Supplemental Authentication via Internet Fingerprinting
Date
2011
Authors
Advisors
Journal Title
Journal ISSN
Volume Title
Repository Usage Stats
views
downloads
Abstract
Internet websites are a regular medium for exchanging sensitive information such as online banking. The security of this information is paramount. Today, one facet of this security - authenticating a website to its users - depends on the trust of a third party (i.e., a certificate authority). However, web browsers currently trust many certificate authorities from around the world. Some of them may be compromised or untrustworthy. This work explores an authentication scheme that does not require trust but instead uses unexploited network characteristics of a website to authenticate the website to users. Our preliminary evaluation shows that this scheme can reject all of over 200,000 verified online phishing website visits while recognizing more than 99% of the 7,000 legitimate websites over the course of a week. Results suggest that network characteristics can provide a supplemental website authentication scheme. It has no noticeable overhead or network footprint and is independent of any third party trust.
Type
Department
Description
Provenance
Citation
Permalink
Citation
Tate, Ryan (2011). Supplemental Authentication via Internet Fingerprinting. Master's thesis, Duke University. Retrieved from https://hdl.handle.net/10161/3778.
Collections
Except where otherwise noted, student scholarship that was shared on DukeSpace after 2009 is made available to the public under a Creative Commons Attribution / Non-commercial / No derivatives (CC-BY-NC-ND) license. All rights in student work shared on DukeSpace before 2009 remain with the author and/or their designee, whose permission may be required for reuse.