staying secure and unprepared understanding and
play

Staying Secure and Unprepared: Understanding and Mitigating the - PowerPoint PPT Presentation

Oct 21, 2022 •520 likes •1.23k views

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai , Luyi Xing) (co-first authors), Nan Zhang , XiaoFeng Wang , Xiaojing Liao , Tongxin Li , Shi-Min Hu TNList, Tsinghua University,

  1. Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai , Luyi Xing) (co-first authors), Nan Zhang , XiaoFeng Wang , Xiaojing Liao , Tongxin Li , Shi-Min Hu TNList, Tsinghua University, Indiana University Bloomington Georgia Institute of Technology, Peking University 1

  2. Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf 2

  3. Zero Configuration Networking (ZeroConf) 3

  4. ZeroConf • Bonjour 4

  5. ZeroConf • Bonjour protocol – zero-configuration networking over IP that Apple has submitted to the IETF. • Goals: – With little or no configuration – to add devices/services to a local network – Existing devices can automatically find and connect to those new devices/services 5

  6. Bonjour • Administrators – no need to assign IP, host names, service names to network services (e.g., printer) • When first use a service, users simply – ask to see what network services are automatically available – and choose from the list. 6

  7. How about traditional configured network? 7

  8. Traditionally Must Configure: ✔ – IP – Printer name, • e.g., lh135-soic.ads.iu.edu – DNS server 8

  9. Traditionally Must Configure: – IP – Printer name, • e.g., lh135-soic.ads.iu.edu – DNS server 9

  10. Features of Bonjour 1. Service configures itself – IP, hostname, service instance name 2. Clients automatically discover available services – No pre-knowledge of the service’s name, hostname or IP 10

  11. 1. ZeroConf Concept 2. So, how? 11

  12. Add a new printer to a network 12

  13. A printer configures itself Is anybody using IP fe80::abcd:1234....? 13

  14. A printer configures itself IP fe80::abcd:1234 No? Great, I’ll take it. 14

  15. A printer configures itself IP fe80::abcd:1234 Anybody using hostname NPI9fe5.host.local? 15

  16. A printer configures itself IP fe80::abcd:1234 Hostname HP9FE5.host.local No? Wonderful, I’ll take it. 16

  17. A printer configures itself IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 Anybody having a printing service named HP-Service- 9FE5? 17

  18. A printer finishes configuring itself IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 18

  19. Features of Bonjour 1. Service configures itself – IP, hostname, service instance name 2. Clients automatically discover available services – No pre-knowledge of the service’s name, hostname or IP 19

  20. Automatically find the printer Q1: Anyone has a printer service? A1: I have HP-Service-9FE5 20

  21. Automatically find the printer Q1: Anyone has a printer service? A1: I have service instance HP-Service-9FE5 Q2: So on which host is this HP-Service- 9FE5? A2: It’s on host NPI9fe5.host.local 21

  22. Added/ Saved the printer to your list IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 22

  23. Added/ Saved the printer to your list IP fe80::abcd:1234 Hostname Apple: HP9FE5.host.local Service Instance Name HP-Service-9FE5 Applications store service instance names, so if the IP, port, or host name changed, the application can still connect. 23

  24. Service instance name HP-Service-9FE5 is saved IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 Saved printer = A printer who owns service name HP-Service-9FE5 24

  25. Adversary • On a device (malware infected) in your local network • Aims to intercept secrets/files transferred between uninfected devices 25

  26. Adversary • Your Mac/printer are un-infected • Steal your printing documents? 26

  27. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Printer 27

  28. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 1: Printer 28

  29. A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 29

  30. A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 I have a printing service instance named Service Instance Name HP-Service-9FE5 HP-Service-9FE5 30

  31. A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 I have a printing service instance named Service Instance Name HP-Service-9FE5 HP-Service-9FE5 xf 31

  32. Saved printer = A printer who owns service name HP-Service-9FE5 xf New Service Name HP-Service-9FE5 (2) Service Instance Name x HP-Service-9FE5 32

  33. Why it happens? Three Changing Attributs: – IP – Hostname – Service Instance Name Apple: Applications store service instance names, so if the IP, port, or host name changed, the application can still connect. 33

  34. Lack of authentication Three Changing Attributs: – IP – Hostname – Service Instance Name Anyone can claim any value of the three attributes • The protocol only guarantees no duplicates. • 34

  35. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 2: Airdrop 35

  36. Airdrop between Apple devices 36

  37. 37

  38. Attack Airdrop Jeff’s Macbook: Q1: Anyone has an airdrop service? Alice’s iPhone: I have a service named abcd.airdrop.service 38

  39. Attack Airdrop Jeff’s Macbook: Q2: So on which host is Alice’s service? Alice’s iPhone: I have a service named abcd.airdrop.service 39

  40. Attack Airdrop Jeff’s Macbook: Q2: So on which host is Alice’s service? Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 40

  41. Alice’s iPhone has service named abcd.airdrop.tcp, which is on host Bobs.imac.local Jeff’s Macbook: Q2: So on which host is Alice’s service? Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 41

  42. Attack Airdrop Jeff’s Macbook: Connect https://Bobs.imac.local Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 42

  43. Does TLS help? Jeff’s Macbook: Connect https://Bobs.imac.local Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 43

  44. TLS in Airdrop https://Bobs.imac.local Server certificate issued to appleid. CDEF … Bob’s iMac Jeff’s Macbook https://Alices.iphone.local Server certificate issued to appleid.ABCD… Alice’s iPhone 44

  45. So the certificate in airdrop can hardly be used for authentication. https://Bobs.imac.local Server certificate issued to appleid.CDEF… Bob’s iMac Jeff’s Macbook https://Alices.iphone.local Server certificate issued to appleid.ABCD… Alice’s iPhone 45

  46. Domain should match the certificate https://Bobs.imac.local Server certificate issued to appleid.CDEF… Bob’s iMac Jeff’s Macbook https://google.com xf Certificate issued to google.com xf 46

  47. Domain should match the certificate https://Bobs.imac.local xf xf Server certificate issued to appleid.CDEF… Bob’s iMac Jeff’s Macbook https://Alices.iphone.local xf Server certificate issued to appleid.ABCD … xf Alice’s iPhone 47

  48. What’s wrong with TLS in Airdrop • The certificate in airdrop cannot be used for authentication – E.g, certificate should be issued to Alice – but indeed issued to appleid.ABCD… • Linking a human to her certificate is complicated – challenge in finding any identifiable information that are • well-known • no privacy implication • and unique 48

  49. 49

  50. Some customized ZeroConf protocols • FileDrop – TCP packets for discovery – elliptical curve cryptography for security – Failed in authentication • challenge in linking a human to her public key 50

  51. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 3: Apple’s Vulnerable framework 51

  52. Apple’s Vulnerable framework • Multipeer Connectivity (MC) – A framework for automatic service discovery between nearby devices across Wi-Fi and Bluetooth without configuration • Object to identify each app: peerID – displayName (public) & uniqueID (private) 52

  53. Normally • Automatic Service Discovery Without Configuration – Servers advertise peerIDs Server peerID displayName: Alice uniqueID: 8573a peerID displayName: Bob Server uniqueID: 6c5b3 Client 53

  54. Normally • Automatic Service Discovery Without Configuration – Servers advertise peerIDs, Client browse peerIDs (show displayName) Server peerID displayName: Alice uniqueID: 8573a Alice Bob peerID displayName: Bob Server uniqueID: 6c5b3 Client 54

  55. Normally • Even if servers have the same displayName Server peerID displayName: Alice uniqueID: abcde peerID displayName: Alice Server uniqueID: 54321 Client 55

  56. Normally • Even if servers have the same displayName – uniqueIDs generated by MC will always be different Server peerID displayName: Alice uniqueID: abcde peerID displayName: Alice Server uniqueID: 54321 Client 56

  57. Normally • Even if servers have the same displayName – uniqueIDs generated by MC will always be different Server peerID displayName: Alice uniqueID: abcde Alice Alice peerID displayName: Alice Server uniqueID: 54321 Client 57

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unprepared! Unprepared! NIOSH has also found a large # of agencies are unprepared for most

Unprepared! Unprepared! NIOSH has also found a large # of agencies are unprepared for most

Occupational Health Monitoring for Emergency Responders Bruce Bernard, MD, MPH Captain, United States Public Health Service (ret); Consultant, CDC/NIOSH I have nothing to disclose The findings and conclusions in this report are those of the

731 views • 30 slides
Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@

Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@

Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@ www. `whoami` Christian-Schneider.net Software Developer, Whitehat Hacker & Trainer Freelancer since 1997 Focus on JavaEE &

773 views • 59 slides
While Using Open Source Guy Bar Gil, Product Manager 1 2 3 SmallComp s M&A Staying

While Using Open Source Guy Bar Gil, Product Manager 1 2 3 SmallComp s M&A Staying

How to Sleep Soundly at Night While Using Open Source Guy Bar Gil, Product Manager 1 2 3 SmallComp s M&A Staying Secure The Equifax Breach 2 Introduction Slide Two dogs + one cat In my free time I enjoy: Sports

739 views • 41 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
STAYING ON TRACK WITH FEDERAL FINANCIAL AID: UNDERSTANDING SATISFACTORY ACADEMIC PROGRESS Dr.

STAYING ON TRACK WITH FEDERAL FINANCIAL AID: UNDERSTANDING SATISFACTORY ACADEMIC PROGRESS Dr.

STAYING ON TRACK WITH FEDERAL FINANCIAL AID: UNDERSTANDING SATISFACTORY ACADEMIC PROGRESS Dr. Andrea Borregard Director of Financial Aid Owensboro Community & Technical College SATISFACTORY ACADEMIC PROGRESS (SAP) 668.34 (a) Satisfactory

395 views • 24 slides
Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The

Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The

Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The actions of brands during a crisis can make or break long-term relationships with consumers 2020 Edelman Trust Barometer Special Report: Trust

561 views • 30 slides
Understanding how PKI can secure your organization Todd Meedel Todd_F_Meedel@BCBSIL.com Sr.

Understanding how PKI can secure your organization Todd Meedel Todd_F_Meedel@BCBSIL.com Sr.

Understanding how PKI can secure your organization Todd Meedel Todd_F_Meedel@BCBSIL.com Sr. Cybersecurity Engineer IAM / PKI SME Health Care Services Corporation Objectives Who am I ? Defining what is PKI Explaining how PKI works

1.6k views • 41 slides
Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and

Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and

Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and Machine Learning Resistance 18th Smart Card Research and Advanced Application Conference: CARDIS 2019 Nils Wisiol, Georg T. Becker, Marian Margraf,

952 views • 21 slides
STAYING UPDATED CECILIA GARCIA INTRODUCTIONS NAME ART RESOURCES GOAL STAYING UPDATED

STAYING UPDATED CECILIA GARCIA INTRODUCTIONS NAME ART RESOURCES GOAL STAYING UPDATED

STAYING UPDATED CECILIA GARCIA INTRODUCTIONS NAME ART RESOURCES GOAL STAYING UPDATED E-NEWSLETTERS SOCIAL MEDIA WEBSITES NETWORK LOCAL ARTS SERVICE ORGANIZATIONS (LASO'S) SCARBOROUGH ARTS EAST END ARTS NORTH YORK ARTS URBAN ARTS

435 views • 20 slides
Presents Presents I s Your $$$ Secure? How Understanding Financial Statements Can Put You in

Presents Presents I s Your $$$ Secure? How Understanding Financial Statements Can Put You in

The I nstitute of Chartered Accountants of Barbados In association with In association with Dowells Advisory Services I nc. Presents Presents I s Your $$$ Secure? How Understanding Financial Statements Can Put You in the Know! QUOTE -

424 views • 25 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Unprepared Leaders and Kids Go Caving Visitors Are There at All Imaginable Hours. Accidents Are

Unprepared Leaders and Kids Go Caving Visitors Are There at All Imaginable Hours. Accidents Are

Unprepared Leaders and Kids Go Caving Visitors Are There at All Imaginable Hours. Accidents Are Waiting to Happen. Something Must Be Done To Get Cavers Involved In a Brainstorming Meeting an Idea Was Developed A Safe Caving Project Utah

474 views • 23 slides
Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner

Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner

Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner Schindler Federal Office for Information Security (BSI), Bonn, Germany Leuven, September 13, 2012 Outline Introduction and motivation

799 views • 60 slides
Expectations Rachel Pea Emma Rochard Hannah Baker Focused on secure understanding of key

Expectations Rachel Pea Emma Rochard Hannah Baker Focused on secure understanding of key

End of Year 2 Expectations Rachel Pea Emma Rochard Hannah Baker Focused on secure understanding of key concepts National Practical, problem solving, talk and Curriculum - pair work What it looks Application in real/different like in

411 views • 30 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Staying on Your Feet Taking Steps to Prevent Falls Speakers Notes Slide 1 Staying on Your

Staying on Your Feet Taking Steps to Prevent Falls Speakers Notes Slide 1 Staying on Your

Staying on Your Feet Taking Steps to Prevent Falls Speakers Notes Slide 1 Staying on Your Feet-Taking Steps to Prevent Falls is a public presentation that aims to promote healthy, active aging for older adults living in the community in

444 views • 9 slides
USA Site Report: DOSAR C.M. Jenkins 9/23/2009 DOSAR Site Report - C M Jenkins 1 Condor Cluster

USA Site Report: DOSAR C.M. Jenkins 9/23/2009 DOSAR Site Report - C M Jenkins 1 Condor Cluster

USA Site Report: DOSAR C.M. Jenkins 9/23/2009 DOSAR Site Report - C M Jenkins 1 Condor Cluster with Colinux Working! First got a mini Condor & Condor/colinux cluster working: Two PCs running Scientific Linux 3.0.9 (Fermi)

399 views • 14 slides
With man y-man y , w e w ouldn't kno w whic h en tit y pro vided the k ey

With man y-man y , w e w ouldn't kno w whic h en tit y pro vided the k ey

W eak En tit y Sets Sometimes an E.S. 's k ey comes not (completely) E from its o wn attributes, but from the k eys of one or more E.S's to whic h is link ed b y a supp orting E man y-one relationship.

353 views • 13 slides
I-Tech thesis projects 23-01-2020 Marit Theune and Sanne Gritter-Spuls First read: Steps

I-Tech thesis projects 23-01-2020 Marit Theune and Sanne Gritter-Spuls First read: Steps

Meeting about I-Tech thesis projects 23-01-2020 Marit Theune and Sanne Gritter-Spuls First read: Steps Find a thesis topic Find a supervisor Carry out Research Topics Carry out thesis project External thesis project Not if you

517 views • 20 slides
Software Engineering and Architecture Networking 101 Motivation Networking - not a

Software Engineering and Architecture Networking 101 Motivation Networking - not a

Software Engineering and Architecture Networking 101 Motivation Networking - not a curriculum issue in SWEA But You see it everywhere And you need some Network for dummies for our Broker AU CS Henrik Brbak

607 views • 39 slides
Web Dynamics Part 1 Introduction 1.1 Dimensions of dynamics in the Web 1.2 Application examples

Web Dynamics Part 1 Introduction 1.1 Dimensions of dynamics in the Web 1.2 Application examples

Web Dynamics Part 1 Introduction 1.1 Dimensions of dynamics in the Web 1.2 Application examples Summer Term 2009 Web Dynamics 1 1 Why Web Dynamics? From Wikipedia: In physics the term dynamics customarily refers to the time evolution of

608 views • 35 slides
CIS 330: Applied Database Systems Lecture 11: HTTP Header Data Authentication Alan Demers

CIS 330: Applied Database Systems Lecture 11: HTTP Header Data Authentication Alan Demers

CIS 330: Applied Database Systems Lecture 11: HTTP Header Data Authentication Alan Demers ademers@cs.cornell.edu Road Map Recap and Overview Reading HTTP Request Headers Reading Standard CGI Variables Generating the Server

792 views • 45 slides
Infrastructure Technologies for Large- Scale Service-Oriented Systems Kostas Magoutis

Infrastructure Technologies for Large- Scale Service-Oriented Systems Kostas Magoutis

Infrastructure Technologies for Large- Scale Service-Oriented Systems Kostas Magoutis magoutis@csd.uoc.gr http://www.csd.uoc.gr/~magoutis Advantages of clusters Scalability High availability Commodity building blocks Challenges of

695 views • 21 slides
Information Retrieval Venkatesh Vinayakarao Term: Aug Sep, 2019 Chennai Mathematical

Information Retrieval Venkatesh Vinayakarao Term: Aug Sep, 2019 Chennai Mathematical

https://vvtesh.sarahah.com/ Information Retrieval Venkatesh Vinayakarao Term: Aug Sep, 2019 Chennai Mathematical Institute While at first glance web crawling may appear to be merely an application of breadth-first-search, the truth is that

738 views • 34 slides

More recommend