Operating System Fingerprinting

Operating system fingerprinting, helps IT administrators to perform vulnerability assessment and internal auditing in securing their networked systems. Meanwhile, it is, oftentimes, the first step to launch security attacks to a targeted system or service online, thereby enables an adversary to tailor attacks by exploiting known vulnerabilities of the target system(s). In this chapter, we focus on major approaches in fingerprinting techniques at operating system level. We examine the instantiations of the OS fingerprinting concepts, and discuss the details of their design and implementation to demonstrate the complexity and limitations. In particular, we present a case study on OS identification against smartphones that use encrypted traffic. We consider the security of these schemes in term of effectiveness, and raise challenges that future OS fingerprinting research must address to be useful for practical digital forensic investigations.

[1]  Greg Taleck,et al.  Ambiguity Resolution via Passive OS Fingerprinting , 2003, RAID.

[2]  Craig Smith,et al.  Know Your Enemy : Passive Fingerprinting , 2001 .

[3]  Paramvir Bahl,et al.  Anatomizing application performance differences on smartphones , 2010, MobiSys '10.

[4]  Douglas S. Reeves,et al.  Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking , 2011, IEEE Transactions on Dependable and Secure Computing.

[5]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[6]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[7]  Bing Wang,et al.  Network performance of smart mobile handhelds in a university campus WiFi network , 2012, Internet Measurement Conference.

[8]  Jeffrey Alan Kramer DroidSpotter: A Forensic Tool for Android Location Data Collection and Analysis , 2013 .

[9]  Charles V. Wright,et al.  On Inferring Application Protocol Behaviors in Encrypted Network Traffic , 2006, J. Mach. Learn. Res..

[10]  Kostas G. Anagnostakis,et al.  cing: measuring network-internal delays using only existing infrastructure , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[11]  Ye Zhu,et al.  On Privacy of Encrypted Speech Communications , 2012, IEEE Transactions on Dependable and Secure Computing.

[12]  Chris Sanders,et al.  Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems , 2007 .

[13]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[14]  Robert Beverly,et al.  A Robust Classifier for Passive TCP/IP Fingerprinting , 2004, PAM.

[15]  Fan Zhang,et al.  Inferring users' online activities through traffic analysis , 2011, WiSec '11.

[16]  Chrisil Arackaparambil,et al.  On the reliability of wireless fingerprinting using clock skews , 2010, WiSec '10.

[17]  Maria Papadopouli,et al.  Singular spectrum analysis of traffic workload in a large-scale wireless lan , 2007, MSWiM '07.

[18]  David D. Jensen,et al.  Privacy Vulnerabilities in Encrypted HTTP Streams , 2005, Privacy Enhancing Technologies.

[19]  Patrice Auffret SinFP, unification of active and passive operating system fingerprinting , 2008, Journal in Computer Virology.

[20]  Patrick Engebretson Chapter 1 – What Is Penetration Testing? , 2011 .

[21]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[22]  Farnam Jahanian,et al.  Defeating TCP/IP Stack Fingerprinting , 2000, USENIX Security Symposium.

[23]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[24]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[25]  Nikita Borisov,et al.  Website Detection Using Remote Traffic Analysis , 2011, Privacy Enhancing Technologies.

[26]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[27]  Sebastian Zander,et al.  An Improved Clock-skew Measurement Technique for Revealing Hidden Services , 2008, USENIX Security Symposium.

[28]  Riccardo Bettati,et al.  Smartphone reconnaissance: Operating system identification , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[29]  Alex Biryukov,et al.  Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.