the analysis of the correlation between the attributes, and of their contribution to the evaluated properties. We conclude that our browser fingerprints carry the promise to strengthen web authentication mechanisms.
Fichier principal
Vignette du fichier
A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication.pdf (2.94 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-02870826 , version 1 (16-06-2020)
hal-02870826 , version 2 (03-10-2021)

Identifiants

Citer

Nampoina Andriamilanto, Tristan Allard, Gaëtan Le Guelvouit, Alexandre Garel. A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication. ACM Transactions on the Web, 2022, 16 (1), pp.1--62. ⟨10.1145/3478026⟩. ⟨hal-02870826v2⟩
394 Consultations
296 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More