Browser Fingerprinting using Combinatorial Sequence Testing
ABSTRACT
In this paper, we report on the applicability of combinatorial sequence testing methods to the problem of fingerprinting browsers based on their behavior during a TLS handshake. We created an appropriate abstract model of the TLS handshake protocol and used it to map browser behavior to a feature vector and use them to derive a distinguisher. Using combinatorial methods, we created test sets consisting of TLS server-side messages as sequences that are sent to the client as server responses during the TLS handshake. Further, we evaluate our approach with a case study showing that combinatorial properties have an impact on browsers’ behavior.
Bernhard Garn's research focuses on software security testing and in particular,
in combinatorial testing. He has developed combinatorial testing
approaches for XSS and the Linux kernel. With his background in
mathematics, he is especially interested in the application of
theoretic results to practical problems, bridging the gap between
discrete mathematics and application domains of information security.
He is researcher at SBA Research and he received a BSc in Technical Mathematics from Vienna University of Technology (TUW) and is currently finishing his Master studies of Technical Mathematics at TUW.