Supplemental Authentication via Internet Fingerprinting
Internet websites are a regular medium for exchanging sensitive information such as online banking. The security of this information is paramount. Today, one facet of this security - authenticating a website to its users - depends on the trust of a third party (i.e., a certificate authority). However, web browsers currently trust many certificate authorities from around the world. Some of them may be compromised or untrustworthy. This work explores an authentication scheme that does not require trust but instead uses unexploited network characteristics of a website to authenticate the website to users. Our preliminary evaluation shows that this scheme can reject all of over 200,000 verified online phishing website visits while recognizing more than 99% of the 7,000 legitimate websites over the course of a week. Results suggest that network characteristics can provide a supplemental website authentication scheme. It has no noticeable overhead or network footprint and is independent of any third party trust.

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
Rights for Collection: Masters Theses
Works are deposited here by their authors, and represent their research and opinions, not that of Duke University. Some materials and descriptions may include offensive content. More info