Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.4.631

A Study on User Authentication Model Using Device Fingerprint Based on Web Standard  

Park, Sohee (KERIS)
Jang, Jinhyeok (Kongju National University)
Choi, Daeseon (Kongju National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.4, 2020 , pp. 631-646 More about this Journal
Abstract
The government is pursuing a policy to remove plug-ins for public and private websites to create a convenient Internet environment for users. In general, financial institution websites that provide financial services, such as banks and credit card companies, operate fraud detection system(FDS) to enhance the stability of electronic financial transactions. At this time, the installation software is used to collect and analyze the user's information. Therefore, there is a need for an alternative technology and policy that can collect user's information without installing software according to the no-plug-in policy. This paper introduces the device fingerprinting that can be used in the standard web environment and suggests a guideline to select from various techniques. We also propose a user authentication model using device fingerprints based on machine learning. In addition, we actually collected device fingerprints from Chrome and Explorer users to create a machine learning algorithm based Multi-class authentication model. As a result, the Chrome-based Authentication model showed about 85%~89% perfotmance, the Explorer-based Authentication model showed about 93%~97% performance.
Keywords
Device Fingerprinting; Browser Fingerprinting; No-Plugin; Authentication; Machine Learning;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 E. Flood, J. Karlsson, "Browser Fingerprinting," Master of Science Thesis, Chalmers University, pp.1-99, 2012
2 S. V. Stehman, "Selecting and interpreting measures of thematic classification accuracy," Remote sensing of Environment Vol, 62, No. 1, pp. 77-89, 1997   DOI
3 Ministry of the Interior and Safety, "Guidelines for removal of public website plugins," Nov. 2018
4 Ministry of the Science and ICT, "Guidelines for improving private public website plugins," Nov. 2018
5 Interezen, http://www.interezen.co.kr/izh6/main/main.jsp, accessed Nov 25, 2019
6 Ministry of Science and ICT, Ministry of the Interior and Safety and Financial Services Commission, "2019 Current status of private and public plug-in improvements," Dec. 2019
7 P. Eckersley, "How unique is your web browser?," In International Symposium on Privacy Enhancing Technologies Symposium, Springer, Berlin, Heidelberg, pp. 1-19, 2010
8 "Fraud Detection System Technical guide," Financial Security Agency, Aug. 2014
9 Mayer, J. R. "Any person... a pamphleteer: Internet Anonymity in the Age of Web 2.0," Undergraduate Senior Thesis, Princeton University, pp.1-103, 2009
10 K. Mowery and H. Shacham, "Pixel perfect: Fingerprinting canvas in HTML5," Proceedings of W2SP, pp. 1-12, May. 2012
11 "Empowering Smarter Authentication and Fraud Decisioning in an Evolving Digital Landscap", LexisNexis, 2019
12 Wikipedia, "IP address", https://en.wikipedia.org/wiki/IP_address, accessed Nov 25, 2019
13 TCP school, "Concept of DOM," http://tepschool.com/javascript/js_dom_concept, accessed Nov 26, 2019
14 P. Laperdrix, W. Rudametkin, and B. Baudry, "Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints". In 2016 IEEE Symposium on Security and Privacy(SP), IEEE, pp. 878-894, May. 2016
15 Mozila, "HTTP Header," https://developer.mozilla.org/ko/docs/Web/HTTP/Headers, Mozila Web docs, accessed Nov 26, 2019.
16 G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz, "The Web Never Forgets: Persistent Tracking Mechanisms in the Wild," In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, pp. 674-689, Nov. 2014
17 P. Laperdrix, G. Avoine, B. Baudry, and N, Nikiforakis, "Morellian Analysis for Browsers: Making Web Authentication Stronger with Canvas Fingerprinting," In International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, Springer, Cham, pp. 43-66, Jun, 2019
18 Seok-eun Jang, Soon-tai Park and Sang-joon Lee, "A Study on Online Fraud and Abusing Detection Technology Using Web-Based Device Fingerprinting," Journal of the Korea Institute of Information Security & Cryptology, Vol. 28, No. 5, pp.1179-1195, Oct. 2018   DOI
19 D. Fifield and S. Egelman, "Fingerprinting web users through font metrics," In International Conference on Financial Cryptography and Data Security, Springer, Berlin, Heidelberg, pp. 107-124, Jan. 2015
20 The Spanish Data Protection Agency(AEPD), "Survey on Device Fingerprinting," Feb. 2019
21 P. Laperdrix, N. Bielova, B. Baudry, and G. Avoine, "Browser Fingerprinting : A survey," ACM Transactions on the Web, Vol.14, No.2, Apr. 2020.
22 T. Unger, M. Mulazzani, D. Frühwirt, M. Huber, S. Schrittwieser and E. Weippl, "SHPF : Enhancing http (s) session security with browser fingerprinting," In 2013 International Conference on Availability, Reliability and Security, IEEE, pp. 255-261, Sep. 2013
23 I. Sanchez-Rola, I. Santos and D. Balzarotti, "Clock around the clock: time-based device fingerprinting," In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1502-1514, Jan. 2018
24 A. Gomez-Boix, P. Laperdrix and B. Baudry, "Hiding in the crowd: an analysis of the effectiveness of browser fingerprinting at large scale," In Proceedings of the 2018 World Wide Web Conference, pp. 309-318, Apr. 2018
25 F. Alaca and P. C. Van Oorschot, "Device fingerprinting for augmenting web authentication: classification and analysis of methods," In Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 289-301, Dec. 2016
26 "Can I Use",https://www.caniuse.com/, accessed Nov 23, 2019.
27 A. Vastel. P. Laperdrix, W. Rudametkin and R. Rouvoy, "FP-STALKER: Tracking browser fingerprint evolutions," In 2018 IEEE Symposium on Security and Privacy (SP), IEEE, pp. 728-741, May. 2018
28 S. Englehardt and A. Narayanan, "Online tracking: A 1-million-site measurement and analysis," In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp. 1388-1401, Oct. 2016