BrFAST: a Tool to Select Browser Fingerprinting Attributes for Web Authentication According to a Usability-Security Trade-off

  title={BrFAST: a Tool to Select Browser Fingerprinting Attributes for Web Authentication According to a Usability-Security Trade-off},
  author={Nampoina Andriamilanto and T. Allard},
  journal={Companion Proceedings of the Web Conference 2021},
In this demonstration, we put ourselves in the place of a website manager who seeks to use browser fingerprinting for web authentication. The first step is to choose the attributes to implement among the hundreds that are available. To do so, we developed BrFAST, an attribute selection platform that includes FPSelect, an algorithm that rigorously selects the attributes according to a trade-off between security and usability. BrFAST is configured with a set of parameters for which we provide… 

Figures and Tables from this paper

Phish in Sheep’s Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting

This paper presents the first comprehensive and in-depth exploration of the security implications of real-world systems relying on browser fingerprints for authentication, and develops a tool for auto-constructing browser-based fingerprinting vectors that replicate the process of target websites, enabling the extraction of fingerprinting from users’ devices that exactly match those generated by target websites.



FPSelect: Low-Cost Browser Fingerprints for Mitigating Dictionary Attacks against Web Authentication Mechanisms

This work proposes FPSelect, an attribute selection framework allowing verifiers to tune their browser fingerprinting probes for web authentication, and finds out that in the experimental settings, the framework selects attribute sets of lower usability cost.

A Large-scale Empirical Analysis of Browser Fingerprints Properties for Web Authentication

This article makes the link between the digital fingerprints that distinguish browsers, and the biological fingerprint that distinguish Humans, to evaluate browser fingerprints according to properties inspired by biometric authentication factors, and concludes that their browser fingerprints carry the promise to strengthen web authentication mechanisms.

Fingerprinting Web Users Through Font Metrics

It is shown that of the over 125,000 code points examined, it suffices to test only 43 in order to account for all the variation seen in the experiment, andFont metrics, being orthogonal to many other fingerprinting techniques, can augment and sharpen those other techniques.

How Unique Is Your Web Browser?

  • P. Eckersley
  • Computer Science
    Privacy Enhancing Technologies
  • 2010
The degree to which modern web browsers are subject to "device fingerprinting" via the version and configuration information that they will transmit to websites upon request is investigated, and what countermeasures may be appropriate to prevent it is discussed.

Hiding in the Crowd: an Analysis of the Effectiveness of Browser Fingerprinting at Large Scale

The key insight is that the percentage of unique fingerprints in the dataset is much lower than what was reported in the past: only 33.6% of fingerprints are unique by opposition to over 80% in previous studies.

Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints

This work explores the validity of browser fingerprinting in today's environment, and shows that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user's system.

FP-STALKER: Tracking Browser Fingerprint Evolutions

It is shown that browser fingerprints tend to change frequently—from every few hours to days—due to, for example, software updates or configuration changes, yet, despite these frequent changes, it is show thatbrowser fingerprints can still be linked, thus enabling long-term tracking.

An Empirical Evaluation of Web-Based Fingerprinting

An analysis of fingerprinting techniques and tools revealed the fingerprinting workflow, which helped define fine-grained properties that precisely model the workflow, allowing development of a client-side fingerprinting-detection tool.

Combining Features in Browser Fingerprinting

This study calculated the identification accuracy of different combinations of features using 9,457 samples of fingerprints collected on the authors' website to collect fingerprints, and compared to Panopticlick, realized 1.006, 3.894, 7.456%, and 3.840% identification accuracy improvement on the Windows, Mac, iOS, and Android operating systems.

Browser Fingerprinting

The research performed in the domain of browser fingerprinting is surveyed, while providing an accessible entry point to newcomers in the field to understand the composition of modern fingerprints.