guess who large scale data centric study of the adequacy
play

< Guess Who ? Large -Scale Data-Centric Study of the Adequacy of - PowerPoint PPT Presentation

Mar 04, 2023 •38 likes •318 views

< Guess Who ? Large -Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication> IMIS 2020, July 1, 2020 Nampoina Andriamilanto, Tristan Allard, Gatan Le Guelvouit Web Authentication Passwords

  1. < “ Guess Who ?” Large -Scale Data-Centric Study of the Adequacy of Browser Fingerprints for Web Authentication> IMIS 2020, July 1, 2020 Nampoina Andriamilanto, Tristan Allard, Gaëtan Le Guelvouit

  2. Web Authentication ◆ Passwords suffer from flaws – Dictionary attacks: common passwords [5] or reuse [14] – Phishing attacks: 12.4 million stolen credentials [12] ◆ Leading to multi-factor authentication 2 Public distribution

  3. Web Authentication by Browser Fingerprinting ◆ Browser fingerprinting http://example.com – Collection of browser attributes – Depending on the web environment ◆ Use for web authentication 3 Public distribution

  4. Motivation ◆ No large-scale study on browser fingerprints for authentication – Large fingerprint set, fewer than 30 attributes [4, 11, 15] – More than 30 attributes, less than 2,000 users [8, 17] ◆ Previous works focus on – Authentication mechanism designs [6, 10, 16] – Efficacy for web tracking [4, 11, 13, 15, 17] ◆ Existing tools lack documentation – Examples are MicroFocus 1 or SecureAuth 2 1 - https://www.netiq.com/documentation/access-manager-44/admin/data/how-df-works.html 2 - https://docs.secureauth.com/pages/viewpage.action?pageId=33063454 4 Public distribution

  5. Institute of Research and Technology b-com.com Authentication Factor Properties 5 Public distribution

  6. Similarity with Biometric Factors ◆ Similarity with biometric factors – Extraction of features from an entity – Recognition of the entity – Imperfections due to digitalization ◆ Properties identified by previous works [1, 2, 3] 6 Public distribution

  7. Authentication Factor Properties ◆ Properties to be usable – Universality – Distinctiveness – Stability – Collectibility ◆ Properties to be practical – Performance – Acceptability – Circumvention 7 Public distribution

  8. Authentication Factor Properties ◆ Properties to be usable – Universality – Distinctiveness – Stability – Collectibility ◆ Properties to be practical – Performance – Acceptability 3 – Circumvention [16] 3 - https://support.google.com/accounts/answer/1144110 8 Public distribution

  9. Notation ◆ Fingerprint domain 𝑮 – Considering 𝑜 attributes, with 𝑊 𝑦 the domain of the attribute 𝑦 𝐺 = 𝑤 1 , … , 𝑤 𝑜 𝑤 𝑦 ∈ 𝑊 𝑦 } ◆ Fingerprint dataset 𝑬 – Fingerprint 𝑔 was collected from the browser 𝑐 at the moment 𝑢 – With 𝐶 the browser population, and 𝑈 the time domain 𝐸 = 𝑔, 𝑐, 𝑢 𝑔 ∈ 𝐺, 𝑐 ∈ 𝐶, 𝑢 ∈ 𝑈 } 9 Public distribution

  10. Dinstictiveness ◆ Dinstictiveness: are two different browsers distinguishable? – 𝐶(𝑔, 𝐸) : the browsers sharing the fingerprint 𝑔 in the dataset 𝐸 𝐶 𝑔, 𝐸 = 𝑐 ∈ 𝐶 𝑕, 𝑐, 𝑢 ∈ 𝐸, 𝑔 = 𝑕 } ◆ Size of the anonimity sets – 𝐵(𝑡, 𝐸) : the fingerprints in an anonymity set of size 𝑡 𝐵 𝑡, 𝐸 = 𝑔 ∈ 𝐺 𝑑𝑏𝑠𝑒 𝐶 𝑔, 𝐸 = 𝑡 } 10 Public distribution

  11. Stability ◆ Stability: can a browser be recognized through time? ◆ Example of consecutive fingerprints – Fingerprints: { 𝑔 1 , 𝑐, 𝑢 1 , 𝑔 2 , 𝑐, 𝑢 2 , 𝑔 3 , 𝑐, 𝑢 3 } – Consecutive fingerprints: { 𝑔 1 , 𝑔 2 , 𝑔 2 , 𝑔 3 } ◆ Stability measure – Grouped by the elapsed time – Similarity: proportion of identical attributes 11 Public distribution

  12. Performance ◆ Collection time – Over the JavaScript attributes ◆ Size – Only the canvases are hashed ◆ Loss of efficacy – Through time: over the six months [9] – Through space: over the device types [7, 11] 12 Public distribution

  13. Institute of Research and Technology b-com.com Results Public distribution 13

  14. Large-scale Fingerprint Dataset ◆ Fingerprint collection experiment – Probe on two web pages – Industrial partner (top 15 French websites 4 ) Panopticlick [4] AmIUnique [11] Hiding in the Long-Term This study Crowd [13] Observation [17] Collection period 3 weeks 3-4 months 6 months 3 years 6 months Attributes 8 17 17 305 262 Fingerprints 470,161 118,934 2,067,942 88,088 4,145,408 Browsers - - - - 1,989,365 Unicity 0.836 0.894 0.336 0.954 – 0.958 0.818 4 - https://www.alexa.com/topsites/countries/FR 14 Public distribution

  15. Fingerprints Distinctiveness ◆ >80% of the fingerprints are unique ◆ >94% are shared by ≤ 8 browsers 15 Public distribution

  16. Fingerprints Distinctiveness per Device Type ◆ 84% of desktop fingerprints are unique ◆ 42% for the mobile browsers 16 Public distribution

  17. Fingerprints Stability ◆ On average, 90% of the attributes stay identical ◆ Mobile fingerprints are generally more stable 17 Public distribution

  18. Fingerprints Collection Time ◆ Median collection time of 2.92 seconds ◆ Mobile fingerprints generally take more time 18 Public distribution

  19. Fingerprints Size ◆ Median size of 7,550 bytes ◆ Mobile fingerprints are generally lighter 19 Public distribution

  20. Institute of Research and Technology b-com.com Conclusion 20 Public distribution

  21. Conclusion Our fingerprints ◆ – Are majoritarily unique (>80%) – Are stable (>90% identical attributes) – Only weigh a dozen kilobytes – Are collected in seconds Our fingerprints of mobile browsers ◆ – Show a loss of distinctiveness – Are generally more stable and lighter, but longer to collect Promising additional web authentication factor ◆ 21 Public distribution

  22. Thank You Any question ? tompoariniaina.andriamilanto@b-com.com

  23. Institute of Research and Technology b-com.com References 23 Public distribution

  24. References I Davide Maltoni, Dario Maio, Anil K. Jain, and Salil Prabhakar. Handbook of Fingerprint 1. Recognition . 1st ed., 2003. https://doi.org/10.1007/b97303. Vasilios Zorkadis and P. Donos . “On Biometrics ‐ based Authentication and Identification from a 2. Privacy ‐ protection Perspective: Deriving Privacy ‐ enhancing Requirements .” Information Management & Computer Security 12, no. 1 (January 1, 2004): 125 – 37. https://doi.org/10.1108/09685220410518883. Marco Gamassi, Massimo Lazzaroni, Mauro Misino, Vincenzo Piuri, Daniele Sana, and Fabio 3. Scotti . “ Quality Assessment of Biometric Systems: A Comprehensive Perspective Based on Accuracy and Performance Measurement .” IEEE Transactions on Instrumentation and Measurement 54, no. 4 (August 2005): 1489 – 1496. https://doi.org/10.1109/TIM.2005.851087. Peter Eckersley . “How Unique Is Your Web Browser?” In International Conference on Privacy 4. Enhancing Technologies (PETS) , 1 – 18, 2010. https://doi.org/10.1007/978-3-642-14527-8_1. 24 Public distribution

  25. References II Joseph Bonneau. “The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million 5. Passwords .” In IEEE Symposium on Security and Privacy (S&P), 538 – 52, 2012. https://doi.org/10.1109/SP.2012.49. Thomas Unger, Martin Mulazzani, Dominik Frühwirt, Markus Huber, Sebastian Schrittwieser, 6. and Edgar Weippl . “SHPF: Enhancing HTTP(S) Session Security with Browser Fingerprinting.” In International Conference on Availability, Reliability and Security (ARES), 255 – 61, 2013. https://doi.org/10.1109/ARES.2013.33. Jan Spooren, Davy Preuveneers, and Wouter Joosen . “Mobile Device Fingerprinting Considered 7. Harmful for Risk-Based Authentication .” In European Workshop on System Security (EuroSec) , 6:1 – 6:6, 2015. https://doi.org/10.1145/2751323.2751329. Amin Faiz Khademi, Mohammad Zulkernine, and Komminist Weldemariam . “An Empirical 8. Evaluation of Web-Based Fingerprinting.” IEEE Software 32, no. 4 (July 2015): 46 – 52. https://doi.org/10.1109/MS.2015.77. 25 Public distribution

  26. References III Andreas Kurtz, Hugo Gascon, Tobias Becker, Konrad Rieck, and Felix Freiling . “Fingerprinting 9. Mobile Devices Using Personalized Configurations.” Proceedings on Privacy Enhancing Technologies 2016, no. 1 (2016). https://doi.org/10.1515/popets-2015-0027. Tom Goethem, Wout Scheepers, Davy Preuveneers, and Wouter Joosen . “ Accelerometer-Based 10. Device Fingerprinting for Multi-Factor Mobile Authentication .” In International Symposium on Engineering Secure Software and Systems (ESSoS) , 106 – 121, 2016. https://doi.org/10.1007/978-3-319-30806-7_7. Pierre Laperdrix, Walter Rudametkin , and Benoit Baudry. “Beauty and the Beast: Diverting 11. Modern Web Browsers to Build Unique Browser Fingerprints .” In IEEE Symposium on Security and Privacy (S&P) , 878 – 94, 2016. https://doi.org/10.1109/SP.2016.57. Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, et 12. al. “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials .” In ACM SIGSAC Conference on Computer and Communications Security (CCS) , 1421 – 1434, 2017. https://doi.org/10.1145/3133956.3134067. 26 Public distribution

Recommend

Large Scale Data Management with GridSite Web-centric data access and visualization Ian

Large Scale Data Management with GridSite Web-centric data access and visualization Ian

Large Scale Data Management with GridSite Web-centric data access and visualization Ian Stokes-Rees SBGrid/Sliz Lab Harvard Medical School Workflow Overview Stage 1: Protein sequence alignment 100,000 x 300 protein pair comparisons

274 views • 10 slides
MongoDB large scale data-centric architectures QConSF 2012 Kenny Gorman Founder, ObjectRocket

MongoDB large scale data-centric architectures QConSF 2012 Kenny Gorman Founder, ObjectRocket

MongoDB large scale data-centric architectures QConSF 2012 Kenny Gorman Founder, ObjectRocket @objectrocket @kennygorman MongoDB at scale Designing for scale Techniques to ease pain Things to avoid What is scale? Scale;

539 views • 27 slides
Overcoming the Top Four Challenges to Real-Time Performance in Large-Scale, Data-Centric

Overcoming the Top Four Challenges to Real-Time Performance in Large-Scale, Data-Centric

Overcoming the Top Four Challenges to Real-Time Performance in Large-Scale, Data-Centric Applications Tom Lubinski Founder and CEO SL Corporation 17 November 2011 Disclaimers I am not Mike Lee No Mariachi hat No Facial hair

599 views • 42 slides
Gene World: A large-scale, gene-centric seman5c web

Gene World: A large-scale, gene-centric seman5c web

Gene World: A large-scale, gene-centric seman5c web knowledge base for molecular biology Jos Cruz-Toledo, Alison Callahan and Michel Dumon9er

356 views • 14 slides
Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA Masters level course: Chalmers MPALG and MPSOF programmes (DAT345) GU Applied Data Science programme (DIT871) Learning outcomes include:

305 views • 18 slides
Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1

Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1

Computational Complexity Lecture 9 Alternation (Continued) 1 ATM Guess 0 Guess 1 Guess 0 Guess 1 Guess 0 Guess 1 2 ATM Alternating Turing Machine Guess 0 Guess 1 Guess 0 Guess 1

1.35k views • 120 slides
A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale

A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale

A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale Chemical Data Integration Summary Current situation Business case Aims The design process Functionality Applications

261 views • 25 slides
PageRank and recommenders on very large scale A Big Data perspective through Stratosphere

PageRank and recommenders on very large scale A Big Data perspective through Stratosphere

PageRank and recommenders on very large scale PageRank and recommenders on very large scale A Big Data perspective through Stratosphere Mrton Balassi Data Mining and Search Group 1 1 Computer and Automation Research Institute of the Hungarian

719 views • 68 slides
The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi

The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi

The DataPath System: A Data-Centric Analytic Processing Engine for Large Data Warehouses Subi Arumugam 1 ,Alin Dobra 1 ,Christopher M. Jermaine 2 , Niketan Pansare 2 ,Luis Perez 2 1 University of Florida, 2 Rice University June 9, 2010

541 views • 23 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
International Networking in support of Extremely Large Astronomical Data-centric Operations Je

International Networking in support of Extremely Large Astronomical Data-centric Operations Je

ADASS 2017 Santiago, Chile October 24 th 2017 International Networking in support of Extremely Large Astronomical Data-centric Operations Je Jeronimo Bezerra rra, Je Jeff Kantor, Sandra ra Ja Jaque , Lu Luis Corral , Vinicius

155 views • 15 slides
Large-Scale Data Fusion Tutorial at BC^2, Basel 2015 by Collective Matrix Factorization

Large-Scale Data Fusion Tutorial at BC^2, Basel 2015 by Collective Matrix Factorization

Marinka itnik &amp; Bla Zupan University of Ljubljana, Slovenia Large-Scale Data Fusion Tutorial at BC^2, Basel 2015 by Collective Matrix Factorization Tutorial Overview Motivation: search for bacterial-response genes, a case study

768 views • 64 slides
Large-scale Data Processing and Optimisation Eiko Yoneki University of Cambridge Computer

Large-scale Data Processing and Optimisation Eiko Yoneki University of Cambridge Computer

Large-scale Data Processing and Optimisation Eiko Yoneki University of Cambridge Computer Laboratory Massive Data: Scale-Up vs Scale-Out Popular solution for massive data processing scale and build distribution, combine theoretically

204 views • 18 slides
Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E.

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E.

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E. Santos-Neto, L. Costa, M. Ripeanu. IEEE TPC, 2014 Sami (sa894) - R244: Large-scale data processing and optimization Efficient Large-Scale Graph Processing on

381 views • 25 slides
Learning with Large Datasets L eon Bottou NEC Laboratories America Why Large-scale Datasets?

Learning with Large Datasets L eon Bottou NEC Laboratories America Why Large-scale Datasets?

Learning with Large Datasets L eon Bottou NEC Laboratories America Why Large-scale Datasets? Data Mining Gain competitive advantages by analyzing data that describes the life of our computerized society. Artificial Intelligence

878 views • 60 slides
Advisory Council Data Requests Page 1 of 45 Network Adequacy Analysis

Advisory Council Data Requests Page 1 of 45 Network Adequacy Analysis

Network Adequacy Advisory Council Data Requests Page 1 of 45 Network Adequacy Analysis Additional Provider Standards A request was submitted to the Division of Insurance to analyze the network adequacy of the

939 views • 45 slides
An NDN Testbed for Large-scale Scientific Data Huhnkuk Lim Korea Institute of Science &amp;

An NDN Testbed for Large-scale Scientific Data Huhnkuk Lim Korea Institute of Science &amp;

An NDN Testbed for Large-scale Scientific Data Huhnkuk Lim Korea Institute of Science &amp; Technology Information (KISTI) NDNComm 2015 Sep. 28, 2015 Motivations on NDN for Large-scale Scientific Application As the data volumes and

226 views • 11 slides
CS70: Lecture 33. Lets Guess! Dollar or not with equal probability? Guess how much you get!

CS70: Lecture 33. Lets Guess! Dollar or not with equal probability? Guess how much you get!

CS70: Lecture 33. Lets Guess! Dollar or not with equal probability? Guess how much you get! Guess a 1/2! The expected value. Win X, 100 times. How much will you win the 101st. Guess average! Lets Guess! How much does random person

410 views • 27 slides
Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde2015 DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde2015 DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde2015 DATA STREAM BASICS event.cwi.nl/lsde2015 What is a data stream? Large data volume, likely structured, arriving at a very high rate Potentially

498 views • 38 slides
Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is Apache Flink? Distributed Data Flow Processing System Focused on large-scale data analytics Real-time stream and batch processing Easy and

667 views • 39 slides
Measuring the Adequacy and Equity of Montanas Wage Loss Benefits Study Approach and

Measuring the Adequacy and Equity of Montanas Wage Loss Benefits Study Approach and

Measuring the Adequacy and Equity of Montanas Wage Loss Benefits Study Approach and Expectations LMAC-September, 2010 Big Sky , Montana Frank Neuhauser UC Berkeley For LMAC/Employment Relations Division Policy Objectives Adequacy --

223 views • 18 slides
Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde DATA

Large-Scale Data Engineering Data streams and low latency processing event.cwi.nl/lsde DATA STREAM BASICS event.cwi.nl/lsde2015 event.cwi.nl/lsde What is a data stream? Large data volume, likely structured, arriving at a very high rate

959 views • 64 slides
INTERNET SERVICES 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

INTERNET SERVICES 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2

2110414 - Large Scale Computing Systems 1 LARGE SCALE INTERNET SERVICES 2110414 Large Scale Computing Systems Natawut Nupairoj, Ph.D. Outline 2 Overview Background Knowledge Architectural Case Studies Real-World Case Study

609 views • 35 slides
Large-Scale Machine Learning at Twitter 2 Large-Scale Machine Learning at Twitter Jimmy Lin and

Large-Scale Machine Learning at Twitter 2 Large-Scale Machine Learning at Twitter Jimmy Lin and

Large-Scale Machine Learning at Twitter 2 Large-Scale Machine Learning at Twitter Jimmy Lin and Alek Kolcz Twitter, Inc. 1 Image source:google.com/images Large-Scale Machine Learning at Twitter Outline Outline Is twitter big data?

582 views • 40 slides

More recommend