Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian (2021)
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop.
30th USENIX Security Symposium. virtual Conference (11.08.2021-13.08.2021)
Conference or Workshop Item, Bibliographie
This is the latest version of this item.
Abstract
Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.
Item Type: | Conference or Workshop Item |
---|---|
Erschienen: | 2021 |
Creators: | Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian |
Type of entry: | Bibliographie |
Title: | PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop |
Language: | English |
Date: | August 2021 |
Event Title: | 30th USENIX Security Symposium |
Event Location: | virtual Conference |
Event Dates: | 11.08.2021-13.08.2021 |
URL / URN: | https://www.usenix.org/conference/usenixsecurity21/presentat... |
Corresponding Links: | |
Abstract: | Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation. |
Uncontrolled Keywords: | Engineering, E4, ATHENE, Privacy and Trust for Mobile Users: A.1 B.3 C.1 |
Divisions: | 20 Department of Computer Science 20 Department of Computer Science > Cryptography and Privacy Engineering (ENCRYPTO) 20 Department of Computer Science > Sichere Mobile Netze DFG-Collaborative Research Centres (incl. Transregio) DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres DFG-Graduiertenkollegs DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users Profile Areas Profile Areas > Cybersecurity (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > emergenCITY DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments |
Date Deposited: | 06 Apr 2021 08:16 |
Last Modified: | 03 Jul 2024 02:50 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Available Versions of this Item
-
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. (deposited 15 Jun 2022 12:12)
- PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. (deposited 06 Apr 2021 08:16) [Currently Displayed]
Send an inquiry |
Options (only for editors)
Show editorial Details |