Phu Phung, Ph.D. / Ahmed L. Ouadrhiri, Ph.D.
While fraud detection companies use fingerprinting methods as a secondary form of identification, attackers can exploit these fingerprinting methods due to the revealing nature of the software and hardware information collected. Attackers can use this sensitive information to target users with known vulnerabilities, monitor a user’s activity, and even reveal their identity without their knowledge or consent. Unfortunately, average users have limited options to opt out of or block fingerprinting attacks.
We have performed intensive experiments to demonstrate the effectiveness of our approach. In particular, we replicated and revised an existing fingerprinting attack that collects network link- state information to construct unique fingerprints. We deployed this fingerprinting attack on the cloud and collected data from web users nationwide, which are used by a machine learning model to reveal users’ locations with high accuracy. We have implemented our mitigation method by extending a browser extension prototype. The prototype demonstrated that our proposed method could effectively prevent data collection from the fingerprinting attack.
This item is protected by copyright law (Title 17, U.S. Code) and may only be used for noncommercial, educational, and scholarly purposes.