TU Darmstadt / ULB / TUbiblio

PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian (2022):
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. (Publisher's Version)
In: Proceedings of the 30th USENIX Security Symposium, pp. 3577-3594,
Darmstadt, USENIX Association, 30th USENIX Security Symposium (USENIX Security 21), Virtual event, 11.-13.08.2021, ISBN 978-1-939133-24-3,
DOI: 10.26083/tuprints-00020599,
[Conference or Workshop Item]

Abstract

Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

Item Type: Conference or Workshop Item
Erschienen: 2022
Creators: Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian
Origin: Secondary publication service
Status: Publisher's Version
Title: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop
Language: English
Abstract:

Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

Book Title: Proceedings of the 30th USENIX Security Symposium
Place of Publication: Darmstadt
Publisher: USENIX Association
ISBN: 978-1-939133-24-3
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Cryptography and Privacy Engineering (ENCRYPTO)
20 Department of Computer Science > Sichere Mobile Netze
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
DFG-Graduiertenkollegs
DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > emergenCITY
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Title: 30th USENIX Security Symposium (USENIX Security 21)
Event Location: Virtual event
Event Dates: 11.-13.08.2021
Date Deposited: 15 Jun 2022 12:12
DOI: 10.26083/tuprints-00020599
URL / URN: https://tuprints.ulb.tu-darmstadt.de/20599
URN: urn:nbn:de:tuda-tuprints-205994
Additional Information:

Presentation: 21 slides

Presentation video: https://youtu.be/sFEUlmcj36k

PPN:
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details