Model and implementation of user activity tracking utilizing the TLS Client Hello's server name extension
preprint
OA: closed
CC-BY-4.0
Abstract
This paper puts forward a feasible, non-intrusive, method of tracking user activity using TLS's Client Hello section of a handshake (specified in the TLS protocol), namely the server name extension. This method can provide an attacker with relevant information regarding patterns and services utilized inside of the target network, further expanding their understanding of the attack surface, potentially, serving as a tool to determine the timing of an attack or, even, provide an attacker with knowledge of a point of entry to a given system.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.
Source provenance
- europepmc
- last seen: 2026-05-19T01:45:01.086888+00:00
- unpaywall
- last seen: 2026-05-22T02:00:06.705733+00:00
License: CC-BY-4.0