Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian (2021)
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop.
30th USENIX Security Symposium. virtual Conference (11.-13.08.2021)
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2021 |
| Autor(en): | Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian |
| Art des Eintrags: | Bibliographie |
| Titel: | PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop |
| Sprache: | Englisch |
| Publikationsjahr: | August 2021 |
| Veranstaltungstitel: | 30th USENIX Security Symposium |
| Veranstaltungsort: | virtual Conference |
| Veranstaltungsdatum: | 11.-13.08.2021 |
| URL / URN: | https://www.usenix.org/conference/usenixsecurity21/presentat... |
| Kurzbeschreibung (Abstract): | Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation. |
| Freie Schlagworte: | Engineering, E4, ATHENE, Privacy and Trust for Mobile Users: A.1 B.3 C.1 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Praktische Kryptographie und Privatheit 20 Fachbereich Informatik > Sichere Mobile Netze DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche DFG-Graduiertenkollegs DFG-Graduiertenkollegs > Graduiertenkolleg 2050 Privacy and Trust for Mobile Users Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > emergenCITY DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 06 Apr 2021 08:16 |
| Letzte Änderung: | 22 Jun 2022 12:27 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum