All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Network-based HTTPS Client Identification Using SSL/TLS Fingerprinting

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F15%3A00080521" target="_blank" >RIV/00216224:14610/15:00080521 - isvavai.cz</a>

  • Result on the web

    <a href="http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299941" target="_blank" >http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299941</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/ARES.2015.35" target="_blank" >10.1109/ARES.2015.35</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Network-based HTTPS Client Identification Using SSL/TLS Fingerprinting

  • Original language description

    The growing share of encrypted network traffic complicates network traffic analysis and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshake. The fingerprints of SSL/TLS handshakes, including a list of supported cipher suites, differ among clients and correlate to User-Agent values from a HTTP header. We built up a dictionary of SSL/TLS cipher suite lists and HTTP User-Agents and assigned the User-Agents to the observed SSL/TLS connections to identify communicating clients. We discuss host-based and network-based methods of dictionary retrieval and estimate the quality of the data. The usability of the proposed method is demonstrated on two case studies of network forensics.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

    <a href="/en/project/VF20142015037" target="_blank" >VF20142015037: Decoding of Encrypted Data Communication</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2015

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2015 10th International Conference on Availability, Reliability and Security

  • ISBN

    9781467365901

  • ISSN

  • e-ISSN

  • Number of pages

    8

  • Pages from-to

    389-396

  • Publisher name

    IEEE

  • Place of publication

    Toulouse

  • Event location

    Toulouse

  • Event date

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

HTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS FingerprintingOn Reliability of JA3 Hashes for Fingerprinting Mobile ApplicationsTool for mobile app fingerprinting