Fingerprinting Browsers in Encrypted Communications
Sandhya Aneja, Nagender Aneja
TL;DR
This paper investigates browser fingerprinting over HTTPS with TLS 1.3, revealing that different browsers exhibit distinct message patterns and behaviors, enabling identification through network traffic analysis.
Contribution
It provides an analysis of browser fingerprinting using TLS 1.3, highlighting differences in message patterns and proposing a method for browser identification based on network behavior.
Findings
30-35% dissimilarity in browser communication patterns
Different browsers use varying number of messages and message lengths
Fingerprinting is feasible over HTTPS with TLS 1.3
Abstract
Browser fingerprinting is the identification of a browser through the network traffic captured during communication between the browser and server. This can be done using the HTTP protocol, browser extensions, and other methods. This paper discusses browser fingerprinting using the HTTPS over TLS 1.3 protocol. The study observed that different browsers use a different number of messages to communicate with the server, and the length of messages also varies. To conduct the study, a network was set up using a UTM hypervisor with one virtual machine as the server and another as a VM with a different browser. The communication was captured, and it was found that there was a 30\%-35\% dissimilarity in the behavior of different browsers.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Chaos-based Image/Signal Encryption · Spam and Phishing Detection