Heinrich, Alexander ; Hollick, Matthias ; Schneider, Thomas ; Stute, Milan ; Weinert, Christian (2022)
PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop.
30th USENIX Security Symposium (USENIX Security 21). Virtual event (11.08.2021-13.08.2021)
doi: 10.26083/tuprints-00020599
Conference or Workshop Item, Secondary publication, Publisher's Version
![[img]](https://tuprints.ulb.tu-darmstadt.de/style/images/fileicons/text.png) |
Text
sec21-heinrich.pdf Copyright Information: CC BY 4.0 International - Creative Commons, Attribution. Download (847kB) |
![[img]](https://tuprints.ulb.tu-darmstadt.de/style/images/fileicons/slideshow.png) |
Slideshow
sec21_slides_heinrich-alexander_0.pdf Copyright Information: CC BY 4.0 International - Creative Commons, Attribution. Download (3MB) |
| Item Type: | Conference or Workshop Item |
|---|---|
| Type of entry: | Secondary publication |
| Title: | PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop |
| Language: | English |
| Date: | 2022 |
| Place of Publication: | Darmstadt |
| Year of primary publication: | 2022 |
| Publisher: | USENIX Association |
| Book Title: | Proceedings of the 30th USENIX Security Symposium |
| Event Title: | 30th USENIX Security Symposium (USENIX Security 21) |
| Event Location: | Virtual event |
| Event Dates: | 11.08.2021-13.08.2021 |
| DOI: | 10.26083/tuprints-00020599 |
| Corresponding Links: | |
| Origin: | Secondary publication service |
| Abstract: | Apple's offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation. |
| Status: | Publisher's Version |
| URN: | urn:nbn:de:tuda-tuprints-205994 |
| Additional Information: | Presentation: 21 slides Presentation video: https://youtu.be/sFEUlmcj36k |
| Classification DDC: | 000 Generalities, computers, information > 004 Computer science |
| Divisions: | 20 Department of Computer Science > Cryptography and Privacy Engineering (ENCRYPTO) 20 Department of Computer Science > Sichere Mobile Netze DFG-Graduiertenkollegs > Research Training Group 2050 Privacy and Trust for Mobile Users Profile Areas > Cybersecurity (CYSEC) LOEWE > LOEWE-Zentren > emergenCITY DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments |
| Date Deposited: | 15 Jun 2022 12:12 |
| Last Modified: | 14 Dec 2022 11:51 |
| URI: | https://tuprints.ulb.tu-darmstadt.de/id/eprint/20599 |
| PPN: | 496563386 |
| Export: |
 |
View Item |
Drucken
Impressum