Skip to Main content Skip to Navigation
Conference papers

FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security

Antonin Durey 1 Pierre Laperdrix 1 Walter Rudametkin 1 Romain Rouvoy 1, 2
1 SPIRALS - Self-adaptation for distributed services and large software systems
Inria Lille - Nord Europe, CRIStAL - Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189
Abstract : Browser fingerprinting has established itself as a stateless technique to identify users on the Web. In particular, it is a highly criticized technique to track users. However, we believe that this identification technique can serve more virtuous purposes, such as bot detection or multi-factor authentication. In this paper, we explore the adoption of browser fingerprinting for security-oriented purposes. More specifically, we study 4 types of web pages that require security mechanisms to process user data: sign-up, sign-in, basket and payment pages. We visited 1, 485 pages on 446 domains and we identified the acquisition of browser fingerprints from 405 pages. By using an existing classification technique, we identified 169 distinct browser fingerprinting scripts included in these pages. By investigating the origins of the browser fingerprinting scripts, we identified 12 security-oriented organizations who collect browser fingerprints on sign-up, sign-in, and payment pages. Finally, we assess the effectiveness of browser fingerprinting against two potential attacks, namely stolen credentials and cookie hijacking. We observe browser fingerprinting being successfully used to enhance web security.
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03212726
Contributor : Antonin Durey Connect in order to contact the contributor
Submitted on : Wednesday, May 5, 2021 - 9:35:11 AM
Last modification on : Friday, January 21, 2022 - 3:12:50 AM
Long-term archiving on: : Friday, August 6, 2021 - 6:16:27 PM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03212726, version 1

Citation

Antonin Durey, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy. FP-Redemption: Studying Browser Fingerprinting Adoption for the Sake of Web Security. International Conference on the Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Jul 2021, lisboa, Portugal. ⟨hal-03212726⟩

Share

Metrics

Les métriques sont temporairement indisponibles