Device Fingerprinting for Augmenting Web Authentication, Classification and Analysis of Methods

Speaker/Bio

Trishita is a rising senior at Boston University, pursing her Bachelors in Computer Engineering. Currently working at NIS Lab, her research interests revolve around cyber-security -- side channel attacks, applied cryptography, penetration testing, etc.

Abstract

Device fingerprinting is commonly used for tracking users. We explore device fingerprinting but in the specific context of use for augmenting authentication, providing a state-of-the-art view and analysis. We summarize and classify 29 available methods and their properties; define attack models relevant to augmenting passwords for user authentication; and qualitatively compare them based on stability, repeatability, resource use, client passiveness, difficulty of spoofing, and distinguishability offered.

Reference

• Alaca, Furkan, and Paul C. van Oorschot. "Device fingerprinting for augmenting web authentication: classification and analysis of methods." Proceedings of the 32nd Annual Conference on Computer Security Applications. ACM, 2016.