Passive Fingerprinting of HTTP/2 Clients

Presented at Black Hat Europe 2017, Dec. 7, 2017, 3:15 p.m. (60 minutes)

HTTP/2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol that is made up of TCP connections, streams, and frames, rather than a plain-text protocol. Such a fundamental change from HTTP/1.x to HTTP/2, means that client-side and server-side implementations have to incorporate completely new code in order to support new HTTP/2 features. This introduces nuances in protocol implementations, which, in return, might be used to passively fingerprint web clients. Our research is based on more than 10 million HTTP/2 connections from which we extracted fingerprints for over 40,000 unique user agents across hundreds of implementations. Reference: http://akamai.me/2qWIqON  - whitepaper published by Akamai's Threat-Research Team.

Presenters:

  • Ory Segal - Sr. Director, Threat Research, Akamai Technologies
    A world-renowned expert in web application and information security, Ory Segal has over 15 years of experience. Ory is currently employed at Akamai, as Sr. Director of Threat Research, leading a team of top web security & big data researchers. Prior to Akamai, Ory worked at IBM as the Security Products Architect and Product Manager for the market leading application security solution IBM Security AppScan. While at IBM, Ory received the IBM Outstanding Technical Achievement Award (OTAA - the highest technical award at IBM), and have filed numerous patents in the field of application security. Ory is serving as an officer of the Web Application Security Consortium (WASC), and was an OWASP Israel board member.
  • Elad Shuster - Security Data Analyst, Akamai Technologies
    Elad Shuster CPA(IL), MBA, is a Security Data Analyst at Akamai with over ten years of experience of data analysis across different industries. At Akamai, Elad is part of the Threat Operations team, exploring new trends in the web security and responsible for maintaining the defensive protections of the Kona security product suite, based on Akamai's big data platform.

Links:

Similar Presentations: