HOW DEVICE FINGERPRINTS IN DIGITAL SECURITY CAN HELP TO PREVENT BOT ATTACKS AT THE EDGE OF NETWORK

In essence, a device fingerprint is a digital representation of a device's attributes, encompassing both hardware and software, as well as its digital provenance.

‍

It encompasses a plethora of information, including but not limited to the device's operating system, browser and plugins, network settings including IP address, cookie settings, screen resolution, canvas size, language and time zone. Collectively, the hardware and software platform setting together with the digital provenance, creates a distinct pattern, much like a human fingerprint.

Device fingerprints play a pivotal role in digital security, particularly in the realm of online authentication. By employing device fingerprints, cybersecurity professionals can ensure that the device trying to access an account or service is legitimate. This helps thwart unauthorized access attempts and safeguards sensitive user data from falling into the wrong hands.

The digital fingerprint is particularly useful at the network edge. Fingerprints that fail the tests can be blocked at the network edge, creating a zero tolerance policy, before the bad actors even reach the endpoint.

Adopting a zero tolerance policy at the network edge prevents a whole host of problems from bots and other malicious actors further down the line. It’s far easier to prevent access to bad actors, than dust for fingerprints at a crime scene.

Creating a device fingerprint involves collecting hundreds or even thousands of individual data points from the device and combining them to produce an overall risk score. VerifiedVisitors uses Machine Learning (ML) models to process the complex data. The fingerprinting process can be active or passive, depending on the methods used to gather information

To comprehend how device fingerprints are constructed, let's explore the key components that contribute to their uniqueness:

- Hardware Information

Details about the device's hardware platform, such as the processor type, memory, canvas size, mobile GPS or accelerometer data, and device ID, form the core of the hardware-based fingerprint.

- Software Configuration

The software configuration encompasses the operating system and its platform version, browser, installed fonts, and other software-related attributes, plug-ins, language,default settings, all contribute significantly to the device's fingerprint.

- Network Parameters / Digital Provenance

Information related to the device's network, such as the IP address, ASN, data centre indicators, known bad IPs, botnets, proxies etc. all adds another layer of distinctiveness to the fingerprint.

- Browser and User Agent Details

The browser and user agent details provide insights into the browser type, version, installed plugins, and other browser-related characteristics. A critical element is ensuring the self-declared user-agent string is compatible with the hardware platform. For example, if the user agent string is an Apple iPhone, does it have the correct iPhone hardware fingerprint?

There are primarily two types of device fingerprinting techniques:

- Active Fingerprinting

Active fingerprinting involves direct interaction with the device, such as querying the browser for specific information or employing JavaScript to gather details.

- Passive Fingerprinting

Passive fingerprinting, on the other hand, relies on data that the device unintentionally exposes during normal internet browsing.

- Combination Techniques

At VerifiedVisitor we combine several fingerprinting methods using both active and passive techniques to create more comprehensive and accurate fingerprints.The ML models allows us to be far more accurate, and process larger volumes of data than was possible until only recently. There is a constant trade of between the speed of response, and the accuracy of the verification process.

Luckily, if we find a potential risk issue with a fingerprint, it’s likely the visitor is automated - and if we do spend a little longer analysing the total fingerprint, no humans suffer in the process. Once flagged, the actual behaviour of the visitors often gives the game away.

Applying a zero tolerance policy for automated traffic at the network edge, using combined fingerprint and behavioural tracking has many advantages across a wide range of applications besides the core Bot prevention and Cybersecurity.

‍

- Fraud Detection and Prevention

‍

Device fingerprints aid in identifying fraudulent activities by recognizing suspicious devices or abnormal behavior patterns before they can have a change to do harm. Zero tolerance at the network edge often means the hackers will try a different site. You’re cybersecurity doesn’t have to be absolutely the best, just better than your cohorts.

‍

- Privacy and IP Protection

‍

Bots often specifically want to target Personally Identifiable Information PII, or are used to scrape your valuable content or other IP. They can be used to identify staff, email addresses, job titles and other basic data that is then used in a further phishing attack.

‍

- Website Traffic Analysis

‍

Website owners leverage device fingerprints to analyze the true visitor traffic patterns without the distortion of automated visitors and invalid traffic types. Clean data is a hugely valuable asset if you’re using analytics to optimise user flow, and taking decisions based on these analytics.

While device fingerprints offer numerous benefits, they also raise concerns regarding user privacy. Collecting and storing vast amounts of user data demands responsible practices and transparency from service providers. However, it’s important to note the fingerprint is never tied to an individual person, and the central task of the fingerprint, is precisely to identify non-human bot traffic, that often is specifically targeted at stealing Intellectual Property (IP) as well as Personal Identifiable Information (PII).

‍

It’s the combination of hardware and software platform with the network activity. It can be argued that an IP address may under certain circumstances reveal personal identifiable information (PII). For example a static IP could be geolocated to a particular address or region, which in theory could be used to trace back to a particular business or household, and from there, narrowed down to the actual person. This is like leaving the geolocation meta-data from your mobile camera in your pictures which you then post-online. Using a mobile gateway, VPN, or simply using the default dynamic IP from your ISP all mitigate the risk from geo-location from the IP address itself.

‍

As always it’s a trade off. At one level we have a frightening dystopian One World ID based on actual biometric Iris scans, linked to financial platforms - and at the other we have fingerprint data from your device that most people simply don’t care about

Hackers of course know and understand how the fingerprinting technology works, and they in turn have to program around them. In fact, to truly get around the most complex fingerprinting models, the hackers have to get everything exactly right. VerifiedVisitors just needs to spot one inconsistency between the stated user agent browser, and its platform stack, to invalidate the visitor. The odds are stacked.

‍

The basic approach is first to decide if their bot will attempt to accept a cookie. A small minority of users, particularly tech savvy ones, refuse to run random JavaScript, and so the fingerprint fails. This is the equivalent of wearing gloves. Typically this is less than 1% of the total visitor traffic, so this traffic self identifies fairly easily.

‍

Without the fingerprint, VerifiedVisitors relies on the digital provenance and behavioural detectors, which are usually more than enough to prove the presence of a sentient being. Not taking the fingerprint usually indicates a basic bot, that simply fails the digital provenance, proof of work, and behavioural detectors.

‍

Sophisticated bots take the fingerprint, and fake the results, and the detection game is now on. At that point, they need to ensure the self-declared user agent and browser is exactly compatible with the hardware platform and it’s digital provenance.

‍

Sophisticated bots typically use domestic IPs, Cybercrime as a Service (CaaS) proxies or botnets, which hides their digital provenance effectively. Since they are using an actual device, many of the platform inconsistency checks are passed. Although these sophisticated bots aren’t as common, the problem is they are much more difficult to detect, and often have been tailored to hit your site. They can pass CAPTCHA. They are much more damaging.

‍

These much more sophisticated bots pass many of the basic configuration and provenance checks, but they are still programatically controlled. In these situations the fingerprint looks at the behavioural factors, mouse movements, and tell tales from the distributed platform used to control the bots.In this case, it’s the equivalent of a fingerprint fragment.

‍

Making a match on a partial print, is obviously more difficult. Today, the latest law enforcement techniques use pore clustering based on new algorithms, and look at edge construction and compare the edge results. Looking at the pores and the edges allows for highly accurate results with a much smaller fingerprint fragment. VerifiedVisitors effectively use the same technique. The overall fingerprint looks legitimate, but smaller tell tale details mark the fingerprint as automated.

VerifiedVisitors is constantly looking at how to use advancements in machine learning to drive further accuracy and improvements. However, the latest ML techniques can also be used by the hackers themselves. Reinforcement Learning (RL) algorithms which use trial and error at vast scale to effectively gamify the reward - bypassing fingerprint methods of detection. Already we are seeing the use of RL to bypass Google reCAPTCHA v3 by training the web bot to learn how to move the mouse and click on the reCAPTCHA button

In conclusion, device fingerprints play a crucial role in securing our digital world. They provide an innovative and effective means of identifying devices and users while offering various applications across industries. As technology continues to advance, striking a balance between security and user privacy is a constant challenge.

VerifiedVisitors protects all your endpoints - API, & websites across the hybrid cloud - all with no software to install in milliseconds. Adding zero tolerance at the network edge greatly increases your overall security footprint, preventing bot attacks and fraud before they can do harm.