{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:UADEU4GG7L3LRMSIGNRGICV3LL","short_pith_number":"pith:UADEU4GG","canonical_record":{"source":{"id":"1706.08003","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-06-24T20:59:22Z","cross_cats_sorted":[],"title_canon_sha256":"3964dabbc51f1bdbc7d5baf68f8e941472ee0ef2b52a2b4677b041d583209266","abstract_canon_sha256":"79ce3eef584b27e8237a6825be226d537e13ab15ada2fa3dc52ec03fc43ce3e1"},"schema_version":"1.0"},"canonical_sha256":"a0064a70c6faf6b8b2483362640abb5adc95e57e3ae97cb77474430d7875aa15","source":{"kind":"arxiv","id":"1706.08003","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1706.08003","created_at":"2026-05-18T00:41:43Z"},{"alias_kind":"arxiv_version","alias_value":"1706.08003v1","created_at":"2026-05-18T00:41:43Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1706.08003","created_at":"2026-05-18T00:41:43Z"},{"alias_kind":"pith_short_12","alias_value":"UADEU4GG7L3L","created_at":"2026-05-18T12:31:46Z"},{"alias_kind":"pith_short_16","alias_value":"UADEU4GG7L3LRMSI","created_at":"2026-05-18T12:31:46Z"},{"alias_kind":"pith_short_8","alias_value":"UADEU4GG","created_at":"2026-05-18T12:31:46Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:UADEU4GG7L3LRMSIGNRGICV3LL","target":"record","payload":{"canonical_record":{"source":{"id":"1706.08003","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-06-24T20:59:22Z","cross_cats_sorted":[],"title_canon_sha256":"3964dabbc51f1bdbc7d5baf68f8e941472ee0ef2b52a2b4677b041d583209266","abstract_canon_sha256":"79ce3eef584b27e8237a6825be226d537e13ab15ada2fa3dc52ec03fc43ce3e1"},"schema_version":"1.0"},"canonical_sha256":"a0064a70c6faf6b8b2483362640abb5adc95e57e3ae97cb77474430d7875aa15","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:41:43.905756Z","signature_b64":"ZDiXabpDLgMFF4FqSagjZUw25vLtL/hOeLaSHqPdppp/5NUwjIyk7DRCqNeou+hu99H104e4MYnydb+6ajoJAw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"a0064a70c6faf6b8b2483362640abb5adc95e57e3ae97cb77474430d7875aa15","last_reissued_at":"2026-05-18T00:41:43.905105Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:41:43.905105Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1706.08003","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:41:43Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"uOjghpxwNfWpy+mrWuYZuzLkvCVQCQAC91Lqc2HHuPTnzbcbjHgndCL5o7ZiyitOIFO8ZBHJWGllbVzAgDsGCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T22:50:38.001802Z"},"content_sha256":"0ffe35604034ab96feb1c6619b8c4087ed04a1d5efa5dba5379bfd96dd2bee5a","schema_version":"1.0","event_id":"sha256:0ffe35604034ab96feb1c6619b8c4087ed04a1d5efa5dba5379bfd96dd2bee5a"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:UADEU4GG7L3LRMSIGNRGICV3LL","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"OS Fingerprinting: New Techniques and a Study of Information Gain and Obfuscation","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Blake Anderson, David McGrew","submitted_at":"2017-06-24T20:59:22Z","abstract_excerpt":"Passive operating system fingerprinting reveals valuable information to the defenders of heterogeneous private networks; at the same time, attackers can use fingerprinting to reconnoiter networks, so defenders need obfuscation techniques to foil them. We present an effective approach for passive fingerprinting that uses data features from TLS as well as the TCP/IP and HTTP protocols in a multi-session model, which is applicable whenever several sessions can be observed within a time window. In experiments on a real-world private network, our approach identified operating system major and minor"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1706.08003","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:41:43Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"aBqec0NLktfvIQnPCGADeAR/kcR1yioy+p+osFgUYdm/ZKWmfmKlXIzSewywMs7SSGZiwv4rTN7nOA7ykgaGDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-04T22:50:38.002383Z"},"content_sha256":"729a2b11521fa7e4db98b53610dc2ca4ed35124126f224f435e99ed99157b017","schema_version":"1.0","event_id":"sha256:729a2b11521fa7e4db98b53610dc2ca4ed35124126f224f435e99ed99157b017"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/UADEU4GG7L3LRMSIGNRGICV3LL/bundle.json","state_url":"https://pith.science/pith/UADEU4GG7L3LRMSIGNRGICV3LL/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/UADEU4GG7L3LRMSIGNRGICV3LL/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-04T22:50:38Z","links":{"resolver":"https://pith.science/pith/UADEU4GG7L3LRMSIGNRGICV3LL","bundle":"https://pith.science/pith/UADEU4GG7L3LRMSIGNRGICV3LL/bundle.json","state":"https://pith.science/pith/UADEU4GG7L3LRMSIGNRGICV3LL/state.json","well_known_bundle":"https://pith.science/.well-known/pith/UADEU4GG7L3LRMSIGNRGICV3LL/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:UADEU4GG7L3LRMSIGNRGICV3LL","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"79ce3eef584b27e8237a6825be226d537e13ab15ada2fa3dc52ec03fc43ce3e1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-06-24T20:59:22Z","title_canon_sha256":"3964dabbc51f1bdbc7d5baf68f8e941472ee0ef2b52a2b4677b041d583209266"},"schema_version":"1.0","source":{"id":"1706.08003","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1706.08003","created_at":"2026-05-18T00:41:43Z"},{"alias_kind":"arxiv_version","alias_value":"1706.08003v1","created_at":"2026-05-18T00:41:43Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1706.08003","created_at":"2026-05-18T00:41:43Z"},{"alias_kind":"pith_short_12","alias_value":"UADEU4GG7L3L","created_at":"2026-05-18T12:31:46Z"},{"alias_kind":"pith_short_16","alias_value":"UADEU4GG7L3LRMSI","created_at":"2026-05-18T12:31:46Z"},{"alias_kind":"pith_short_8","alias_value":"UADEU4GG","created_at":"2026-05-18T12:31:46Z"}],"graph_snapshots":[{"event_id":"sha256:729a2b11521fa7e4db98b53610dc2ca4ed35124126f224f435e99ed99157b017","target":"graph","created_at":"2026-05-18T00:41:43Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Passive operating system fingerprinting reveals valuable information to the defenders of heterogeneous private networks; at the same time, attackers can use fingerprinting to reconnoiter networks, so defenders need obfuscation techniques to foil them. We present an effective approach for passive fingerprinting that uses data features from TLS as well as the TCP/IP and HTTP protocols in a multi-session model, which is applicable whenever several sessions can be observed within a time window. In experiments on a real-world private network, our approach identified operating system major and minor","authors_text":"Blake Anderson, David McGrew","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-06-24T20:59:22Z","title":"OS Fingerprinting: New Techniques and a Study of Information Gain and Obfuscation"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1706.08003","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:0ffe35604034ab96feb1c6619b8c4087ed04a1d5efa5dba5379bfd96dd2bee5a","target":"record","created_at":"2026-05-18T00:41:43Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"79ce3eef584b27e8237a6825be226d537e13ab15ada2fa3dc52ec03fc43ce3e1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-06-24T20:59:22Z","title_canon_sha256":"3964dabbc51f1bdbc7d5baf68f8e941472ee0ef2b52a2b4677b041d583209266"},"schema_version":"1.0","source":{"id":"1706.08003","kind":"arxiv","version":1}},"canonical_sha256":"a0064a70c6faf6b8b2483362640abb5adc95e57e3ae97cb77474430d7875aa15","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"a0064a70c6faf6b8b2483362640abb5adc95e57e3ae97cb77474430d7875aa15","first_computed_at":"2026-05-18T00:41:43.905105Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:41:43.905105Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"ZDiXabpDLgMFF4FqSagjZUw25vLtL/hOeLaSHqPdppp/5NUwjIyk7DRCqNeou+hu99H104e4MYnydb+6ajoJAw==","signature_status":"signed_v1","signed_at":"2026-05-18T00:41:43.905756Z","signed_message":"canonical_sha256_bytes"},"source_id":"1706.08003","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:0ffe35604034ab96feb1c6619b8c4087ed04a1d5efa5dba5379bfd96dd2bee5a","sha256:729a2b11521fa7e4db98b53610dc2ca4ed35124126f224f435e99ed99157b017"],"state_sha256":"b951d0d39b9b3539df3bedb06c094347b08ce0059eecc769657ecbea5f7e320d"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"DNZUJxfMsymMtDFuRWALCUUs7qgsPDQH+t88+Yw0/47+gsmVlA7faEtQcNJlhjI6l+z4z47CRq/99LAcFKc8Bg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-04T22:50:38.006503Z","bundle_sha256":"dd7a6c57c1fea8d5fa563c1ee1e0bb24ba058b147d6afc2d911af9a0fb985d8c"}}