DEVICE FINGERPRINTS FOR BOTS

HOW DEVICE FINGERPRINTS IN DIGITAL SECURITY CAN HELP TO PREVENT BOT ATTACKS AT THE EDGE OF NETWORK

The Importance of Device Fingerprints in Digital Security

WHAT ARE DEVICE FINGERPRINTS?

“The digital fingerprint is particularly useful at the network edge. Invalid traffic is blocked at the network edge, creating a zero tolerance policy, before the potential bad actors even reach the endpoint"

Device Fingerprints: Digital Identity in CyberSecurity

Behaviour tracking using ML

Arthur Conan Doyle, the literary creator of Sherlock Holmes, was a man of reason and logic, who applied science together with innovation in forensic methods often making use of the fingerprint to fight crime. The Sherlock Holmes stories were written several years before London’s police force, Scotland Yard, began to actually use the fingerprint as standard police practice.

Today digital device fingerprints play a crucial role in safeguarding online experiences, preventing fraud, and enhancing user personalization.

In this article, we will take our magnifying glass into the world of device fingerprints, exploring what they are, how they work, and address privacy issues for law abiding citizens. We also look at how the hackers try and wear digital gloves to cover their tracks.

Why Digital Fingerprints Matter

INTRODUCTION TO DEVICE FINGERPRINTS

With the proliferation of internet-connected devices, it has become increasingly challenging to verify the identity of users and devices accurately. Device fingerprints, also known as digital fingerprints, emerge as a solution to this challenge. A device fingerprint is a unique identifier that distinguishes one device from another based on its distinctive characteristics

A device fingerprint is a unique identifier based on the hardware, software and digital provenance identifiers.

WHAT ARE DEVICE FINGERPRINTS?

In essence, a device fingerprint is a digital representation of a device's attributes, encompassing both hardware and software, as well as its digital provenance.

It encompasses a plethora of information, including but not limited to the device's operating system, browser and plugins, network settings including IP address, cookie settings, screen resolution, canvas size, language and time zone. Collectively, the hardware and software platform setting together with the digital provenance, creates a distinct pattern, much like a human fingerprint.

Blocking Bots at the network edge

THE IMPORTANCE OF DEVICE FINGERPRINTS IN DIGITAL SECURITY

Device fingerprints play a pivotal role in digital security, particularly in the realm of online authentication. By employing device fingerprints, cybersecurity professionals can ensure that the device trying to access an account or service is legitimate. This helps thwart unauthorized access attempts and safeguards sensitive user data from falling into the wrong hands.


The digital fingerprint is particularly useful at the network edge. Fingerprints that fail the tests can be blocked at the network edge, creating a zero tolerance policy, before the bad actors even reach the endpoint.


Adopting a zero tolerance policy at the network edge prevents a whole host of problems from bots and other malicious actors further down the line. It’s far easier to prevent access to bad actors, than dust for fingerprints at a crime scene.


Using ML to combine thousands of factors that make up a fingerprint

HOW DEVICE FINGERPRINTS ARE CREATED

Creating a device fingerprint involves collecting hundreds or even thousands of individual data points from the device and combining them to produce an overall risk score. VerifiedVisitors uses Machine Learning (ML) models to process the complex data. The fingerprinting process can be active or passive, depending on the methods used to gather information

Hardware, software, digital provenance and behaviour all make up the fingerprint

UNDERSTANDING THE COMPONENTS OF DEVICE FINGERPRINTS

To comprehend how device fingerprints are constructed, let's explore the key components that contribute to their uniqueness:


- Hardware Information


Details about the device's hardware platform, such as the processor type, memory, canvas size, mobile GPS or accelerometer data, and device ID, form the core of the hardware-based fingerprint.


- Software Configuration


The software configuration encompasses the operating system and its platform version, browser, installed fonts, and other software-related attributes, plug-ins, language,default settings, all contribute significantly to the device's fingerprint.


- Network Parameters / Digital Provenance


Information related to the device's network, such as the IP address, ASN, data centre indicators, known bad IPs, botnets, proxies etc. all adds another layer of distinctiveness to the fingerprint.


- Browser and User Agent Details


The browser and user agent details provide insights into the browser type, version, installed plugins, and other browser-related characteristics. A critical element is ensuring the self-declared user-agent string is compatible with the hardware platform. For example, if the user agent string is an Apple iPhone, does it have the correct iPhone hardware fingerprint?

Combining Methods with ML is far more effective.

DEVICE FINGERPRINTING TECHNIQUES

There are primarily two types of device fingerprinting techniques:


- Active Fingerprinting


Active fingerprinting involves direct interaction with the device, such as querying the browser for specific information or employing JavaScript to gather details.


- Passive Fingerprinting


Passive fingerprinting, on the other hand, relies on data that the device unintentionally exposes during normal internet browsing.


- Combination Techniques


At VerifiedVisitor we combine several fingerprinting methods using both active and passive techniques to create more comprehensive and accurate fingerprints.The ML models allows us to be far more accurate, and process larger volumes of data than was possible until only recently. There is a constant trade of between the speed of response, and the accuracy of the verification process.


Luckily, if we find a potential risk issue with a fingerprint, it’s likely the visitor is automated - and if we do spend a little longer analysing the total fingerprint, no humans suffer in the process. Once flagged, the actual behaviour of the visitors often gives the game away.



Zero Tolerannce at the Edge of Network is invaluable

APPLICATIONS OF DEVICE FINGERPRINTS

Applying a zero tolerance policy for automated traffic at the network edge, using combined fingerprint and behavioural tracking has many advantages across a wide range of applications besides the core Bot prevention and Cybersecurity.

- Fraud Detection and Prevention

Device fingerprints aid in identifying fraudulent activities by recognizing suspicious devices or abnormal behavior patterns before they can have a change to do harm. Zero tolerance at the network edge often means the hackers will try a different site. You’re cybersecurity doesn’t have to be absolutely the best, just better than your cohorts.

- Privacy and IP Protection

Bots often specifically want to target Personally Identifiable Information PII, or are used to scrape your valuable content or other IP. They can be used to identify staff, email addresses, job titles and other basic data that is then used in a further phishing attack.

- Website Traffic Analysis

Website owners leverage device fingerprints to analyze the true visitor traffic patterns without the distortion of automated visitors and invalid traffic types. Clean data is a hugely valuable asset if you’re using analytics to optimise user flow, and taking decisions based on these analytics.


PRIVACY CONCERNS AND ETHICAL CONSIDERATIONS

While device fingerprints offer numerous benefits, they also raise concerns regarding user privacy. Collecting and storing vast amounts of user data demands responsible practices and transparency from service providers. However, it’s important to note the fingerprint is never tied to an individual person, and the central task of the fingerprint, is precisely to identify non-human bot traffic, that often is specifically targeted at stealing Intellectual Property (IP) as well as Personal Identifiable Information (PII).

It’s the combination of hardware and software platform with the network activity. It can be argued that an IP address may under certain circumstances reveal personal identifiable information (PII). For example a static IP could be geolocated to a particular address or region, which in theory could be used to trace back to a particular business or household, and from there, narrowed down to the actual person. This is like leaving the geolocation meta-data from your mobile camera in your pictures which you then post-online. Using a mobile gateway, VPN, or simply using the default dynamic IP from your ISP all mitigate the risk from geo-location from the IP address itself.

As always it’s a trade off. At one level we have a frightening dystopian One World ID based on actual biometric Iris scans, linked to financial platforms - and at the other we have fingerprint data from your device that most people simply don’t care about

Putting on the Gloves

HOW HACKERS ADAPT TO DEVICE FINGERPRINTING

Hackers of course know and understand how the fingerprinting technology works, and they in turn have to program around them. In fact, to truly get around the most complex fingerprinting models, the hackers have to get everything exactly right. VerifiedVisitors just needs to spot one inconsistency between the stated user agent browser, and its platform stack, to invalidate the visitor. The odds are stacked.

The basic approach is first to decide if their bot will attempt to accept a cookie. A small minority of users, particularly tech savvy ones, refuse to run random JavaScript, and so the fingerprint fails. This is the equivalent of wearing gloves. Typically this is less than 1% of the total visitor traffic, so this traffic self identifies fairly easily.

Without the fingerprint, VerifiedVisitors relies on the digital provenance and behavioural detectors, which are usually more than enough to prove the presence of a sentient being. Not taking the fingerprint usually indicates a basic bot, that simply fails the digital provenance, proof of work, and behavioural detectors.

Sophisticated bots take the fingerprint, and fake the results, and the detection game is now on. At that point, they need to ensure the self-declared user agent and browser is exactly compatible with the hardware platform and it’s digital provenance.

Sophisticated bots typically use domestic IPs, Cybercrime as a Service (CaaS) proxies or botnets, which hides their digital provenance effectively. Since they are using an actual device, many of the platform inconsistency checks are passed. Although these sophisticated bots aren’t as common, the problem is they are much more difficult to detect, and often have been tailored to hit your site. They can pass CAPTCHA. They are much more damaging.

These much more sophisticated bots pass many of the basic configuration and provenance checks, but they are still programatically controlled. In these situations the fingerprint looks at the behavioural factors, mouse movements, and tell tales from the distributed platform used to control the bots.In this case, it’s the equivalent of a fingerprint fragment.

Making a match on a partial print, is obviously more difficult. Today, the latest law enforcement techniques use pore clustering based on new algorithms, and look at edge construction and compare the edge results. Looking at the pores and the edges allows for highly accurate results with a much smaller fingerprint fragment. VerifiedVisitors effectively use the same technique. The overall fingerprint looks legitimate, but smaller tell tale details mark the fingerprint as automated.


It's an arms race as the bots fight back

FUTURE TRENDS IN DEVICE FINGERPRINTING

VerifiedVisitors is constantly looking at how to use advancements in machine learning to drive further accuracy and improvements. However, the latest ML techniques can also be used by the hackers themselves. Reinforcement Learning (RL) algorithms which use trial and error at vast scale to effectively gamify the reward - bypassing fingerprint methods of detection. Already we are seeing the use of RL to bypass Google reCAPTCHA v3 by training the web bot to learn how to move the mouse and click on the reCAPTCHA button

CONCLUSION

In conclusion, device fingerprints play a crucial role in securing our digital world. They provide an innovative and effective means of identifying devices and users while offering various applications across industries. As technology continues to advance, striking a balance between security and user privacy is a constant challenge.


HOW VERIFIEDVISITORS PROTECTS YOU

VerifiedVisitors protects all your endpoints - API, & websites across the hybrid cloud - all with no software to install in milliseconds. Adding zero tolerance at the network edge greatly increases your overall security footprint, preventing bot attacks and fraud before they can do harm.