All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

HTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS Fingerprinting

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F16%3A00089221" target="_blank" >RIV/00216224:14610/16:00089221 - isvavai.cz</a>

  • Result on the web

    <a href="http://www.jis.eurasipjournals.com/content/2016/1/6" target="_blank" >http://www.jis.eurasipjournals.com/content/2016/1/6</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1186/s13635-016-0030-7" target="_blank" >10.1186/s13635-016-0030-7</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    HTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS Fingerprinting

  • Original language description

    The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshake. The fingerprints of SSL/TLS handshakes, including a list of supported cipher suites, differ among clients and correlate to User-Agent values from a HTTP header. We built up a dictionary of SSL/TLS cipher suite lists and HTTP User-Agents and assigned the User-Agents to the observed SSL/TLS connections to identify communicating clients. The dictionary was used to classify live HTTPS network traffic. We were able to retrieve client types from 95.4 % of HTTPS network traffic. Further, we discussed host-based and network-based methods of dictionary retrieval and estimated the quality of the data.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2016

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    EURASIP Journal on Information Security

  • ISSN

    1687-4161

  • e-ISSN

  • Volume of the periodical

    2016

  • Issue of the periodical within the volume

    1

  • Country of publishing house

    DE - GERMANY

  • Number of pages

    14

  • Pages from-to

    1-14

  • UT code for WoS article

    000387412900001

  • EID of the result in the Scopus database

    2-s2.0-84959325515

Similar results(10)

Network-based HTTPS Client Identification Using SSL/TLS FingerprintingTool for mobile app fingerprintingOn Reliability of JA3 Hashes for Fingerprinting Mobile Applications