[PPT] - TLS Fingerprinting Techniques Zlatina Gancheva advised by Patrick PowerPoint Presentation

SLIDE 1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

TLS Fingerprinting Techniques

Zlatina Gancheva

advised by Patrick Sattler, Lars Wüstrich Friday 24th January, 2020 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

SLIDE 2

Introduction to TLS Fingerprinting

Agenda

Introduction
Background
TLS Basics: Deploying TLS
TLS Basics: Establishing a TLS Session, TLS Handshake Protocol
Client and Server Hello Parameters
Creating a TLS Fingerprint
TLS Fingerprinting
Network-based HTTPS Client identification
JA3/JA3S Fingerprinting
Markov Chain Fingerprinting
Discussion
Conclusion

Zlatina Gancheva — TLS Fingerprinting Techniques 2

SLIDE 3

Introduction to TLS Fingerprinting

Transport Layer Security Protocol Fingerprinting Why do we need TLS Fingerprinting?

It is passive
It is payload-based
It requires no endpoint agent data
Motivation: It can successfully detect obsolete or malicious software

Zlatina Gancheva — TLS Fingerprinting Techniques 3

SLIDE 4

Introduction to TLS Fingerprinting

TLS Fingerprinting Goals TLS Fingerprinting aims to improve traffic analysis by providing [1]

Efficiency - successful identification of clients
Performance - quick to find a match
Flexibility - compatibility with existing technologies

Zlatina Gancheva — TLS Fingerprinting Techniques 4

SLIDE 5

Background: Transport Security Layer Protocol

TLS Basics: How does it work What does the Transport Layer Security (TLS) Protocol do?

provides end-to-end security
encrypts information from the Application Layer

The TLS Protocol strives to provide the following security capabilities[10, 15]:

Data Integrity
Authentication
Data Confidentiality

Zlatina Gancheva — TLS Fingerprinting Techniques 5

SLIDE 6

Background: Transport Security Layer Protocol

TLS Basics: Deploying TLS Placed between the Application and TCP/IP layer

TLS Handshake Protocol [4, 11]

is responsible for:

negotiating encryption para-

meters

TLS Record Protocol [4, 12] is

responsible for:

traffic protection

Figure 1: TLS Protocol Structure [16, 10]

Zlatina Gancheva — TLS Fingerprinting Techniques 6

SLIDE 7

Background: Transport Security Layer Protocol

TLS Basics: Establishing a TLS Session, TLS Handshake Protocol

Figure 2: TLS V 1.3 Handshake Scheme [7]

Zlatina Gancheva — TLS Fingerprinting Techniques 7

SLIDE 8

Background: Transport Security Layer Protocol

Client and Server Hello Parameters

Client Hello [7]
Preferred TLS version (TLS 1.0, 1.2, 1.3, etc.)
Client random variable
Session ID
Cipher suites list (e.g. ECDHE, RSA), ordered by preference
Compression methods
List of Extensions
Server Hello [7]
Negotiated TLS version
Server random variable
Session ID
Selected Cipher Suite
Compression Method
Extensions

Zlatina Gancheva — TLS Fingerprinting Techniques 8

SLIDE 9

Background: Transport Security Layer Protocol

Creating a Fingerprint

Figure 3: Fingerprinting parameters

Zlatina Gancheva — TLS Fingerprinting Techniques 9

SLIDE 10

Fingerprinting Techniques

Network-based HTTPS Client identification This is done by creating a dictionary, where Cipher suite list is paired with a User-Agent[3]1 [15, 14].

Host-based method
measures connections on the server side
uses the decrypted information from an HTTPS connection
Advantages:
accurate
Disadvantages:
limited to a single server

1User-Agent - a string used to identify client’s browser and OS version Zlatina Gancheva — TLS Fingerprinting Techniques 10

SLIDE 11

Fingerprinting Techniques

Network-based HTTPS Client identification This is done by creating a dictionary, where Cipher suite list is paired with a User-Agent[3]2 [15, 14].

Flow-based method
simultaneously monitors HTTP and HTTPS connections with the same IP source address
pairs a cipher suite list with the User-Agent
Advantages:
not limited to a single server
Disadvantages:
less accurate

2User-Agent - a string used to identify client’s browser and OS version Zlatina Gancheva — TLS Fingerprinting Techniques 11

SLIDE 12

Fingerprinting Techniques

JA3/JA3S Fingerprinting JA3 Fingerprinting on the Client Side

joins values taken from the Client Hello

packet [2, 8, 5] into a string.

MD5 hashes the string into a 32 character

fingerprint

Advantages:
easy to share
more effective than IoCs
always creates a 32 character fingerprint
Disadvantages:
application collisions
up to 5 JA3 for the same application

Figure 4: Example of JA3 Fingerprint [9]

Zlatina Gancheva — TLS Fingerprinting Techniques 12

SLIDE 13

Fingerprinting Techniques

JA3/JA3S Fingerprinting JA3S Fingerprinting on the Server Side

same as JA3 but with values from the Server Hello
useful when client applications use common libraries or OS sockets

Advantages:

combined with JA3 efficiently identifies malicious communication

Zlatina Gancheva — TLS Fingerprinting Techniques 13

SLIDE 14

Fingerprinting Techniques

Markov Chain Fingerprinting This technique creates stochastic TLS fingerprints, using first-order homogeneous Markov chains [16]. It is conducted on the server side Advantages: Successfully recognizes

incorrect implementations
misuse of TLS (TLS tunneling)

Disadvantages:

Fingerprint database must be updated periodically

Zlatina Gancheva — TLS Fingerprinting Techniques 14

SLIDE 15

Discussion

Defenses against TLS Fingerprinting

Defenses:
Using Proxy to redirect the Cipher suite list [15]
Manual changes in the Cipher suite list [15]
Mimicking TLS implementations [13]

Zlatina Gancheva — TLS Fingerprinting Techniques 15

SLIDE 16

Discussion

Defenses against TLS Fingerprinting

Defenses:
Using Proxy to redirect the Cipher suite list [15]
Manual changes in the Cipher suite list [15]
Mimicking TLS implementations [13]
Problems:
Problem: A Fingerprint collisions [6] may also possibly occur

Zlatina Gancheva — TLS Fingerprinting Techniques 15

SLIDE 17

Discussion

Defenses against TLS Fingerprinting

Defenses:
Using Proxy to redirect the Cipher suite list [15]
Manual changes in the Cipher suite list [15]
Mimicking TLS implementations [13]
Problems:
Problem: A Fingerprint collisions [6] may also possibly occur
Solution: Take as many parameters of the Client Hello as possible [6]

Zlatina Gancheva — TLS Fingerprinting Techniques 15

SLIDE 18

Conclusion

TLS Fingerprinting Techniques TLS Fingerprinting is:

effectively recognizing malicious and outdated software
quick to keep up with network traffic
a passive approach, sustaining user’s privacy

We discussed 3 main different Fingerprinting techniques

Network-based HTTPS Client identification
JA3/JA3S Fingerprinting
Markov Chain Fingerprinting

Zlatina Gancheva — TLS Fingerprinting Techniques 16

SLIDE 19

Bibliography

[1] The generation and use of TLS fingerprints. [2] Open sourcing JA3 - salesforce engineering. [3] An overview of the SSL or TLS handshake. [4] RFC 8446 - the transport layer security (TLS) protocol version 1.3. [5] salesforce/ja3.

riginal-date: 2017-06-13T22:54:10Z.

[6] SquareLemon. [7] TLS fingerprinting in the real world. [8] TLS fingerprinting with JA3 and JA3s - salesforce engineering. [9]

B. Anderson, S. Paul, and D. McGrew.

Deciphering malware’s use of TLS (without decryption). [10]

L. Brotherston.

Lee brotherston’s work.

riginal-date: 2016-02-18T14:40:19Z.

[11]

M. D. Center.

TLS handshake protocol - win32 apps. [12]

M. D. Center.

TLS record protocol - win32 apps. [13]

S. Frolov and E. Wustrow.

The use of TLS in censorship circumvention. In Proceedings 2019 Network and Distributed System Security Symposium. Internet Society.

Zlatina Gancheva — TLS Fingerprinting Techniques 17

SLIDE 20

Bibliography

[14]

M. Husak, M. Cermak, T. Jirsik, and P

. Celeda. Network-based HTTPS client identification using SSL/TLS fingerprinting. In 2015 10th International Conference on Availability, Reliability and Security, pages 389–396. IEEE. [15]

M. Husák, M. ˇ

Cermák, T. Jirsík, and P . ˇ Celeda. HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting. 2016(1):6. [16]

M. Korczynski and A. Duda.

Markov chain fingerprinting to classify encrypted traffic. In IEEE INFOCOM 2014 - IEEE Conference on Computer Communications, pages 781–789. IEEE.

Zlatina Gancheva — TLS Fingerprinting Techniques 18