Affiliation:
1. Faculty of Information Science and Engineering, Ocean University of China, Qingdao 266000, China
2. School of Computer Science and Technology, Liaocheng University, Liaocheng 252000, China
Abstract
Users encounter various threats, such as cross-site scripting attacks and session hijacking, when they perform login operations in the browser. These attacks pose significant risks to the integrity and confidentiality of personal data. The browser fingerprint, as an authentication technique, can effectively enhance user security. However, attackers can bypass browser fingerprint authentication through phishing attacks and other methods, leading to unauthorized logins. To address these issues, we propose a secure browser fingerprint authentication scheme that integrates the data of the browser cache side-channel into the traditional browser fingerprint. Consequently, it enhances the dynamics and non-determinism of the browser fingerprint and improves the anti-attack capabilities of the authentication process. Experimental results demonstrate that this scheme can effectively mitigate phishing attacks and man-in-the-middle attacks, achieving a 95.33% recognition rate for attackers and a 96.17% recall rate for authorized users.
Reference44 articles.
1. Usage and impact of the internet-of-things-based smart home technology: A quality-of-life perspective;Rock;Univers. Access Inf. Soc.,2024
2. Browser fingerprinting: A survey;Laperdrix;ACM Trans. Web (TWEB),2020
3. Laperdrix, P., Rudametkin, W., and Baudry, B. (2016, January 22–26). Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.
4. Social implications of the Internet;DiMaggio;Annu. Rev. Sociol.,2001
5. Ross, B., Jackson, C., Miyake, N., Boneh, D., and Mitchell, J.C. (August, January 31). Stronger Password Authentication Using Browser Extensions. Proceedings of the USENIX Security Symposium, Baltimore, MD, USA.