Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Morellian analysis for browsers: Making web authentication stronger with canvas fingerprinting
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.ORCID iD: 0000-0002-4015-4640
2019 (English)In: Detection of Intrusions and Malware, and Vulnerability Assessment: 16th International Conference, DIMVA 2019, Gothenburg, Sweden, June 19–20, 2019, Proceedings / [ed] Roberto Perdisci, Clémentine Maurice, Giorgio Giacinto, Magnus Almgren, Springer Verlag , 2019, p. 43-66Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we present the first fingerprinting-based authentication scheme that is not vulnerable to trivial replay attacks. Our proposed canvas-based fingerprinting technique utilizes one key characteristic: it is parameterized by a challenge, generated on the server side. We perform an in-depth analysis of all parameters that can be used to generate canvas challenges, and we show that it is possible to generate unique, unpredictable, and highly diverse canvas-generated images each time a user logs onto a service. With the analysis of images collected from more than 1.1 million devices in a real-world large-scale experiment, we evaluate our proposed scheme against a large set of attack scenarios and conclude that canvas fingerprinting is a suitable mechanism for stronger authentication on the web.

Place, publisher, year, edition, pages
Springer Verlag , 2019. p. 43-66
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 11543
Keywords [en]
Authentication, Computer crime, Malware, Attack scenarios, Authentication scheme, Fingerprinting techniques, In-depth analysis, Key characteristics, Large scale experiments, Parameterized, Web authentication, Image analysis
National Category
Information Systems
Identifiers
URN: urn:nbn:se:kth:diva-262441DOI: 10.1007/978-3-030-22038-9_3ISI: 000502716000003Scopus ID: 2-s2.0-85067800996ISBN: 9783030220372 (print)OAI: oai:DiVA.org:kth-262441DiVA, id: diva2:1367598
Conference
16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019, Gothenburg, Sweden, 19-20 June 2019
Note

QC 20191104. QC 20200110

Available from: 2019-11-04 Created: 2019-11-04 Last updated: 2020-01-10Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopusConference proceedingsConference website

Authority records BETA

Baudry, Benoit

Search in DiVA

By author/editor
Baudry, Benoit
By organisation
Software and Computer systems, SCS
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 21 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf