guess who large scale data centric study of the adequacy
play

< Guess Who ? Large -Scale Data-Centric Study of the Adequacy of - PowerPoint PPT Presentation

Mar 04, 2023 •38 likes •318 views

< Guess Who ? Large -Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication> IMIS 2020, July 1, 2020 Nampoina Andriamilanto, Tristan Allard, Gatan Le Guelvouit Web Authentication Passwords

  1. < “ Guess Who ?” Large -Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication> IMIS 2020, July 1, 2020 Nampoina Andriamilanto, Tristan Allard, Gaëtan Le Guelvouit

  2. Web Authentication ◆ Passwords suffer from flaws – Dictionary attacks: common passwords [5] or reuse [14] – Phishing attacks: 12.4 million stolen credentials [12] ◆ Leading to multi-factor authentication 2 Public distribution

  3. Web Authentication by Browser Fingerprinting ◆ Browser fingerprinting http://example.com – Collection of browser attributes – Depending on the web environment ◆ Use for web authentication 3 Public distribution

  4. Motivation ◆ No large-scale study on browser fingerprints for authentication – Large fingerprint set, fewer than 30 attributes [4, 11, 15] – More than 30 attributes, less than 2,000 users [8, 17] ◆ Previous works focus on – Authentication mechanism designs [6, 10, 16] – Efficacy for web tracking [4, 11, 13, 15, 17] ◆ Existing tools lack documentation – Examples are MicroFocus 1 or SecureAuth 2 1 - https://www.netiq.com/documentation/access-manager-44/admin/data/how-df-works.html 2 - https://docs.secureauth.com/pages/viewpage.action?pageId=33063454 4 Public distribution

  5. Institute of Research and Technology b-com.com Authentication Factor Properties 5 Public distribution

  6. Similarity with Biometric Factors ◆ Similarity with biometric factors – Extraction of features from an entity – Recognition of the entity – Imperfections due to digitalization ◆ Properties identified by previous works [1, 2, 3] 6 Public distribution

  7. Authentication Factor Properties ◆ Properties to be usable – Universality – Distinctiveness – Stability – Collectibility ◆ Properties to be practical – Performance – Acceptability – Circumvention 7 Public distribution

  8. Authentication Factor Properties ◆ Properties to be usable – Universality – Distinctiveness – Stability – Collectibility ◆ Properties to be practical – Performance – Acceptability 3 – Circumvention [16] 3 - https://support.google.com/accounts/answer/1144110 8 Public distribution

  9. Notation ◆ Fingerprint domain 𝑮 – Considering 𝑜 attributes, with 𝑊 𝑦 the domain of the attribute 𝑦 𝐺 = 𝑤 1 , … , 𝑤 𝑜 𝑤 𝑦 ∈ 𝑊 𝑦 } ◆ Fingerprint dataset 𝑬 – Fingerprint 𝑔 was collected from the browser 𝑐 at the moment 𝑢 – With 𝐶 the browser population, and 𝑈 the time domain 𝐸 = 𝑔, 𝑐, 𝑢 𝑔 ∈ 𝐺, 𝑐 ∈ 𝐶, 𝑢 ∈ 𝑈 } 9 Public distribution

  10. Dinstictiveness ◆ Dinstictiveness: are two different browsers distinguishable? – 𝐶(𝑔, 𝐸) : the browsers sharing the fingerprint 𝑔 in the dataset 𝐸 𝐶 𝑔, 𝐸 = 𝑐 ∈ 𝐶 𝑕, 𝑐, 𝑢 ∈ 𝐸, 𝑔 = 𝑕 } ◆ Size of the anonimity sets – 𝐵(𝑡, 𝐸) : the fingerprints in an anonymity set of size 𝑡 𝐵 𝑡, 𝐸 = 𝑔 ∈ 𝐺 𝑑𝑏𝑠𝑒 𝐶 𝑔, 𝐸 = 𝑡 } 10 Public distribution

  11. Stability ◆ Stability: can a browser be recognized through time? ◆ Example of consecutive fingerprints – Fingerprints: { 𝑔 1 , 𝑐, 𝑢 1 , 𝑔 2 , 𝑐, 𝑢 2 , 𝑔 3 , 𝑐, 𝑢 3 } – Consecutive fingerprints: { 𝑔 1 , 𝑔 2 , 𝑔 2 , 𝑔 3 } ◆ Stability measure – Grouped by the elapsed time – Similarity: proportion of identical attributes 11 Public distribution

  12. Performance ◆ Collection time – Over the JavaScript attributes ◆ Size – Only the canvases are hashed ◆ Loss of efficacy – Through time: over the six months [9] – Through space: over the device types [7, 11] 12 Public distribution

  13. Institute of Research and Technology b-com.com Results Public distribution 13

  14. Large-scale Fingerprint Dataset ◆ Fingerprint collection experiment – Probe on two web pages – Industrial partner (top 15 French websites 4 ) Panopticlick [4] AmIUnique [11] Hiding in the Long-Term This study Crowd [13] Observation [17] Collection period 3 weeks 3-4 months 6 months 3 years 6 months Attributes 8 17 17 305 262 Fingerprints 470,161 118,934 2,067,942 88,088 4,145,408 Browsers - - - - 1,989,365 Unicity 0.836 0.894 0.336 0.954 – 0.958 0.818 4 - https://www.alexa.com/topsites/countries/FR 14 Public distribution

  15. Fingerprints Distinctiveness ◆ >80% of the fingerprints are unique ◆ >94% are shared by ≤ 8 browsers 15 Public distribution

  16. Fingerprints Distinctiveness per Device Type ◆ 84% of desktop fingerprints are unique ◆ 42% for the mobile browsers 16 Public distribution

  17. Fingerprints Stability ◆ On average, 90% of the attributes stay identical ◆ Mobile fingerprints are generally more stable 17 Public distribution

  18. Fingerprints Collection Time ◆ Median collection time of 2.92 seconds ◆ Mobile fingerprints generally take more time 18 Public distribution

  19. Fingerprints Size ◆ Median size of 7,550 bytes ◆ Mobile fingerprints are generally lighter 19 Public distribution

  20. Institute of Research and Technology b-com.com Conclusion 20 Public distribution

  21. Conclusion Our fingerprints ◆ – Are majoritarily unique (>80%) – Are stable (>90% identical attributes) – Only weigh a dozen kilobytes – Are collected in seconds Our fingerprints of mobile browsers ◆ – Show a loss of distinctiveness – Are generally more stable and lighter, but longer to collect Promising additional web authentication factor ◆ 21 Public distribution

  22. Thank You Any question ? tompoariniaina.andriamilanto@b-com.com

  23. Institute of Research and Technology b-com.com References 23 Public distribution

  24. References I Davide Maltoni, Dario Maio, Anil K. Jain, and Salil Prabhakar. Handbook of Fingerprint 1. Recognition . 1st ed., 2003. https://doi.org/10.1007/b97303. Vasilios Zorkadis and P. Donos . “On Biometrics ‐ based Authentication and Identification from a 2. Privacy ‐ protection Perspective: Deriving Privacy ‐ enhancing Requirements .” Information Management & Computer Security 12, no. 1 (January 1, 2004): 125 – 37. https://doi.org/10.1108/09685220410518883. Marco Gamassi, Massimo Lazzaroni, Mauro Misino, Vincenzo Piuri, Daniele Sana, and Fabio 3. Scotti . “ Quality Assessment of Biometric Systems: A Comprehensive Perspective Based on Accuracy and Performance Measurement .” IEEE Transactions on Instrumentation and Measurement 54, no. 4 (August 2005): 1489 – 1496. https://doi.org/10.1109/TIM.2005.851087. Peter Eckersley . “How Unique Is Your Web Browser?” In International Conference on Privacy 4. Enhancing Technologies (PETS) , 1 – 18, 2010. https://doi.org/10.1007/978-3-642-14527-8_1. 24 Public distribution

  25. References II Joseph Bonneau. “The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million 5. Passwords .” In IEEE Symposium on Security and Privacy (S&P), 538 – 52, 2012. https://doi.org/10.1109/SP.2012.49. Thomas Unger, Martin Mulazzani, Dominik Frühwirt, Markus Huber, Sebastian Schrittwieser, 6. and Edgar Weippl . “SHPF: Enhancing HTTP(S) Session Security with Browser Fingerprinting.” In International Conference on Availability, Reliability and Security (ARES), 255 – 61, 2013. https://doi.org/10.1109/ARES.2013.33. Jan Spooren, Davy Preuveneers, and Wouter Joosen . “Mobile Device Fingerprinting Considered 7. Harmful for Risk-Based Authentication .” In European Workshop on System Security (EuroSec) , 6:1 – 6:6, 2015. https://doi.org/10.1145/2751323.2751329. Amin Faiz Khademi, Mohammad Zulkernine, and Komminist Weldemariam . “An Empirical 8. Evaluation of Web-Based Fingerprinting.” IEEE Software 32, no. 4 (July 2015): 46 – 52. https://doi.org/10.1109/MS.2015.77. 25 Public distribution

  26. References III Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, and Felix Freiling . “Fingerprinting 9. Mobile Devices Using Personalized Configurations.” Proceedings on Privacy Enhancing Technologies 2016, no. 1 (2016). https://doi.org/10.1515/popets-2015-0027. Tom Goethem, Wout Scheepers, Davy Preuveneers, and Wouter Joosen . “ Accelerometer-Based 10. Device Fingerprinting for Multi-Factor Mobile Authentication .” In International Symposium on Engineering Secure Software and Systems (ESSoS) , 106 – 121, 2016. https://doi.org/10.1007/978-3-319-30806-7_7. Pierre Laperdrix, Walter Rudametkin , and Benoit Baudry. “Beauty and the Beast: Diverting 11. Modern Web Browsers to Build Unique Browser Fingerprints .” In IEEE Symposium on Security and Privacy (S&P) , 878 – 94, 2016. https://doi.org/10.1109/SP.2016.57. Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, et 12. al. “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials .” In ACM SIGSAC Conference on Computer and Communications Security (CCS) , 1421 – 1434, 2017. https://doi.org/10.1145/3133956.3134067. 26 Public distribution

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Large Scale Data Management with GridSite Web-centric data access and visualization Ian

Large Scale Data Management with GridSite Web-centric data access and visualization Ian

Large Scale Data Management with GridSite Web-centric data access and visualization Ian Stokes-Rees SBGrid/Sliz Lab Harvard Medical School Workflow Overview Stage 1: Protein sequence alignment 100,000 x 300 protein pair comparisons

274 views • 10 slides
MongoDB large scale data-centric architectures QConSF 2012 Kenny Gorman Founder, ObjectRocket

MongoDB large scale data-centric architectures QConSF 2012 Kenny Gorman Founder, ObjectRocket

MongoDB large scale data-centric architectures QConSF 2012 Kenny Gorman Founder, ObjectRocket @objectrocket @kennygorman MongoDB at scale Designing for scale Techniques to ease pain Things to avoid What is scale? Scale;

539 views • 27 slides
Overcoming the Top Four Challenges to Real-Time Performance in Large-Scale, Data-Centric

Overcoming the Top Four Challenges to Real-Time Performance in Large-Scale, Data-Centric

Overcoming the Top Four Challenges to Real-Time Performance in Large-Scale, Data-Centric Applications Tom Lubinski Founder and CEO SL Corporation 17 November 2011 Disclaimers I am not Mike Lee No Mariachi hat No Facial hair

599 views • 42 slides
Gene World: A large-scale, gene-centric seman5c web

Gene World: A large-scale, gene-centric seman5c web

Gene World: A large-scale, gene-centric seman5c web knowledge base for molecular biology Jos Cruz-Toledo, Alison Callahan and Michel Dumon9er

356 views • 14 slides
Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA Masters level course: Chalmers MPALG and MPSOF programmes (DAT345) GU Applied Data Science programme (DIT871) Learning outcomes include:

305 views • 18 slides
Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1

Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1

Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1 Guess 0 Guess 1 Guess 0 Guess 1 2 ATM Alternating Turing Machine Guess 0 Guess 1 Guess 0 Guess 1

1.35k views • 120 slides
A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale

A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale

A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale Chemical Data Integration Summary Current situation Business case Aims The design process Functionality Applications

261 views • 25 slides
PageRank and recommenders on very large scale A Big Data perspective through Stratosphere

PageRank and recommenders on very large scale A Big Data perspective through Stratosphere

PageRank and recommenders on very large scale PageRank and recommenders on very large scale A Big Data perspective through Stratosphere Mrton Balassi Data Mining and Search Group 1 1 Computer and Automation Research Institute of the Hungarian

719 views • 68 slides
The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi

The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi

The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi Arumugam 1 ,Alin Dobra 1 ,Christopher M. Jermaine 2 , Niketan Pansare 2 ,Luis Perez 2 1 University of Florida, 2 Rice University June 9, 2010

541 views • 23 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
International Networking in support of Extremely Large Astronomical Data-centric Operations Je

International Networking in support of Extremely Large Astronomical Data-centric Operations Je

ADASS 2017 Santiago, Chile October 24 th 2017 International Networking in support of Extremely Large Astronomical Data-centric Operations Je Jeronimo Bezerra rra, Je Jeff Kantor, Sandra ra Ja Jaque , Lu Luis Corral , Vinicius

155 views • 15 slides
Large-Scale Data Fusion Tutorial at BC^2, Basel 2015 by Collective Matrix Factorization

Large-Scale Data Fusion Tutorial at BC^2, Basel 2015 by Collective Matrix Factorization

Marinka itnik &amp; Bla Zupan University of Ljubljana, Slovenia Large-Scale Data Fusion Tutorial at BC^2, Basel 2015 by Collective Matrix Factorization Tutorial Overview Motivation: search for bacterial-response genes, a case study

768 views • 64 slides
Large-scale Data Processing and Optimisation Eiko Yoneki University of Cambridge Computer

Large-scale Data Processing and Optimisation Eiko Yoneki University of Cambridge Computer

Large-scale Data Processing and Optimisation Eiko Yoneki University of Cambridge Computer Laboratory Massive Data: Scale-Up vs Scale-Out Popular solution for massive data processing scale and build distribution, combine theoretically

204 views • 18 slides
Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E.

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E.

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E. Santos-Neto, L. Costa, M. Ripeanu. IEEE TPC, 2014 Sami (sa894) - R244: Large-scale data processing and optimization Efficient Large-Scale Graph Processing on

381 views • 25 slides
Learning with Large Datasets L eon Bottou NEC Laboratories America Why Large-scale Datasets?

Learning with Large Datasets L eon Bottou NEC Laboratories America Why Large-scale Datasets?

Learning with Large Datasets L eon Bottou NEC Laboratories America Why Large-scale Datasets? Data Mining Gain competitive advantages by analyzing data that describes the life of our computerized society. Artificial Intelligence

878 views • 60 slides
Advisory Council Data Requests Page 1 of 45 Network Adequacy Analysis

Advisory Council Data Requests Page 1 of 45 Network Adequacy Analysis

Network Adequacy Advisory Council Data Requests Page 1 of 45 Network Adequacy Analysis Additional Provider Standards A request was submitted to the Division of Insurance to analyze the network adequacy of the

939 views • 45 slides
FOTO/CHART HELYE curl -s https://10.13.37.42/phpmyadmin/ | egrep -o

FOTO/CHART HELYE curl -s https://10.13.37.42/phpmyadmin/ | egrep -o

FOTO/CHART HELYE curl -s https://10.13.37.42/phpmyadmin/ | egrep -o '&lt;(script|img|link)[^&gt;]{,80}&gt;?' &lt;link rel=&quot;icon&quot; href=&quot;favicon.ico&quot; type=&quot;image/x-icon&quot; /&gt; &lt;link

406 views • 21 slides
Digitizing 35mm Slides by Dan Hyde Last update July 14, 2020 I have several thousand old 35mm

Digitizing 35mm Slides by Dan Hyde Last update July 14, 2020 I have several thousand old 35mm

Digitizing 35mm Slides by Dan Hyde Last update July 14, 2020 I have several thousand old 35mm slides from the 1970-1990 era. I would like to digitize a bunch of them in order to display and preserve them. But how to do it? This article

128 views • 9 slides
LECTURE 3 Large LECTURE 3 Medium Small How does f change Introduction to the Parton

LECTURE 3 Large LECTURE 3 Medium Small How does f change Introduction to the Parton

Recap: Parton Model, Factorization, Evolution CTEQ-MCnet school on QCD Analysis and Phenomenology dependence must balance and the Physics and Techniques of Event Generators LECTURE 3 Large LECTURE 3 Medium Small How does f

420 views • 11 slides
Summary from last time Let f : X Y be a map of Our goal was to construct a functor f ! : D

Summary from last time Let f : X Y be a map of Our goal was to construct a functor f ! : D

Summary from last time Let f : X Y be a map of Our goal was to construct a functor f ! : D + (Sh( Y )) D + (Sh( X )) so that there are natural isomorphisms Hom D + (Sh( Y )) ( Rf ! F , G ) = Hom D + (Sh( X )) ( F , f ! G ) for all F

412 views • 6 slides
A Kleene Functor for a Subclass of Net Systems Ramchandra Phawade Joint work with Kamal Lodaya

A Kleene Functor for a Subclass of Net Systems Ramchandra Phawade Joint work with Kamal Lodaya

A Kleene Functor for a Subclass of Net Systems Ramchandra Phawade Joint work with Kamal Lodaya and Madhavan Mukund January 29, 2011 Ramchandra Phawade () A Kleene Functor for a Subclass of Net Systems January 29, 2011 1 / 28 Net system,

936 views • 28 slides
photomultipliers in RICH detectors A.Yu. Barnyakov, M.Yu. Barnyakov, S.A. Kononov, E.A.

photomultipliers in RICH detectors A.Yu. Barnyakov, M.Yu. Barnyakov, S.A. Kononov, E.A.

Applicability of digital silicon photomultipliers in RICH detectors A.Yu. Barnyakov, M.Yu. Barnyakov, S.A. Kononov, E.A. Kravchenko, I.A. Kuyanov, A.P. Onuchin, V.G. Prisekin a Budker Institute of Nuclear Physics b Novosibirsk State University c

558 views • 27 slides
Wedding &amp; Event Design ! with Lindsay Landman ! 1 1 Week 6: Space &amp; Floor Planning 2

Wedding &amp; Event Design ! with Lindsay Landman ! 1 1 Week 6: Space &amp; Floor Planning 2

10/26/15 Progressive Education for Event Professionals Wedding &amp; Event Design ! with Lindsay Landman ! 1 1 Week 6: Space &amp; Floor Planning 2 Week 6: Space &amp; Floor Planning Designing Your Space 3 1 10/26/15 Function First Design Your

510 views • 10 slides
MAT137 - Calculus with proofs Assignment #1 due on THURSDAY. TODAY: Limits geometrically WED:

MAT137 - Calculus with proofs Assignment #1 due on THURSDAY. TODAY: Limits geometrically WED:

MAT137 - Calculus with proofs Assignment #1 due on THURSDAY. TODAY: Limits geometrically WED: The definition of limit (Videos 2.5, 2.6) Limits from a graph Find the value of 1. lim x 2 f ( x ) 2. lim x 0 f ( f ( x )) Floor Given a

376 views • 4 slides

More recommend