View
217
Download
3
Tags:
Embed Size (px)
Citation preview
1
Tryst: Making Local Service Discovery Confidential
Jeffrey PangBen Greenstein
Srinivasan SeshanDavid Wetherall
2
What is Local Service Discovery?Find an 802.11 networkFind a local printer
AuthenticationSetup encryption
Find my friend’s PSPFind my friend’s iTunes
Proceeds automatically, often without user’s knowledge
3
Method 1: Announcement
• Services broadcast their existence• Interested clients discover them
• E.G., 802.11 APs announce network names (SSIDs)
4
Privacy Threats: Inventory
• “The devices I have”– Example: cell phone pirates
break into cars to steal phones that announce their presence [Cambridge Evening News 2005]
• “The applications I am running”– Example: Apple mDNS
“announces” to hackers that they are vulnerable to a buffer overflow[CERT 2007]
PhoneHere!
iTunes here!iChat here!
5
Method 2: Probing
• Clients broadcast queries for familiar services• Present services respond
• E.G., 802.11 clients probe for SSIDs they have associated with before
6
Privacy Threats: History• “Where I have been before”
– Example: Probing for 802.11 SSIDs can expose where you live [WiGLE Wardriving Database]
Is “Anna, Jeff, and Mark’s Net” here?
7
Privacy Threats: History• “Where I have been before”
– Example: Probing for 802.11 SSIDs can expose where you live [WiGLE Wardriving Database]
23% of devices at SIGCOMM 2004 probed for an SSID that WiGLE isolates to one city
8
Privacy Threats: History• “Where I have been before”
– Example: Even opaque SSIDs can be correlated with other databases, such as Google’s business directory
Is “Juvenile Detention Classroom” here?Is “010294859” here?
010294859
9
Solution Requirement
• Security during discovery– Confidentiality: unlinkable discovery attempts– Authenticity: prevent masquerading
– Departure from common practice– Clients and services want privacy from third parties
• Tryst– Access control for discovery messages
10
How to Provide Access Control
Service Discovery Message Verify Source Identity
Sender Application Receiver Application
Proof of Identity
Identity-Hiding Encryption
11
Protocol Design Details
• Existing theoretical protocol [Abadi ’04]– Based on public key cryptography
• Problem 1: Message size scales linearly with number of intended recipients– Typically OK: 90% of 802.11 clients probe for fewer
than 12 unique SSIDs [OSDI 2006]
• Problem 2: Messages can’t be addressed must try to decrypt every message– Decryption is 168x slower than 802.11 line-rate – Opens up receivers to denial-of-service attacks
12
Protocol Design Details• Observation 1:
Common case is to rediscover known services– Can negotiate a secret symmetric key the first time– Symmetric key cryptography is fast
• Observation 2: Linkability at short timescales is usually OK– Compute temporary unlinkable addresses known only to a
client and a service [similar to Cox ’07]– Messages not for me are discarded at 802.11 line-rate
• Thus:– Prioritize symmetric key protocol– Use spare cycles for public key protocol
13
How Do I Obtain the Initial Keys?
• Existing key establishment is not enough– Pairing: E.G., Bluetooth peripherals
• Can not always physically identify service • User must discover service before device discovers service!
• Discovery is also used to find new services– Goal: Automatically expand the trust horizon– E.G., new services in trusted domains– E.G., new services trusted transitively
14
New Services in Trusted Domains
Bob Alice
Trusted
?
x
xStrawman Solution
x
“Discover Alice’s iPhone”
15
?
New Services in Trusted Domains
Bob
“Discover Alice’s iPhone”
Alice
Trusted
Trusts: [email protected]
“alice.ds”
“alice.laptop”
“bob.zune”
“bob.psp”“bob.laptop”
Anonymous Identity Based Encryption
“alice.iphone”
16
Conclusion
• Local service discovery exposes sensitive info• Tryst enables confidential service discovery
• Progress:– Implementation of Tryst access control– Integration with a real 802.11 protocol stack
• Future Work:– Implement automated key establishment– Evaluate how people use Tryst in the wild
18
Service Discovery is Widely Used
• Example 1: 85% devices send 802.11 probes(SIGCOMM 2004)
• Example 2:ApplicationProtocols(OSDI 2006)
19
Privacy Threats: Location
• “The fact that my service is present”– Example: Common practice to
disable 802.11 beacons to (try to) hide access points[O’Reilly 802.11 Guide]
• “Where my service is located”– Example: Knowledge of 802.11
SSID at one site can tell you where other sites are [WiGLE Wardriving Database]
IR_Guest
Pittsburgh
Seattle
Berkeley
Cambridge
x
20
Privacy Threats: Identity
• “Fingerprints who I am”– Example: Both 802.11 and application level
probes accurately identify a person[Our MobiCom 2007 Paper]
“IR_Guest”, “djw”, “University of Washington”
“IR_Guest”, “djw”,“University of Washington”= =
………..
21
Privacy Threats: History• “Where I have been before”
– Example: Probing for 802.11 SSIDs can expose where you live [SSID Lookup in WiGLE]
Is the network“djw” here?
22
More Threats in the Future
• Emerging social devices also offer “services”– Microsoft Zune: music sharing service– PSP, Nintendo DS: multiplayer gaming service
• Service discovery exposes social contacts
23
Reasons for Privacy Threats
• Plug-and-Play Automatic
• Infrastructure Independent Broadcast
• Before Security Setup No Authentication, Encryption
We tackle this problem