Scalable and Secure HTML5 Canvas-Based User Authentication
METADATA ONLY
Loading...
Author / Producer
Date
2022
Publication Type
Conference Paper
ETH Bibliography
yes
Citations
Altmetric
METADATA ONLY
Data
Rights / License
Abstract
Although browser fingerprinting has been widely studied from a privacy angle, there is also a case for fingerprinting in the context of risk-based authentication. Given that most browser-context features can be easily spoofed, APIs that potentially depend both on software and hardware have gained interest. HTML5 Canvas has been shown to provide a certain degree of characterization of a browser. However, multiple research questions remain open. In this paper, we study how to use this API for browser fingerprinting in a scalable way by means of a Siamese deep neural network. We also explore the limits of this technique on modern browsers that are progressively standardizing the Canvas outputs. On our evaluation using over 200 browser instances, we obtain an 82% accuracy in distinguishing browser instances in our dataset and 92% if the model only distinguishes between users with a different browser or OS. Our model has a 0% false-rejection rate and up to 36% average false acceptance rate on simulated attacks, that occurs mostly when victims and attackers share the same browser model and version and the same OS.
Permanent link
Publication status
published
External links
Book title
Applied Cryptography and Network Security Workshops
Journal / series
Volume
13285
Pages / Article No.
554 - 574
Publisher
Springer
Event
Security in Machine Learning and its Applications (SiMLA 2022)
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Risk-based authentication; Machine learning; Deep learning; Computer vision; Siamese networks; HTML5 Canvas
Organisational unit
03634 - Basin, David / Basin, David
Notes
Conference lecture held on June 22, 2022.