Staying Secure and Unprepared: Understanding and Mitigating the - - PowerPoint PPT Presentation

staying secure and unprepared understanding and
SMART_READER_LITE
LIVE PREVIEW

Staying Secure and Unprepared: Understanding and Mitigating the - - PowerPoint PPT Presentation

Oct 21, 2022 520 likes •1.24k views

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai , Luyi Xing) (co-first authors), Nan Zhang , XiaoFeng Wang , Xiaojing Liao , Tongxin Li , Shi-Min Hu TNList, Tsinghua University,

slide-1
SLIDE 1

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks

  • f Apple ZeroConf

(Xiaolong Bai, Luyi Xing) (co-first authors),

Nan Zhang , XiaoFeng Wang , Xiaojing Liao , Tongxin Li , Shi-Min Hu TNList, Tsinghua University,

Indiana University Bloomington Georgia Institute of Technology, Peking University

1

slide-2
SLIDE 2

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks

  • f Apple ZeroConf

2

slide-3
SLIDE 3

Zero Configuration Networking (ZeroConf)

3

slide-4
SLIDE 4

ZeroConf

4

  • Bonjour
slide-5
SLIDE 5

ZeroConf

5

  • Bonjour protocol

– zero-configuration networking over IP that Apple has submitted to the IETF.

  • Goals:

– With little or no configuration – to add devices/services to a local network – Existing devices can automatically find and connect to those new devices/services

slide-6
SLIDE 6

Bonjour

6

  • Administrators

– no need to assign IP, host names, service names to network services (e.g., printer)

  • When first use a service, users simply

– ask to see what network services are automatically available – and choose from the list.

slide-7
SLIDE 7

How about traditional configured network?

7

slide-8
SLIDE 8

8

Must Configure:

– IP – Printer name,

  • e.g., lh135-soic.ads.iu.edu

– DNS server

Traditionally

slide-9
SLIDE 9

9

Traditionally

Must Configure:

– IP – Printer name,

  • e.g., lh135-soic.ads.iu.edu

– DNS server

slide-10
SLIDE 10

Features of Bonjour

10

  • 1. Service configures itself

– IP, hostname, service instance name

  • 2. Clients automatically discover available services

– No pre-knowledge of the service’s name, hostname or IP

slide-11
SLIDE 11
  • 1. ZeroConf Concept
  • 2. So, how?

11

slide-12
SLIDE 12

12

Add a new printer to a network

slide-13
SLIDE 13

13

Is anybody using IP fe80::abcd:1234....?

A printer configures itself

slide-14
SLIDE 14

14

No? Great, I’ll take it.

IP fe80::abcd:1234

A printer configures itself

slide-15
SLIDE 15

15

Anybody using hostname NPI9fe5.host.local?

IP fe80::abcd:1234

A printer configures itself

slide-16
SLIDE 16

16

No? Wonderful, I’ll take it.

IP fe80::abcd:1234 Hostname HP9FE5.host.local

A printer configures itself

slide-17
SLIDE 17

17

Anybody having a printing service named HP-Service- 9FE5?

A printer configures itself

IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5

slide-18
SLIDE 18

18

IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5

A printer finishes configuring itself

slide-19
SLIDE 19

19

  • 1. Service configures itself

– IP, hostname, service instance name

  • 2. Clients automatically discover available services

– No pre-knowledge of the service’s name, hostname or IP

Features of Bonjour

slide-20
SLIDE 20

20

Automatically find the printer

Q1: Anyone has a printer service? A1: I have HP-Service-9FE5

slide-21
SLIDE 21

21

Q1: Anyone has a printer service? A1: I have service instance HP-Service-9FE5 Q2: So on which host is this HP-Service- 9FE5? A2: It’s on host NPI9fe5.host.local

Automatically find the printer

slide-22
SLIDE 22

Added/Saved the printer to your list

22

IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5

slide-23
SLIDE 23

Added/Saved the printer to your list

23

IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5

Apple: Applications store service instance names, so if the IP, port, or host name changed, the application can still connect.

slide-24
SLIDE 24

Service instance name HP-Service-9FE5 is saved

24

IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5

Saved printer = A printer who owns service name HP-Service-9FE5

slide-25
SLIDE 25

Adversary

25

  • On a device (malware infected) in your local network
  • Aims to intercept secrets/files transferred between uninfected

devices

slide-26
SLIDE 26

Adversary

26

  • Your Mac/printer are un-infected
  • Steal your printing documents?
slide-27
SLIDE 27

27

  • 1. ZeroConf Concept
  • 2. ZeroConf How
  • 3. ZeroConf Breaking

Printer

slide-28
SLIDE 28
  • 1. ZeroConf Concept
  • 2. ZeroConf How
  • 3. ZeroConf Breaking

Case 1: Printer

28

slide-29
SLIDE 29

29

A device infected by malware

IP Hostname Service Instance Name HP-Service-9FE5

slide-30
SLIDE 30

30

A device infected by malware

I have a printing service instance named HP-Service-9FE5

IP Hostname Service Instance Name HP-Service-9FE5 Service Instance Name HP-Service-9FE5

slide-31
SLIDE 31

31

A device infected by malware

xf I have a printing service instance named HP-Service-9FE5

IP Hostname Service Instance Name HP-Service-9FE5 Service Instance Name HP-Service-9FE5

slide-32
SLIDE 32

32

Saved printer = A printer who owns service name HP-Service-9FE5

New Service Name HP-Service-9FE5 (2)

Service Instance Name HP-Service-9FE5

x xf

slide-33
SLIDE 33

33

Three Changing Attributs:

– IP – Hostname – Service Instance Name

Apple: Applications store service instance names, so if the IP, port, or host name changed, the application can still connect.

Why it happens?

slide-34
SLIDE 34

34

  • Anyone can claim any value of the three attributes
  • The protocol only guarantees no duplicates.

Lack of authentication

Three Changing Attributs:

– IP – Hostname – Service Instance Name

slide-35
SLIDE 35
  • 1. ZeroConf Concept
  • 2. ZeroConf How
  • 3. ZeroConf Breaking

Case 2: Airdrop

35

slide-36
SLIDE 36

36

Airdrop between Apple devices

slide-37
SLIDE 37

37

slide-38
SLIDE 38

38

Jeff’s Macbook: Q1: Anyone has an airdrop service? Alice’s iPhone:

Attack Airdrop

I have a service named abcd.airdrop.service

slide-39
SLIDE 39

39

Attack Airdrop

Jeff’s Macbook: Q2: So on which host is Alice’s service? Alice’s iPhone: I have a service named abcd.airdrop.service

slide-40
SLIDE 40

40

Attack Airdrop

Alice’s iPhone: A2: It’s on host Alices.iphone.local Jeff’s Macbook: Q2: So on which host is Alice’s service? Bob’s iMac: A2: It’s on host Bobs.imac.local

slide-41
SLIDE 41

41

Alice’s iPhone has service named abcd.airdrop.tcp, which is on host Bobs.imac.local

Jeff’s Macbook: Q2: So on which host is Alice’s service? Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local

slide-42
SLIDE 42

42

Attack Airdrop

Jeff’s Macbook: Connect https://Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local Bob’s iMac: A2: It’s on host Bobs.imac.local

slide-43
SLIDE 43

43

Does TLS help?

Bob’s iMac: A2: It’s on host Bobs.imac.local Jeff’s Macbook: Connect https://Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local

slide-44
SLIDE 44

TLS in Airdrop

44

Server certificate issued to appleid. CDEF … https://Bobs.imac.local

Bob’s iMac Jeff’s Macbook

Server certificate issued to appleid.ABCD… https://Alices.iphone.local

Alice’s iPhone

slide-45
SLIDE 45

So the certificate in airdrop can hardly be used for authentication.

45

Server certificate issued to appleid.CDEF… https://Bobs.imac.local

Bob’s iMac Jeff’s Macbook

Server certificate issued to appleid.ABCD… https://Alices.iphone.local

Alice’s iPhone

slide-46
SLIDE 46

Domain should match the certificate

46

https://google.com Certificate issued to google.com

Jeff’s Macbook Bob’s iMac

https://Bobs.imac.local Server certificate issued to appleid.CDEF… xf xf

slide-47
SLIDE 47

47

Server certificate issued to appleid.CDEF… https://Bobs.imac.local

Bob’s iMac Jeff’s Macbook

Server certificate issued to appleid.ABCD … https://Alices.iphone.local

Alice’s iPhone

Domain should match the certificate

xf xf xf xf

slide-48
SLIDE 48

48

What’s wrong with TLS in Airdrop

  • The certificate in airdrop cannot be used for authentication

– E.g, certificate should be issued to Alice – but indeed issued to appleid.ABCD…

  • Linking a human to her certificate is complicated

– challenge in finding any identifiable information that are

  • well-known
  • no privacy implication
  • and unique
slide-49
SLIDE 49

49

slide-50
SLIDE 50

50

Some customized ZeroConf protocols

  • FileDrop

– TCP packets for discovery – elliptical curve cryptography for security – Failed in authentication

  • challenge in linking a human to her public key
slide-51
SLIDE 51

51

  • 1. ZeroConf Concept
  • 2. ZeroConf How
  • 3. ZeroConf Breaking

Case 3: Apple’s Vulnerable framework

slide-52
SLIDE 52

Apple’s Vulnerable framework

52

  • Multipeer Connectivity (MC)

– A framework for automatic service discovery between nearby devices across Wi-Fi and Bluetooth without configuration

  • Object to identify each app: peerID

– displayName (public) & uniqueID (private)

slide-53
SLIDE 53
  • Automatic Service Discovery Without Configuration

– Servers advertise peerIDs

Normally

53

Server Server Client

peerID displayName: Alice uniqueID: 8573a peerID displayName: Bob uniqueID: 6c5b3

slide-54
SLIDE 54
  • Automatic Service Discovery Without Configuration

– Servers advertise peerIDs, Client browse peerIDs (show displayName)

Normally

54

peerID displayName: Alice uniqueID: 8573a peerID displayName: Bob uniqueID: 6c5b3

Alice Bob

Server Server Client

slide-55
SLIDE 55
  • Even if servers have the same displayName

Normally

55

peerID displayName: Alice uniqueID: abcde peerID displayName: Alice uniqueID: 54321

Server Server Client

slide-56
SLIDE 56
  • Even if servers have the same displayName

– uniqueIDs generated by MC will always be different

Normally

56

peerID displayName: Alice uniqueID: abcde peerID displayName: Alice uniqueID: 54321

Server Server Client

slide-57
SLIDE 57
  • Even if servers have the same displayName

– uniqueIDs generated by MC will always be different

Normally

57

Alice Alice

peerID displayName: Alice uniqueID: abcde peerID displayName: Alice uniqueID: 54321

Server Server Client

slide-58
SLIDE 58
  • Attacker acts as both client and server

– Browse and acquire peerID object from victim server

What Can Go Wrong?

58

peerID displayName: Alice uniqueID: abcde

Server Client & Server Client

slide-59
SLIDE 59
  • Attacker acts as both client and server

– Advertise using the same peerID object

What Can Go Wrong?

59

Alice

peerID displayName: Alice uniqueID: abcde peerID displayName: Alice uniqueID: abcde

Server Client & Server Client

slide-60
SLIDE 60
  • Client can not distinguish because of same uniqueID

What Can Go Wrong?

60

Alice

An Update?

peerID displayName: Alice uniqueID: abcde peerID displayName: Alice uniqueID: abcde

Server Client & Server Client

slide-61
SLIDE 61
  • Client can not distinguish because of same uniqueID
  • Client maps the only peer to attacker’s address (MitM)

What Can Go Wrong?

61

Alice

peerID displayName: Alice uniqueID: abcde peerID displayName: Alice uniqueID: abcde

Server Client & Server Client

slide-62
SLIDE 62

62

  • 1. ZeroConf Concept
  • 2. ZeroConf How
  • 3. ZeroConf Breaking

Case 4: Bluetooth

slide-63
SLIDE 63

All your iOS notifications belong to me

63

  • ZeroConf on Bluetooth: Apple Handoff

– Handoff creates Bluetooth channel without configuration

  • Malicious app on Mac can steal notifications on iPhone
  • For details, please refer to our paper

Bluetooth

slide-64
SLIDE 64

Summary of attacks

  • Attacks on Apple ZeroConf channels

– Printer (Bonjour) – Airdrop (Bonjour) – Multipeer Connectivity (MC) – Handoff

  • Attacks on other channels (please refer to our paper)

– BLE – Customized ZeroConf protocols

  • All vulnerabilities were reported to vendors, acknowledged by

most vendors

64

slide-65
SLIDE 65

65

  • 1. ZeroConf Concept
  • 2. ZeroConf How
  • 3. ZeroConf Breaking
  • 4. Impact
slide-66
SLIDE 66

Impact

66

  • Measurement

– We analyzed 61 popular Mac and iOS apps working with ZeroConf – 88.5% are vulnerable to man-in-the-middle or impersonation attacks

ZeroConf Channels Vulnerable/ Sampled Sensitive Information Leaked Bonjour 18/22 files, directories and clipboard synced, documents printed, instant message MC 24/24 files and photos transferred, instant message BLE 10/13 User name and password for OS X Customized protocols 2/2 remote keyboard input and files transferred

slide-67
SLIDE 67

67

  • 1. ZeroConf Concept
  • 2. ZeroConf How
  • 3. ZeroConf Breaking
  • 4. Impact
  • 5. Protecting ZeroConf
slide-68
SLIDE 68

Protecting ZeroConf

68

  • Problem: linking a human to her certificate is complicated
  • Speaking out Your Certificate (SPYC)

– Voice biometrics ties certificate to identity – Human Subject Study: convenient and effective

  • For more details, please refer to our paper
slide-69
SLIDE 69

Conclusion

69

  • Apple’s ZeroConf techniques are not secure as expected

– The usability-oriented design affects security

  • Addressing such security risks is nontrivial

– Challenge in binding a human to her certificate

  • Our Defense: SPYC

– Voice biometrics ties certificate to identity

slide-70
SLIDE 70

ZeroConf

70

  • The ZEROCONF Working Group’s requirements

and proposed solutions for zero-configuration networking over IP essentially cover three areas:

– addressing (allocating IP addresses to hosts) – naming (using names to refer to hosts instead of IP addresses) – service discovery (finding services on the network automatically)