Reference : Fingerprinting Techniques for Network Security
Dissertations and theses : Doctoral thesis
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/20444
Fingerprinting Techniques for Network Security
English
Lanze, Fabian mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
27-Feb-2015
University of Luxembourg, ​​Luxembourg
Docteur en Informatique
Engel, Thomas mailto
Sorger, Ulrich mailto
Scheuermann, Björn
Panchenko, Andriy mailto
Spaniol, Otto
[en] Security ; Fingerprinting
[en] Fingerprinting techniques aim to identify objects such as devices, data, users, or
even attacks, based on distinctive characteristics. The goal of this thesis is to de-
velop and evaluate methods for fingerprinting in different application domains and
to contribute to a better understanding of fingerprinting in general. We concentrate
on approaches that are applicable in practice to improve the security of computer
networks. We first introduce a novel formal model of the central concepts of finger-
printing in order to relate techniques to their particular application scenario. This
model allows the comparison of approaches and the evaluation of their effectiveness
for practical use.
The evil twin attack in 802.11 networks is a severe security problem that nei-
ther the industry nor the research community has found appropriate solutions for.
Motivated by this threat, we develop novel fingerprinting methods. We address this
challenge from two angles. In our first approach we exploit minuscule yet observable
inaccuracies in crystal-oscillator-driven computer clocks. We will show that several
conclusions drawn in the related research about the efficacy of this fingerprinting
feature are false. We then enhance state-of-the-art approaches and for the first time
provide a solution for remote physical device fingerprinting performed by typical
off-the-shelf client devices that is able to mitigate the evil twin threat in practice.
The second approach focuses on fingerprinting the behavioral characteristics of soft-
ware tools that have been developed or can be misused to mount the attack. As we
will show, our fingerprinting methods, which primarily exploit unavoidable low-level
characteristics, allow the reliable detection of such an attack strategy within a few
seconds.
We then switch the perspective to the attacker’s side and investigate a finger-
printing method that has been proposed to attack anonymization networks such as
Tor by using traffic analysis, commonly referred to as website fingerprinting. We
propose a novel approach that outperforms state-of-the-art methods in this area. We
then evaluate for the first time the practical applicability of website fingerprinting
in a realistic scenario, while avoiding simplified assumptions predominantly made in
the related research. Our evaluation indicates that this particular threat, which is
considered to be a serious security problem affecting many users, is not as severe as
presumed. Therefore, concerns that have been raised and strategies for circumvent-
ing this attack that have been proposed need to be reconsidered.
http://hdl.handle.net/10993/20444

There is no file associated with this reference.

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.