Published: April 1, 2019
Author(s)
Bernhard Garn (SBA Research), Dimitris Simos (SBA Research), Stefan Zimmer (FH Campus Wien), Richard Kuhn (NIST), Raghu Kacker (NIST)
Conference
Name: Hot Topics in the Science of Security
Dates: 04/01/2019 - 04/03/2019
Location: Nashville, Tennessee, United States
Citation: HotSoS '19: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, pp. 1-9
In this paper, we report on the applicability of combinatorial sequence testing methods to the problem of fingerprinting browsers based on their behavior during a TLS handshake. We created an appropriate abstract model of the TLS handshake protocol and used it to map browser behavior to a feature vector and use them to derive a distinguisher. Using combinatorial methods, we created test sets consisting of TLS server-side messages as sequences that are sent to the client as server responses during the TLS handshake. Further, we evaluate our approach with a case study showing that combinatorial properties have an impact on browsers’ behavior.
In this paper, we report on the applicability of combinatorial sequence testing methods to the problem of fingerprinting browsers based on their behavior during a TLS handshake. We created an appropriate abstract model of the TLS handshake protocol and used it to map browser behavior to a feature...
See full abstract
In this paper, we report on the applicability of combinatorial sequence testing methods to the problem of fingerprinting browsers based on their behavior during a TLS handshake. We created an appropriate abstract model of the TLS handshake protocol and used it to map browser behavior to a feature vector and use them to derive a distinguisher. Using combinatorial methods, we created test sets consisting of TLS server-side messages as sequences that are sent to the client as server responses during the TLS handshake. Further, we evaluate our approach with a case study showing that combinatorial properties have an impact on browsers’ behavior.
Hide full abstract
Keywords
combinatorial testing; security testing; browser fingerprinting
Control Families
None selected