Push Away Your Privacy: Precise User Tracking Based on TLS Client - - PowerPoint PPT Presentation

push away your privacy precise user tracking based on tls
SMART_READER_LITE
LIVE PREVIEW

Push Away Your Privacy: Precise User Tracking Based on TLS Client - - PowerPoint PPT Presentation

Feb 02, 2024 314 likes •464 views

Chair of Network Architectures and Services TUM Department of Informatics Technical University of Munich (TUM) Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication Matthias Wachs, Quirin Scheitle, and

slide-1
SLIDE 1

Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication

Chair of Network Architectures and Services TUM Department of Informatics Technical University of Munich (TUM)

Matthias Wachs, Quirin Scheitle, and Georg Carle ANRW’18, Montreal, July 16, 2018 Originally published at TMA’17, Dublin, June 2017

slide-2
SLIDE 2

TLS 1.2 handshake does not encrypt certificates

Known for a long time, and thankfully fixed in TLS1.3

Client Server

ClientHello ServerHello, Certificate, . . . , CertificateRequest, . . . Certificate,. . . , Finished Finished [Application Data]

Figure: TLS 1.2 handshake, Unencrypted Data, [Encrypted Data]

Server Certificates

  • Eavesdroppers can learn the specific websites that a user visits (not just the server’s IP address)

Client Certificates

  • Used by VPNs, governments, . . .
  • Person names, company names, . . . → private data!

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 2

slide-3
SLIDE 3

TLS 1.2 Client Certificate Authentication (CCA)

Where is CCA being used?

  • Network authentication: 802.1x EAP
  • VPN: OpenVPN, F5 EdgeConnect, . . .
  • Web: HTTPS
  • IoT: MQTT
  • Remote device management, for example MobileIron
  • Apple Push Notification Service (APNs)

Apple Statistics:

  • 1 billion active devices (2016)
  • 800 million iTunes accounts (2014)

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 3

slide-4
SLIDE 4

Push Notification Services

Push Server Server C Server B Server A App C App B App A

Figure: Push Service Architecture: Messages brokered to Apps through the Push Notification Service.

Resource efficient notification of (mobile) applications:

  • Apple’s APNs: iOS, MacOs, iTunes, watchOS, tvOS, . . .
  • Google’s FCM: Android, Chrome
  • Microsoft’s WNS: Windows, Windows Phone

Paradigms:

  • Tightly integrated with operating system
  • Always connected to backend

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 4

slide-5
SLIDE 5

Apple Push Notification Service (APNs)

APNs integral part of iOS and macOS – “always on” APNs uses Client Certificates for login:

  • Generated at device setup
  • Unique cryptographic material (CN, public key, fingerprint)

Serial Number: ab:12:34:56:78:9a:bc:de:f0:12 Issuer: C=US, O=Apple Inc., OU=Apple iPhone, CN=Apple iPhone Device CA Validity Not Before: Apr 8 12:34:56 2015 GMT Validity Not After : Apr 8 12:34:56 2016 GMT Subject: CN=12345678-1234-1234-1234-123456789ABC Key ... (all data redacted)

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 5

slide-6
SLIDE 6

Precise User1 Tracking in APNs

Several appearances of same device easily linkable

2 of 4 Attacker Types Considered in this Work

  • Apple or someone infiltrating Apple: better means available
  • Local adversary: Can use MAC addresses and more
  • Regional adversary: Access to one or several large networks
  • Global adversary: Access to several core networks

Regional Adversary – Validation at Internet Uplink

  • Can a regional adversary track users?

Global Adversary – Validation through Global Path Measurements

  • How well can a global adversary leverage APNs to track users?

1: APNs CCA certificates are bound to devices. However, these devices are typically private and carried by a user at most times, which allows inferences into user tracking.

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 6

slide-7
SLIDE 7

Passive Capturing

Methodology

Analysis of > 2 weeks of TLS CCA traffic at Internet uplink Regulations by IRB:

  • Documented measurement process
  • Isolated measurement infrastructure
  • Access only for permitted staff
  • Raw data must not leave infrastructure

Our self-restrictions:

  • No attempt to identify users
  • No publication of identifiable data

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 7

slide-8
SLIDE 8

APNs by far the biggest user of CCA

#Certs Issuer Distinguished Name 56128 /C=US/O=Apple Inc./OU=Apple iPhone/CN=Apple iPhone Device CA 334 /CN=Layer Client CA/C=US/L=San Francisco/O=Layer, Inc/ST=CA 221 /CN=AnyDesk Client 76 /C=KR/ST=Kyunggido/L=Suwon/O=Samsung Electronics (redacted) 52 /CN=Ricoh Remote Service (redacted)

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 8

slide-9
SLIDE 9

Case Study - how well can we track a single user?

Informed Consent

Note: We are tracking a device. As mobile devices are typically closely carried, they allow conclusions about users. Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Day and connection type of APNs login 8 10 12 14 16 18 20 22 Time of day

Desk VPN WLAN

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 9

slide-10
SLIDE 10

What % of certificates is traceable?

2 4 6 8 10 12 14 16 18 # of days 0 % 20 % 40 % 60 % 80 % 100 % % of certificates seen on n days

iOS APNs Certificates All APNs Certificates Desktop APNs Certificates

≈ 50% of certificates observed on 3 or more days.

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 10

slide-11
SLIDE 11

Is global tracking feasible?

Cut short in this presentation, key insights of large RIPE Atlas active measurement campaign:

  • Majority of APNs logins are routed through few central IXPs/ISPs
  • Listening at these, attackers can globally track >80% of devices

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 11

slide-12
SLIDE 12

Responsible Disclosure

We informed Apple’s product security team before publication:

  • Very quick response
  • Several phone calls, continuous contact
  • Several engineers in calls and working on resolution

Fixed with January 2017 security patches

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 12

slide-13
SLIDE 13

What now?

TLS 1.3 encrypts certificates

Client Server

C l i e n t H e l l

  • S

e r v e r H e l l

  • ,

. . . , C e r t i fi c a t e , C e r t i fi c a t e R e q u e s t , . . . , F i n i s h e d , [ A p p l i c a t i

  • n

D a t a ] C e r t i fi c a t e , . . . , F i n i s h e d , [ A p p l i c a t i

  • n

D a t a ] [Application Data]

Figure: TLS 1.3 handshake, Unencrypted Data, [Encrypted Data]

But: ClientHello Extensions still unencrypted:

  • Server Name Indication (SNI)
  • Application-specific data

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 13

slide-14
SLIDE 14

Key Messages, Data, and Code

  • TLS-CCA sends certificates unencrypted
  • In an “always-on” mobile scenario, this can cause serious privacy issues
  • We quantified this issue in the Apple Push Notification Service (APNs), Apple fixed promptly
  • Be very careful about traceable identifiers in protocol design!
  • Reproducibility: Turned replication/reproduction into a lab at TMA PhD school

Data and Code: https://github.com/tumi8/cca-privacy

Quirin Scheitle (TUM) | Push Away Your Privacy: Precise User Tracking Based on TLS CCA 14