Detail výsledku

On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

MATOUŠEK, P.; BURGETOVÁ, I.; RYŠAVÝ, O.; VICTOR, M. On Reliability of JA3 Hashes for Fingerprinting Mobile Applications. In Digital Forensics and Cyber Crime. ICDF2C 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Boston: Springer International Publishing, 2021. p. 1-22. ISBN: 978-3-030-68733-5.

Typ

článek ve sborníku konference

Jazyk

anglicky

Autoři

Matoušek Petr, doc. Ing., Ph.D., M.A., UIFS (FIT)
Burgetová Ivana, Ing., Ph.D., UIFS (FIT)
Ryšavý Ondřej, doc. Ing., Ph.D., UIFS (FIT)
Victor Malombe

Abstrakt

In recent years, mobile communication has become more secure due to TLS encapsulation. TLS enhances user security by encrypting transmitted data, on the other hand it limits network monitoring and data capturing which is important for digital forensics. When observing mobile traffic today most transmissions are encapsulated by TLS. Encrypted packets causes traditional methods to be obsolete for device fingerprinting that require visibility of protocol headers of HTTP, IMAP, SMTP, IM, etc. As a reaction to data encryption, new methods like TLS fingerprinting have been researched. These methods observe TLS parameters which are exchanged in an open form before the establishment of a secure channel. TLS parameters can be used for identification of a sending application. Nevertheless, with the constant evolution of TLS protocol suites, it is not easy to create a unique and stable TLS fingerprint for forensic purposes. This paper presents experiments with JA3 hashes on mobile apps. We focus especially on the stability, reliability and uniqueness of JA3 fingerprints for digital forensics.

Klíčová slova

Mobile application, TLS fingerprinting, network forensics, encrypted communication

URL

https://link.springer.com/chapter/10.1007%2F978-3-030-68734-2_1

Rok

2021

Strany

1–22

Sborník

Digital Forensics and Cyber Crime. ICDF2C 2020

Řada

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Svazek

351

Konference

EAI International Conference on Digital Forensics & Cyber Crime

ISBN

978-3-030-68733-5

Vydavatel

Springer International Publishing

Místo

Boston

DOI

10.1007/978-3-030-68734-2_1

EID Scopus

2-s2.0-85102611204

BibTeX

@inproceedings{BUT168482,
  author="Petr {Matoušek} and Ivana {Burgetová} and Ondřej {Ryšavý} and Malombe {Victor}",
  title="On Reliability of JA3 Hashes for Fingerprinting Mobile Applications",
  booktitle="Digital Forensics and Cyber Crime. ICDF2C 2020",
  year="2021",
  series="Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering",
  volume="351",
  pages="1--22",
  publisher="Springer International Publishing",
  address="Boston",
  doi="10.1007/978-3-030-68734-2\{_}1",
  isbn="978-3-030-68733-5",
  url="https://link.springer.com/chapter/10.1007%2F978-3-030-68734-2_1"
}

Soubory

Projekty

Integrovaná platforma pro zpracování digitálních dat z bezpečnostních incidentů, MV, Bezpečnostní výzkum České republiky 2015-2020, VI20172020062, zahájení: 2017-01-01, ukončení: 2020-06-30, ukončen
Metody AI pro zabezpečení kybernetického prostoru a řídicí systémy, VUT, Vnitřní projekty VUT, FIT-S-20-6293, zahájení: 2020-03-01, ukončení: 2023-02-28, ukončen

Výzkumné skupiny

NES@FIT - Výzkumná skupina počítačové sítě (VZ NES@FIT)

Pracoviště

Ústav informačních systémů (UIFS)