| Reference : Fingerprinting Techniques for Network Security |
| Dissertations and theses : Doctoral thesis | |||
| Engineering, computing & technology : Computer science | |||
| http://hdl.handle.net/10993/20444 | |||
| Fingerprinting Techniques for Network Security | |
| English | |
Lanze, Fabian  [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >] | |
| 27-Feb-2015 | |
| University of Luxembourg, Luxembourg | |
| Docteur en Informatique | |
| Engel, Thomas | |
| Sorger, Ulrich | |
| Scheuermann, Björn | |
| Panchenko, Andriy | |
| Spaniol, Otto | |
| [en] Security ; Fingerprinting | |
| [en] Fingerprinting techniques aim to identify objects such as devices, data, users, or
even attacks, based on distinctive characteristics. The goal of this thesis is to de- velop and evaluate methods for fingerprinting in different application domains and to contribute to a better understanding of fingerprinting in general. We concentrate on approaches that are applicable in practice to improve the security of computer networks. We first introduce a novel formal model of the central concepts of finger- printing in order to relate techniques to their particular application scenario. This model allows the comparison of approaches and the evaluation of their effectiveness for practical use. The evil twin attack in 802.11 networks is a severe security problem that nei- ther the industry nor the research community has found appropriate solutions for. Motivated by this threat, we develop novel fingerprinting methods. We address this challenge from two angles. In our first approach we exploit minuscule yet observable inaccuracies in crystal-oscillator-driven computer clocks. We will show that several conclusions drawn in the related research about the efficacy of this fingerprinting feature are false. We then enhance state-of-the-art approaches and for the first time provide a solution for remote physical device fingerprinting performed by typical off-the-shelf client devices that is able to mitigate the evil twin threat in practice. The second approach focuses on fingerprinting the behavioral characteristics of soft- ware tools that have been developed or can be misused to mount the attack. As we will show, our fingerprinting methods, which primarily exploit unavoidable low-level characteristics, allow the reliable detection of such an attack strategy within a few seconds. We then switch the perspective to the attacker’s side and investigate a finger- printing method that has been proposed to attack anonymization networks such as Tor by using traffic analysis, commonly referred to as website fingerprinting. We propose a novel approach that outperforms state-of-the-art methods in this area. We then evaluate for the first time the practical applicability of website fingerprinting in a realistic scenario, while avoiding simplified assumptions predominantly made in the related research. Our evaluation indicates that this particular threat, which is considered to be a serious security problem affecting many users, is not as severe as presumed. Therefore, concerns that have been raised and strategies for circumvent- ing this attack that have been proposed need to be reconsidered. | |
| http://hdl.handle.net/10993/20444 |
There is no file associated with this reference.
All documents in ORBilu are protected by a user license.
