• Title/Summary/Keyword: Browser Fingerprinting

Search Result 2, Processing Time 0.015 seconds

A Phishing Attack using Website Fingerprinting on Android Smartphones (안드로이드 스마트폰에서 웹사이트 핑거프린팅을 통한 피싱 공격)

  • Ahn, Woo Hyun;Oh, Yunseok;Pyo, Sang-Jin;Kim, Tae-Soon;Lim, Seung-Ho;Oh, Jaewon
    • Convergence Security Journal
    • /
    • v.15 no.7
    • /
    • pp.9-19
    • /
    • 2015
  • The Android operating system is exposed to a phishing attack of stealing private information that a user enters into a web page. We have discovered two security vulnerabilities of the phishing attack. First, an always-on-top scheme allows malware to place a transparent user interface (UI) on the current top screen and intercept a user input. Second, the Android provides some APIs that allow malware to obtain the information of a currently visited web page. This paper introduces a phishing that attacks a web page by exploiting the two vulnerabilities. The attack detects a visit to a security-relevant web page and steals private information from the web page. Our experiments on popular web sites reveal that the attack is significantly accurate and dangerous.

A Study on User Authentication Model Using Device Fingerprint Based on Web Standard (표준 웹 환경 디바이스 핑거프린트를 활용한 이용자 인증모델 연구)

  • Park, Sohee;Jang, Jinhyeok;Choi, Daeseon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.631-646
    • /
    • 2020
  • The government is pursuing a policy to remove plug-ins for public and private websites to create a convenient Internet environment for users. In general, financial institution websites that provide financial services, such as banks and credit card companies, operate fraud detection system(FDS) to enhance the stability of electronic financial transactions. At this time, the installation software is used to collect and analyze the user's information. Therefore, there is a need for an alternative technology and policy that can collect user's information without installing software according to the no-plug-in policy. This paper introduces the device fingerprinting that can be used in the standard web environment and suggests a guideline to select from various techniques. We also propose a user authentication model using device fingerprints based on machine learning. In addition, we actually collected device fingerprints from Chrome and Explorer users to create a machine learning algorithm based Multi-class authentication model. As a result, the Chrome-based Authentication model showed about 85%~89% perfotmance, the Explorer-based Authentication model showed about 93%~97% performance.