On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F21%3APU138869" target="_blank" >RIV/00216305:26230/21:PU138869 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/chapter/10.1007%2F978-3-030-68734-2_1" target="_blank" >https://link.springer.com/chapter/10.1007%2F978-3-030-68734-2_1</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-030-68734-2_1" target="_blank" >10.1007/978-3-030-68734-2_1</a>

Jazyk výsledku

angličtina

Název v původním jazyce

On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

Popis výsledku v původním jazyce

In recent years, mobile communication has become more secure due to TLS encapsulation. TLS enhances user security by encrypting transmitted data, on the other hand it limits network monitoring and data capturing which is important for digital forensics. When observing mobile traffic today most transmissions are encapsulated by TLS. Encrypted packets causes traditional methods to be obsolete for device fingerprinting that require visibility of protocol headers of HTTP, IMAP, SMTP, IM, etc. As a reaction to data encryption, new methods like TLS fingerprinting have been researched. These methods observe TLS parameters which are exchanged in an open form  before the establishment of a secure channel. TLS parameters can be used for identification of a sending application. Nevertheless, with the constant evolution of TLS protocol suites, it is not easy to create a unique and stable TLS fingerprint for forensic purposes. This paper presents experiments with JA3 hashes on mobile apps. We focus especially on the stability, reliability and uniqueness of JA3 fingerprints for digital forensics. 

Název v anglickém jazyce

On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

Popis výsledku anglicky

In recent years, mobile communication has become more secure due to TLS encapsulation. TLS enhances user security by encrypting transmitted data, on the other hand it limits network monitoring and data capturing which is important for digital forensics. When observing mobile traffic today most transmissions are encapsulated by TLS. Encrypted packets causes traditional methods to be obsolete for device fingerprinting that require visibility of protocol headers of HTTP, IMAP, SMTP, IM, etc. As a reaction to data encryption, new methods like TLS fingerprinting have been researched. These methods observe TLS parameters which are exchanged in an open form  before the establishment of a secure channel. TLS parameters can be used for identification of a sending application. Nevertheless, with the constant evolution of TLS protocol suites, it is not easy to create a unique and stable TLS fingerprint for forensic purposes. This paper presents experiments with JA3 hashes on mobile apps. We focus especially on the stability, reliability and uniqueness of JA3 fingerprints for digital forensics. 

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20206 - Computer hardware and architecture

Projekt

<a href="/cs/project/VI20172020062" target="_blank" >VI20172020062: Integrovaná platforma pro zpracování digitálních dat z bezpečnostních incidentů (TARZAN)</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Digital Forensics and Cyber Crime. ICDF2C 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

ISBN

978-3-030-68733-5

ISSN

—

e-ISSN

—

Počet stran výsledku

22

Strana od-do

1-22

Název nakladatele

Springer International Publishing

Místo vydání

Boston

Místo konání akce

Boston

Datum konání akce

15. 10. 2020

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—