Publication Details
Mobile Device Fingerprinting
mobile fingerprinting, TLS, profiling, JA3, digital forensics
Network communication of mobile devices provides valuable information about installed apps, user activities and mobile device usage which can be interesting for network management and cyber security. Based on meta data obtained from mobile device communication, we can select specific features that can identify a device or app and form a mobile device fingerprinting. This report presents several mobile device fingerprinting techniques developed by the FIT BUT research team and discusses their usability, reliability and deployment for network monitoring and digital forensics. The presented techniques include mobile traffic profiling based on meta data obtained from common network protocols like HTTP, DNS, SSL, QUIC and DHCP. The report also shows how TLS fingerprinting method called JA3 can be applied on mobile communication. The obtained results demonstrate that combination of various features from TLS handshake together with DNS data can identify a mobile app with high precision.
@techreport{BUT168667,
author="Petr {Matoušek} and Ivana {Burgetová} and Malombe {Victor}",
title="Mobile Device Fingerprinting",
year="2020",
address="FIT-TR-2020-05, Brno",
pages="65",
url="https://www.fit.vut.cz/research/publication/12313/"
}