No document available.
Abstract :
[en] Fingerprinting techniques aim to identify objects such as devices, data, users, or
even attacks, based on distinctive characteristics. The goal of this thesis is to de-
velop and evaluate methods for fingerprinting in different application domains and
to contribute to a better understanding of fingerprinting in general. We concentrate
on approaches that are applicable in practice to improve the security of computer
networks. We first introduce a novel formal model of the central concepts of finger-
printing in order to relate techniques to their particular application scenario. This
model allows the comparison of approaches and the evaluation of their effectiveness
for practical use.
The evil twin attack in 802.11 networks is a severe security problem that nei-
ther the industry nor the research community has found appropriate solutions for.
Motivated by this threat, we develop novel fingerprinting methods. We address this
challenge from two angles. In our first approach we exploit minuscule yet observable
inaccuracies in crystal-oscillator-driven computer clocks. We will show that several
conclusions drawn in the related research about the efficacy of this fingerprinting
feature are false. We then enhance state-of-the-art approaches and for the first time
provide a solution for remote physical device fingerprinting performed by typical
off-the-shelf client devices that is able to mitigate the evil twin threat in practice.
The second approach focuses on fingerprinting the behavioral characteristics of soft-
ware tools that have been developed or can be misused to mount the attack. As we
will show, our fingerprinting methods, which primarily exploit unavoidable low-level
characteristics, allow the reliable detection of such an attack strategy within a few
seconds.
We then switch the perspective to the attacker’s side and investigate a finger-
printing method that has been proposed to attack anonymization networks such as
Tor by using traffic analysis, commonly referred to as website fingerprinting. We
propose a novel approach that outperforms state-of-the-art methods in this area. We
then evaluate for the first time the practical applicability of website fingerprinting
in a realistic scenario, while avoiding simplified assumptions predominantly made in
the related research. Our evaluation indicates that this particular threat, which is
considered to be a serious security problem affecting many users, is not as severe as
presumed. Therefore, concerns that have been raised and strategies for circumvent-
ing this attack that have been proposed need to be reconsidered.