Many password alternatives for web authentication proposed over the years, despite having different designs and objectives, all predominantly rely on the knowledge of some secret. This motivates us, herein, to provide the first detailed exploration of the integration of a fundamentally different element of defense into the design of web authentication schemes: a mimicry-resistance dimension. We analyze web authentication mechanisms with respect to new usability and security properties related to mimicry-resistance (augmenting the UDS framework), and in particular evaluate invisible techniques (those requiring neither user actions, nor awareness) that provide some mimicry-resistance (unlike those relying solely on static secrets), including device fingerprinting schemes, PUFs (physically unclonable functions), and a subset of Internet geolocation mechanisms.

中文翻译：

---

抗模仿和不可见 Web 身份验证方案的比较分析和框架评估

多年来提出的许多用于 Web 身份验证的密码替代方案，尽管具有不同的设计和目标，但都主要依赖于某些秘密的知识。这促使我们在此首次详细探索将根本不同的防御元素集成到 Web 身份验证方案的设计中：模仿抵抗维度。我们分析了与抗模仿性相关的新可用性和安全属性（增强 UDS 框架）的 Web 身份验证机制，特别是评估提供一些抗模仿性（不同于那些不需要用户操作或意识的技术）的隐形技术完全依赖静态秘密），包括设备指纹方案、PUF（物理上不可克隆的功能），