Thesis Details

Identifikace mobilních aplikací v šifrovaném provozu

Master's Thesis Student: Snášel Daniel Academic Year: 2021/2022 Supervisor: Matoušek Petr, doc. Ing., Ph.D., M.A.
English title
Identification of Mobile Applications in Encrypted Traffic
Language
Czech
Abstract

The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS  connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the  threshold T comparison, which was ultimately set at  75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.

Keywords

TLS fingerprinting, identification of applications, TLS, TCP, JA3, JA3s, TLS handshake, mobile applications, encrypted traffic

Department
Degree Programme
Files
Status
defended, grade A
Date
22 June 2022
Reviewer
Committee
Hanáček Petr, doc. Dr. Ing. (DITS FIT BUT), předseda
Drábek Vladimír, doc. Ing., CSc. (DCSY FIT BUT), člen
Očenášek Pavel, Mgr. Ing., Ph.D. (DIFS FIT BUT), člen
Rogalewicz Adam, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Smrž Pavel, doc. RNDr., Ph.D. (DCGM FIT BUT), člen
Citation
SNÁŠEL, Daniel. Identifikace mobilních aplikací v šifrovaném provozu. Brno, 2022. Master's Thesis. Brno University of Technology, Faculty of Information Technology. 2022-06-22. Supervised by Matoušek Petr. Available from: https://www.fit.vut.cz/study/thesis/25031/
BibTeX
@mastersthesis{FITMT25031,
    author = "Daniel Sn\'{a}\v{s}el",
    type = "Master's thesis",
    title = "Identifikace mobiln\'{i}ch aplikac\'{i} v \v{s}ifrovan\'{e}m provozu",
    school = "Brno University of Technology, Faculty of Information Technology",
    year = 2022,
    location = "Brno, CZ",
    language = "czech",
    url = "https://www.fit.vut.cz/study/thesis/25031/"
}
Back to top