Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Browser Fingerprinting using Combinatorial Sequence Testing

Published

Author(s)

Bernhard Garn, Dimitris Simos, Stefan Zimmer, D. Richard Kuhn, Raghu N. Kacker

Abstract

In this paper, we propose an approach for browser fingerprinting using their behavior during the TLS 1.2 handshake with a server. Using combinatorial methods, we created test sets consisting of TLS server-side messages as sequences that are sent to the client as server responses during the TLS handshake. We created an appropriate abstract model of the TLS handshake protocol and used it to map browser behavior to a feature vector and use them to derive a distinguisher. We evaluate our approach with a case study showing that combinatorial properties have an impact on browsers' behavior.
Conference Dates
April 2-3, 2019
Conference Location
Nashville, TN, US
Conference Title
Hot Topics in the Science of Security

Keywords

combinatorial testing, security testing, browser fingerprinting

Citation

Garn, B. , Simos, D. , Zimmer, S. , Kuhn, D. and Kacker, R. (2019), Browser Fingerprinting using Combinatorial Sequence Testing, Hot Topics in the Science of Security, Nashville, TN, US, [online], https://doi.org/10.1145/3314058.3314062, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927531 (Accessed December 3, 2022)
Created March 31, 2019, Updated October 12, 2021