Publication Details

On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

MATOUŠEK Petr, BURGETOVÁ Ivana, RYŠAVÝ Ondřej and VICTOR Malombe. On Reliability of JA3 Hashes for Fingerprinting Mobile Applications. In: Digital Forensics and Cyber Crime. ICDF2C 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 351. Boston: Springer International Publishing, 2021, pp. 1-22. ISBN 978-3-030-68733-5. Available from: https://link.springer.com/chapter/10.1007%2F978-3-030-68734-2_1
Czech title
Spolehlivost otisků JA3 pro mobilní aplikace
Type
conference paper
Language
english
Authors
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Burgetová Ivana, Ing., Ph.D. (DIFS FIT BUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Victor Malombe (FIT BUT)
URL
Keywords

Mobile application, TLS fingerprinting, network forensics, encrypted communication

Abstract

In recent years, mobile communication has become more secure due to TLS encapsulation. TLS enhances user security by encrypting transmitted data, on the other hand it limits network monitoring and data capturing which is important for digital forensics. When observing mobile traffic today most transmissions are encapsulated by TLS. Encrypted packets causes traditional methods to be obsolete for device fingerprinting that require visibility of protocol headers of HTTP, IMAP, SMTP, IM, etc. As a reaction to data encryption, new methods like TLS fingerprinting have been researched. These methods observe TLS parameters which are exchanged in an open form  before the establishment of a secure channel. TLS parameters can be used for identification of a sending application. Nevertheless, with the constant evolution of TLS protocol suites, it is not easy to create a unique and stable TLS fingerprint for forensic purposes. This paper presents experiments with JA3 hashes on mobile apps. We focus especially on the stability, reliability and uniqueness of JA3 fingerprints for digital forensics. 

Published
2021
Pages
1-22
Proceedings
Digital Forensics and Cyber Crime. ICDF2C 2020
Series
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Volume
351
Conference
EAI International Conference on Digital Forensics & Cyber Crime, Boston, US
ISBN
978-3-030-68733-5
Publisher
Springer International Publishing
Place
Boston, US
DOI
EID Scopus
BibTeX
@INPROCEEDINGS{FITPUB12307,
   author = "Petr Matou\v{s}ek and Ivana Burgetov\'{a} and Ond\v{r}ej Ry\v{s}av\'{y} and Malombe Victor",
   title = "On Reliability of JA3 Hashes for Fingerprinting Mobile Applications",
   pages = "1--22",
   booktitle = "Digital Forensics and Cyber Crime. ICDF2C 2020",
   series = "Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering",
   volume = 351,
   year = 2021,
   location = "Boston, US",
   publisher = "Springer International Publishing",
   ISBN = "978-3-030-68733-5",
   doi = "10.1007/978-3-030-68734-2\_1",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12307"
}
Files
Back to top