Difference between revisions of "Digital Fingerprint"

Revision as of 10:26, 21 August 2019

Full Title or Meme

A Digital Fingerprint is a collection of data that is likely to be invariant about some digital object that can be used as an Identifier of that object.

Context

• The original Digital Fingerprint is a hash of a digital object, like a user's public key, that can be used as an Identifier of the object.
• Internet web servers have long kept logs on activities of data flowing over the wire in the HTTP web protocol. That has been used for some time to establish a pattern of data about a user that can be used in Fraud Detection. We have most likely experienced some Web Site complaining that they device we are using has not been used before based on data in the HTTP log, specifically on the IP addressed to to access the site.
• Now that site can run JavaScript programs in any browser, there is a new trove of data that they can collect and used in Fraud Detection.

Problems

• Use of Digital Fingerprints of data that can be spoofed by an attacker is simple part of the game of "cat and mouse" between the fraud detection services and the hackers. Eventually the hackers learn what data is requested and create programs that can supply data data to the Web Site on demand. The owner of a computer can still take complete control of all of the resources of the computer if they have the talent to do so.

Solutions

• If the data that is used in the fingerprint is publicly available, then any hacker that can access the data can create the fingerprint.
• In the original use of the fingerprint of a public key, this is no problem. In the case where the fingerprint is used in Fraud Detection it devastates the purpose of the fingerprint.

References