Abstract

We propose a two-step TLS-based fingerprinting approach using combinatorial sequences and properties of TLS handshake messages. Our approach combines fingerprinting based on attributes of the initial ClientHello message with the observed behavior of TLS clients when presented with permuted handshake messages in order to enhance the granularity of the derived fingerprints without increasing the required number of exchanged messages. We conduct a detailed evaluation against 21 browsers and TLS clients on two operating systems. The results show a significant increase in the entropy of the achieved splittings, allowing for a more precise identification of the TLS client than permitted by either of the underlying approaches in isolation.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
CertLedger: A new PKI model with Certificate Transparency based on blockchain
Murat Yasin Kubilay ... Hacı Ali Mantar
Computers & Security | VOL. 85
Murat Yasin Kubilay, et. al.Murat Yasin Kubilay ... Hacı Ali Mantar
21 May 2019
Behavioral fingerprinting of Internet‐of‐Things devices
Bruhadeshwar Bezawada ... Indrajit Ray
WIREs Data Mining and Knowledge Discovery | VOL. 11
Bruhadeshwar Bezawada, et. al.Bruhadeshwar Bezawada ... Indrajit Ray
30 Sep 2019
KORGAN: An Efficient PKI Architecture Based on PBFT Through Dynamic Threshold Signatures
Murat Yasin Kubilay ... Mehmet Sabir Kiraz
The Computer Journal | VOL. 64
Murat Yasin Kubilay, et. al.Murat Yasin Kubilay ... Mehmet Sabir Kiraz
12 Aug 2020
Categorizing TLS traffic based on JA3 pre-hash values
Jenny Heino ... Seppo Virtanen
Procedia Computer Science | VOL. 220
Jenny Heino, et. al.Jenny Heino ... Seppo Virtanen
01 Jan 2023
View more papers

More From: Computers & Security

Paper Title
Journal
Date
Author
Control-flow attestation: Concepts, solutions, and open challenges
Zhanyu Sha ... Konstantinos Markantonakis
Computers & Security | VOL. -
Zhanyu Sha, et. al.Zhanyu Sha ... Konstantinos Markantonakis
01 Dec 2024
Profiling the victim - cyber risk in commercial banks
Paweł Smaga
Computers & Security | VOL. -
Paweł SmagaPaweł Smaga
01 Dec 2024
Privacy and Security of Wearable Internet of Things: A Scoping Review and Conceptual Framework Development for Safety and Health Management in Construction
Chinedu Okonkwo ... Oluwafemi Akanfe
Computers & Security | VOL. -
Chinedu Okonkwo, et. al.Chinedu Okonkwo ... Oluwafemi Akanfe
01 Dec 2024
A technique to detect and mitigate false data injection attacks in Cyber-Physical Systems
Sushree Padhan ... Ashok Kumar Turuk
Computers & Security | VOL. -
Sushree Padhan, et. al.Sushree Padhan ... Ashok Kumar Turuk
01 Dec 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.