Skip to main content
SpringerLink
Log in

Operating System Fingerprinting

  • Chapter
  • First Online:
Digital Fingerprinting

  • 1054 Accesses

Abstract

Operating system fingerprinting, helps IT administrators to perform vulnerability assessment and internal auditing in securing their networked systems. Meanwhile, it is, oftentimes, the first step to launch security attacks to a targeted system or service online, thereby enables an adversary to tailor attacks by exploiting known vulnerabilities of the target system(s). In this chapter, we focus on major approaches in fingerprinting techniques at operating system level. We examine the instantiations of the OS fingerprinting concepts, and discuss the details of their design and implementation to demonstrate the complexity and limitations. In particular, we present a case study on OS identification against smartphones that use encrypted traffic. We consider the security of these schemes in term of effectiveness, and raise challenges that future OS fingerprinting research must address to be useful for practical digital forensic investigations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In a different scenario, the data-collecting machine may be monitoring the traffic on the wired portion of the traffic path. The scenario chosen for our experiments is representative of a drive-by or walk-by attack.

References

  1. Anagnostakis, K.G., Greenwald, M., Ryger, R.S.: Cing: measuring network-internal delays using only existing infrastructure. In: INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, vol. 3, pp. 2112–2121. IEEE (2003)

    Google Scholar 

  2. Arackaparambil, C., Bratus, S., Shubina, A., Kotz, D.: On the reliability of wireless fingerprinting using clock skews. In: Proceedings of the Third ACM Conference on Wireless Network Security, pp. 169–174. ACM (2010)

    Google Scholar 

  3. Arkin, O.: Icmp usage in scanning. Black Hat Briefings (2000)

    Google Scholar 

  4. Armitage, G.J.: Inferring the extent of network address port translation at public/private internet boundaries. In: Centre for Advanced Internet Architectures, Swinburne University of Technology, Melbourne, Australia, Tech. Rep. A 20712 (2002)

    Google Scholar 

  5. Auffret, P.: Sinfp, unification of active and passive operating system fingerprinting. J. Comput. Virol. 6(3), 197–205 (2010)

    Article  Google Scholar 

  6. Beverly, R.: A robust classifier for passive tcp/ip fingerprinting. In: Passive and Active Network Measurement, pp. 158–167. Springer (2004)

    Google Scholar 

  7. Biryukov, A., Pustogarov, I., Weinmann, R.P.: Trawling for tor hidden services: detection, measurement, deanonymization. In: Proceedings of IEEE Symposium on Security and Privacy (2013)

    Google Scholar 

  8. Bissias, G., Liberatore, M., Jensen, D., Levine, B.: Privacy vulnerabilities in encrypted http streams. In: Danezis, G., Martin, D. (eds.) Privacy Enhancing Technologies, Lecture Notes in Computer Science, vol. 3856, pp. 1–11. Springer, Berlin, Heidelberg (2006). doi:10.1007/11767831_1

    Google Scholar 

  9. Cai, X., Zhang, X., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS 2012) (2012)

    Google Scholar 

  10. Charts, M.: Wifi mobile phone traffic grows. http://www.marketingcharts.com/wp/direct/wifi-mobile-phone-traffic-grows-19604/ (2011)

  11. Chen, X., Jin, R., Suh, K., Wang, B., Wei, W.: Network performance of smart mobile handhelds in a university campus wifi network. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, pp. 315–328. ACM, New York, NY, USA (2012). doi:10.1145/2398776.2398809

  12. Durumeric, Z., Wustrow, E., Halderman, J.A.: Zmap. http://zmap.io/

  13. Engebretson, P.: The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Syngress the basics (2011)

    Google Scholar 

  14. Gayle, D.: This is a secure line: the groundbreaking encryption app that will scrample your calls and messages. http://www.dailymail.co.uk/sciencetech/article-2274597/How-foil-eavesdroppers-The-smartphone-encryption-app-promises-make-communications-private-again.html (2013)

  15. Gong, X., Borisov, N., Kiyavash, N., Schear, N.: Website detection using remote traffic analysis. In: Proceedings of the 12th Privacy Enhancing Technologies Symposium (PETS 2012). Springer (2012)

    Google Scholar 

  16. Greenemeier, L.: Cloud warriors: U.S. army intelligence to arm field ops with hardened network and smartphones. http://www.scientificamerican.com/article.cfm?id=us-army-intelligence-cloud-smartphone (2013)

  17. Grimes, S.: App to provide military-level encryption for smartphones. http://www.ksl.com/?nid=1014&sid=22513938 (2012)

  18. Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, pp. 31–42 (2009). http://doi.acm.org/10.1145/1655008.1655013

  19. Huang, J., Xu, Q., Tiwana, B., Mao, Z.M., Zhang, M., Bahl, P.: Anatomizing application performance differences on smartphones. In: Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services, MobiSys ’10, pp. 165–178 (2010). doi:10.1145/1814433.1814452

  20. InfoBlox: Infoblox dhcp fingerprinting. https://www.infoblox.com/sites/infobloxcom/files/resources/infoblox-note-dhcp-fingerprinting.pdf/

  21. Johnson, K.: Windows 8 forensics: journey through the impact of the recovery artifacts in windows 8. MS thesis, Lowa State University (2013)

    Google Scholar 

  22. Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secur. Comput. 2(2), 93–108 (2005)

    Article  Google Scholar 

  23. Kollmann, E.: Chatter on the wire: a look at extensive network traffic and what it can mean to network security. http://chatteronthewire.org/download/OS%20Fingerprint.pdf (2005)

  24. Kramer, J.: Droidspotter: a forensic tool for android location data collection and analysis. MS thesis, Lowa State University (2013)

    Google Scholar 

  25. Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 255–263 (2006)

    Google Scholar 

  26. Murdoch, S.J.: Hot or not: revealing hidden services by their clock skew. In: Proceedings of CCS 2006 (2006)

    Google Scholar 

  27. Netresec.com: Passive os fingerprinting. http://www.netresec.com/?page=Blog&month=2011-11&post=Passive-OS-Fingerprinting (2011)

  28. Nmap.org: Nmap network scanning. http://nmap.org/book/osdetect.html

  29. Oppenheim, A.V., Willsky, A.S., Nawab, S.H.: Signals & Systems, 2nd edn. Prentice-Hall Inc., Upper Saddle River, NJ, USA (1996)

    Google Scholar 

  30. Øverlier, L., Syverson, P.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. IEEE CS (2006)

    Google Scholar 

  31. Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2011). ACM (2011)

    Google Scholar 

  32. Project, H.: Know your enemy: passive fingerprinting. http://old.honeynet.org/papers/finger/ (2002)

  33. Ruffing, N., Zhu, Y., Libertini, R., Guan, Y., Bettati, R.: Smartphone reconnaissance: operating system identification. In: 2016 13th IEEE Annual Consumer Communications Networking Conference (CCNC), pp. 1086–1091 (2016). doi:10.1109/CCNC.2016.7444941

  34. Sanders, C.: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems. No Starch Press (2011)

    Google Scholar 

  35. Smart, M., Malan, G.R., Jahanian, F.: Defeating tcp/ip stack fingerprinting. In: Proceedings of the 9th Conference on USENIX Security Symposium, SSYM’00, vol. 9, pp. 17–17. USENIX Association, Berkeley, CA, USA (2000). http://dl.acm.org/citation.cfm?id=1251306.1251323

  36. Taleck, G.: Ambiguity resolution via passive os fingerprinting. In: Recent Advances in Intrusion Detection, pp. 192–206. Springer (2003)

    Google Scholar 

  37. Tzagkarakis, G., Papadopouli, M., Tsakalides, P.: Singular spectrum analysis of traffic workload in a large-scale wireless lan. In: Proceedings of the 10th ACM Symposium on Modeling, Analysis, and Simulation of Wireless and Mobile Systems, MSWiM ’07, pp. 99–108. ACM, New York, NY, USA (2007). doi:10.1145/1298126.1298146

  38. Wang, X., Reeves, D.: Robust correlation of encrypted attack traffic through stepping stones by flow watermarking. IEEE Trans. Dependable Secur. Comput. 8(3), 434–449 (2011). doi:10.1109/TDSC.2010.35

    Article  Google Scholar 

  39. Wood, P.: Disco: the passive ip discovery tool. http://www.altmode.com/disco/

  40. Wright, C.V., Monrose, F., Masson, G.M.: On inferring application protocol behaviors in encrypted network traffic. J. Mach. Learn. Res. 7, 2745–2769 (2006). http://dl.acm.org/citation.cfm?id=1248547.1248647

  41. Zander, S., Murdoch, S.J.: An improved clock-skew measurement technique for revealing hidden services. In: Proceedings of the 17th USENIX Security Symposium (2008)

    Google Scholar 

  42. Zhang, F., He, W., Liu, X., Bridges, P.G.: Inferring users’ online activities through traffic analysis. In: Proceedings of the Fourth ACM Conference on Wireless Network Security, WiSec ’11, pp. 59–70. ACM, New York, NY, USA (2011). doi:10.1145/1998412.1998425

  43. Zhu, Y., Lu, Y., Vikram, A.: On privacy of encrypted speech communications. IEEE Trans. Dependable Secur. Comput. 9(4), 470–481 (2012). doi:10.1109/TDSC.2011.56

    Google Scholar 

Download references

Acknowledgments

This work draws in part from [21, 24, 33]. We would like to thank our co-authors of those works, including Riccardo Bettati, Yong Guan, Jonathan Gurary, Kenneth Johnson, Jeff Kramer, Rudy Libertini, Nicholas Ruffing, and Ye Zhu, as well as reviewers of those original papers who provided us with valuable feedback. This work is supported in part by the U.S. National Science Foundation under grants CNS-1338105, CNS-1343141 and CNS-1527579.

Author information

Authors and Affiliations

  1. Cleveland State University, Cleveland, Ohio, 44115, USA

    Jonathan Gurary & Ye Zhu

  2. Texas A&M University, College Station, Texas, 77840, USA

    Riccardo Bettati

  3. Iowa State University, Ames, Iowa, 50011, USA

    Yong Guan

Authors
  1. Jonathan Gurary
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ye Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Riccardo Bettati
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yong Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Guan .

Editor information

Editors and Affiliations

  1. Computing and Information Science Division, Army Research Office, Durham, North Carolina, USA

    Cliff Wang

  2. Department of Electrical and Computer Engineering, Virginia Polytechnic Institute, Arlington, Virginia, USA

    Ryan M. Gerdes

  3. Department of Electrical and Computer Engineering, Iowa State University, Ames, Iowa, USA

    Yong Guan

  4. Computer Science Department, University of Utah, Salt Lake City, Utah, USA

    Sneha Kumar Kasera

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Science+Business Media New York

About this chapter

Cite this chapter

Gurary, J., Zhu, Y., Bettati, R., Guan, Y. (2016). Operating System Fingerprinting. In: Wang, C., Gerdes, R., Guan, Y., Kasera, S. (eds) Digital Fingerprinting. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-6601-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-1-4939-6601-1_7

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4939-6599-1

  • Online ISBN: 978-1-4939-6601-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation