TU Darmstadt / ULB / TUbiblio

PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian (2022)
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop.
30th USENIX Security Symposium (USENIX Security 21). Virtual event (11.-13.08.2021)
doi: 10.26083/tuprints-00020599
Konferenzveröffentlichung, Zweitveröffentlichung, Verlagsversion

Kurzbeschreibung (Abstract)

Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2022
Autor(en): Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian
Art des Eintrags: Zweitveröffentlichung
Titel: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop
Sprache: Englisch
Publikationsjahr: 2022
Ort: Darmstadt
Verlag: USENIX Association
Buchtitel: Proceedings of the 30th USENIX Security Symposium
Veranstaltungstitel: 30th USENIX Security Symposium (USENIX Security 21)
Veranstaltungsort: Virtual event
Veranstaltungsdatum: 11.-13.08.2021
DOI: 10.26083/tuprints-00020599
URL / URN: https://tuprints.ulb.tu-darmstadt.de/20599
Zugehörige Links:
Herkunft: Zweitveröffentlichungsservice
Kurzbeschreibung (Abstract):

Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

Status: Verlagsversion
URN: urn:nbn:de:tuda-tuprints-205994
Zusätzliche Informationen:

Presentation: 21 slides

Presentation video: https://youtu.be/sFEUlmcj36k

Sachgruppe der Dewey Dezimalklassifikatin (DDC): 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Praktische Kryptographie und Privatheit
20 Fachbereich Informatik > Sichere Mobile Netze
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
DFG-Graduiertenkollegs
DFG-Graduiertenkollegs > Graduiertenkolleg 2050 Privacy and Trust for Mobile Users
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > emergenCITY
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 15 Jun 2022 12:12
Letzte Änderung: 22 Jun 2022 12:32
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen