staying secure and unprepared understanding and
play

Staying Secure and Unprepared: Understanding and Mitigating the - PowerPoint PPT Presentation

Oct 21, 2022 •520 likes •1.23k views

Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai , Luyi Xing) (co-first authors), Nan Zhang , XiaoFeng Wang , Xiaojing Liao , Tongxin Li , Shi-Min Hu TNList, Tsinghua University,

  1. Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf (Xiaolong Bai , Luyi Xing) (co-first authors), Nan Zhang , XiaoFeng Wang , Xiaojing Liao , Tongxin Li , Shi-Min Hu TNList, Tsinghua University, Indiana University Bloomington Georgia Institute of Technology, Peking University 1

  2. Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf 2

  3. Zero Configuration Networking (ZeroConf) 3

  4. ZeroConf • Bonjour 4

  5. ZeroConf • Bonjour protocol – zero-configuration networking over IP that Apple has submitted to the IETF. • Goals: – With little or no configuration – to add devices/services to a local network – Existing devices can automatically find and connect to those new devices/services 5

  6. Bonjour • Administrators – no need to assign IP, host names, service names to network services (e.g., printer) • When first use a service, users simply – ask to see what network services are automatically available – and choose from the list. 6

  7. How about traditional configured network? 7

  8. Traditionally Must Configure: ✔ – IP – Printer name, • e.g., lh135-soic.ads.iu.edu – DNS server 8

  9. Traditionally Must Configure: – IP – Printer name, • e.g., lh135-soic.ads.iu.edu – DNS server 9

  10. Features of Bonjour 1. Service configures itself – IP, hostname, service instance name 2. Clients automatically discover available services – No pre-knowledge of the service’s name, hostname or IP 10

  11. 1. ZeroConf Concept 2. So, how? 11

  12. Add a new printer to a network 12

  13. A printer configures itself Is anybody using IP fe80::abcd:1234....? 13

  14. A printer configures itself IP fe80::abcd:1234 No? Great, I’ll take it. 14

  15. A printer configures itself IP fe80::abcd:1234 Anybody using hostname NPI9fe5.host.local? 15

  16. A printer configures itself IP fe80::abcd:1234 Hostname HP9FE5.host.local No? Wonderful, I’ll take it. 16

  17. A printer configures itself IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 Anybody having a printing service named HP-Service- 9FE5? 17

  18. A printer finishes configuring itself IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 18

  19. Features of Bonjour 1. Service configures itself – IP, hostname, service instance name 2. Clients automatically discover available services – No pre-knowledge of the service’s name, hostname or IP 19

  20. Automatically find the printer Q1: Anyone has a printer service? A1: I have HP-Service-9FE5 20

  21. Automatically find the printer Q1: Anyone has a printer service? A1: I have service instance HP-Service-9FE5 Q2: So on which host is this HP-Service- 9FE5? A2: It’s on host NPI9fe5.host.local 21

  22. Added/ Saved the printer to your list IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 22

  23. Added/ Saved the printer to your list IP fe80::abcd:1234 Hostname Apple: HP9FE5.host.local Service Instance Name HP-Service-9FE5 Applications store service instance names, so if the IP, port, or host name changed, the application can still connect. 23

  24. Service instance name HP-Service-9FE5 is saved IP fe80::abcd:1234 Hostname HP9FE5.host.local Service Instance Name HP-Service-9FE5 Saved printer = A printer who owns service name HP-Service-9FE5 24

  25. Adversary • On a device (malware infected) in your local network • Aims to intercept secrets/files transferred between uninfected devices 25

  26. Adversary • Your Mac/printer are un-infected • Steal your printing documents? 26

  27. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Printer 27

  28. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 1: Printer 28

  29. A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 29

  30. A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 I have a printing service instance named Service Instance Name HP-Service-9FE5 HP-Service-9FE5 30

  31. A device infected by malware IP Hostname Service Instance Name HP-Service-9FE5 I have a printing service instance named Service Instance Name HP-Service-9FE5 HP-Service-9FE5 xf 31

  32. Saved printer = A printer who owns service name HP-Service-9FE5 xf New Service Name HP-Service-9FE5 (2) Service Instance Name x HP-Service-9FE5 32

  33. Why it happens? Three Changing Attributs: – IP – Hostname – Service Instance Name Apple: Applications store service instance names, so if the IP, port, or host name changed, the application can still connect. 33

  34. Lack of authentication Three Changing Attributs: – IP – Hostname – Service Instance Name Anyone can claim any value of the three attributes • The protocol only guarantees no duplicates. • 34

  35. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 2: Airdrop 35

  36. Airdrop between Apple devices 36

  37. 37

  38. Attack Airdrop Jeff’s Macbook: Q1: Anyone has an airdrop service? Alice’s iPhone: I have a service named abcd.airdrop.service 38

  39. Attack Airdrop Jeff’s Macbook: Q2: So on which host is Alice’s service? Alice’s iPhone: I have a service named abcd.airdrop.service 39

  40. Attack Airdrop Jeff’s Macbook: Q2: So on which host is Alice’s service? Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 40

  41. Alice’s iPhone has service named abcd.airdrop.tcp, which is on host Bobs.imac.local Jeff’s Macbook: Q2: So on which host is Alice’s service? Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 41

  42. Attack Airdrop Jeff’s Macbook: Connect https://Bobs.imac.local Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 42

  43. Does TLS help? Jeff’s Macbook: Connect https://Bobs.imac.local Bob’s iMac: A2: It’s on host Bobs.imac.local Alice’s iPhone: A2: It’s on host Alices.iphone.local 43

  44. TLS in Airdrop https://Bobs.imac.local Server certificate issued to appleid. CDEF … Bob’s iMac Jeff’s Macbook https://Alices.iphone.local Server certificate issued to appleid.ABCD… Alice’s iPhone 44

  45. So the certificate in airdrop can hardly be used for authentication. https://Bobs.imac.local Server certificate issued to appleid.CDEF… Bob’s iMac Jeff’s Macbook https://Alices.iphone.local Server certificate issued to appleid.ABCD… Alice’s iPhone 45

  46. Domain should match the certificate https://Bobs.imac.local Server certificate issued to appleid.CDEF… Bob’s iMac Jeff’s Macbook https://google.com xf Certificate issued to google.com xf 46

  47. Domain should match the certificate https://Bobs.imac.local xf xf Server certificate issued to appleid.CDEF… Bob’s iMac Jeff’s Macbook https://Alices.iphone.local xf Server certificate issued to appleid.ABCD … xf Alice’s iPhone 47

  48. What’s wrong with TLS in Airdrop • The certificate in airdrop cannot be used for authentication – E.g, certificate should be issued to Alice – but indeed issued to appleid.ABCD… • Linking a human to her certificate is complicated – challenge in finding any identifiable information that are • well-known • no privacy implication • and unique 48

  49. 49

  50. Some customized ZeroConf protocols • FileDrop – TCP packets for discovery – elliptical curve cryptography for security – Failed in authentication • challenge in linking a human to her public key 50

  51. 1. ZeroConf Concept 2. ZeroConf How 3. ZeroConf Breaking Case 3: Apple’s Vulnerable framework 51

  52. Apple’s Vulnerable framework • Multipeer Connectivity (MC) – A framework for automatic service discovery between nearby devices across Wi-Fi and Bluetooth without configuration • Object to identify each app: peerID – displayName (public) & uniqueID (private) 52

  53. Normally • Automatic Service Discovery Without Configuration – Servers advertise peerIDs Server peerID displayName: Alice uniqueID: 8573a peerID displayName: Bob Server uniqueID: 6c5b3 Client 53

  54. Normally • Automatic Service Discovery Without Configuration – Servers advertise peerIDs, Client browse peerIDs (show displayName) Server peerID displayName: Alice uniqueID: 8573a Alice Bob peerID displayName: Bob Server uniqueID: 6c5b3 Client 54

  55. Normally • Even if servers have the same displayName Server peerID displayName: Alice uniqueID: abcde peerID displayName: Alice Server uniqueID: 54321 Client 55

  56. Normally • Even if servers have the same displayName – uniqueIDs generated by MC will always be different Server peerID displayName: Alice uniqueID: abcde peerID displayName: Alice Server uniqueID: 54321 Client 56

  57. Normally • Even if servers have the same displayName – uniqueIDs generated by MC will always be different Server peerID displayName: Alice uniqueID: abcde Alice Alice peerID displayName: Alice Server uniqueID: 54321 Client 57

Recommend

Unprepared! Unprepared! NIOSH has also found a large # of agencies are unprepared for most

Unprepared! Unprepared! NIOSH has also found a large # of agencies are unprepared for most

Occupational Health Monitoring for Emergency Responders Bruce Bernard, MD, MPH Captain, United States Public Health Service (ret); Consultant, CDC/NIOSH I have nothing to disclose The findings and conclusions in this report are those of the

731 views • 30 slides
Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@

Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@

Security DevOps staying secure in agile projects Christian Schneider @cschneider4711 mail@ www. `whoami` Christian-Schneider.net Software Developer, Whitehat Hacker & Trainer Freelancer since 1997 Focus on JavaEE &

773 views • 59 slides
While Using Open Source Guy Bar Gil, Product Manager 1 2 3 SmallComp s M&A Staying

While Using Open Source Guy Bar Gil, Product Manager 1 2 3 SmallComp s M&A Staying

How to Sleep Soundly at Night While Using Open Source Guy Bar Gil, Product Manager 1 2 3 SmallComp s M&A Staying Secure The Equifax Breach 2 Introduction Slide Two dogs + one cat In my free time I enjoy: Sports

739 views • 41 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
STAYING ON TRACK WITH FEDERAL FINANCIAL AID: UNDERSTANDING SATISFACTORY ACADEMIC PROGRESS Dr.

STAYING ON TRACK WITH FEDERAL FINANCIAL AID: UNDERSTANDING SATISFACTORY ACADEMIC PROGRESS Dr.

STAYING ON TRACK WITH FEDERAL FINANCIAL AID: UNDERSTANDING SATISFACTORY ACADEMIC PROGRESS Dr. Andrea Borregard Director of Financial Aid Owensboro Community & Technical College SATISFACTORY ACADEMIC PROGRESS (SAP) 668.34 (a) Satisfactory

395 views • 24 slides
Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The

Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The

Engaging Customers Staying in touch and staying relevant during the Covid-19 pandemic The actions of brands during a crisis can make or break long-term relationships with consumers 2020 Edelman Trust Barometer Special Report: Trust

561 views • 30 slides
Understanding how PKI can secure your organization Todd Meedel Todd_F_Meedel@BCBSIL.com Sr.

Understanding how PKI can secure your organization Todd Meedel Todd_F_Meedel@BCBSIL.com Sr.

Understanding how PKI can secure your organization Todd Meedel Todd_F_Meedel@BCBSIL.com Sr. Cybersecurity Engineer IAM / PKI SME Health Care Services Corporation Objectives Who am I ? Defining what is PKI Explaining how PKI works

1.6k views • 41 slides
Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and

Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and

Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and Machine Learning Resistance 18th Smart Card Research and Advanced Application Conference: CARDIS 2019 Nils Wisiol, Georg T. Becker, Marian Margraf,

952 views • 21 slides
STAYING UPDATED CECILIA GARCIA INTRODUCTIONS NAME ART RESOURCES GOAL STAYING UPDATED

STAYING UPDATED CECILIA GARCIA INTRODUCTIONS NAME ART RESOURCES GOAL STAYING UPDATED

STAYING UPDATED CECILIA GARCIA INTRODUCTIONS NAME ART RESOURCES GOAL STAYING UPDATED E-NEWSLETTERS SOCIAL MEDIA WEBSITES NETWORK LOCAL ARTS SERVICE ORGANIZATIONS (LASO'S) SCARBOROUGH ARTS EAST END ARTS NORTH YORK ARTS URBAN ARTS

435 views • 20 slides
Presents Presents I s Your $$$ Secure? How Understanding Financial Statements Can Put You in

Presents Presents I s Your $$$ Secure? How Understanding Financial Statements Can Put You in

The I nstitute of Chartered Accountants of Barbados In association with In association with Dowells Advisory Services I nc. Presents Presents I s Your $$$ Secure? How Understanding Financial Statements Can Put You in the Know! QUOTE -

424 views • 25 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Unprepared Leaders and Kids Go Caving Visitors Are There at All Imaginable Hours. Accidents Are

Unprepared Leaders and Kids Go Caving Visitors Are There at All Imaginable Hours. Accidents Are

Unprepared Leaders and Kids Go Caving Visitors Are There at All Imaginable Hours. Accidents Are Waiting to Happen. Something Must Be Done To Get Cavers Involved In a Brainstorming Meeting an Idea Was Developed A Safe Caving Project Utah

474 views • 23 slides
Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner

Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner

Understanding the Reasons for the Side-Channel Leakage is Indispensable for Secure Design Werner Schindler Federal Office for Information Security (BSI), Bonn, Germany Leuven, September 13, 2012 Outline Introduction and motivation

799 views • 60 slides
Expectations Rachel Pea Emma Rochard Hannah Baker Focused on secure understanding of key

Expectations Rachel Pea Emma Rochard Hannah Baker Focused on secure understanding of key

End of Year 2 Expectations Rachel Pea Emma Rochard Hannah Baker Focused on secure understanding of key concepts National Practical, problem solving, talk and Curriculum - pair work What it looks Application in real/different like in

411 views • 30 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Staying on Your Feet Taking Steps to Prevent Falls Speakers Notes Slide 1 Staying on Your

Staying on Your Feet Taking Steps to Prevent Falls Speakers Notes Slide 1 Staying on Your

Staying on Your Feet Taking Steps to Prevent Falls Speakers Notes Slide 1 Staying on Your Feet-Taking Steps to Prevent Falls is a public presentation that aims to promote healthy, active aging for older adults living in the community in

444 views • 9 slides
Staying Home & Staying Healthy Managing Stress and Anxiety During COVID- 19 David Kim,

Staying Home & Staying Healthy Managing Stress and Anxiety During COVID- 19 David Kim,

Staying Home & Staying Healthy Managing Stress and Anxiety During COVID- 19 David Kim, Doctoral Psychology Intern Veronica Felstad, Doctoral Psychology Intern Paolo Larano, Psy.D., CAPS Staff Psychologist Crystal Gonsalves, Psy.D., CAPS

724 views • 21 slides
Healthwatch Bucks Update Recent reports Staying Safe, Staying Home:telecare services in

Healthwatch Bucks Update Recent reports Staying Safe, Staying Home:telecare services in

Healthwatch Bucks Update Recent reports Staying Safe, Staying Home:telecare services in Buckinghamshire a survey to find out what people thought of the telecare equipment and services available in Bucks Stoke Mandeville hospital

305 views • 3 slides
My students arrive to each class meeting, so unprepared! Soobin Seo Assistant Professor School

My students arrive to each class meeting, so unprepared! Soobin Seo Assistant Professor School

2020 Teaching Innovation Forum My students arrive to each class meeting, so unprepared! Soobin Seo Assistant Professor School of Hospitality Business Management Carson College of Business Washington State University Everett Classroom

353 views • 13 slides
Secure Relocation: Understanding Data Security Dave Siegel Siegel

Secure Relocation: Understanding Data Security Dave Siegel Siegel

Secure Relocation: Understanding Data Security Dave Siegel Siegel Data Management (SDM) resources bring nearly 100 man-years of global business experience

519 views • 15 slides
Why Are More Companies Staying Private? Meeting of SEC Advisory Committee on Small and Emerging

Why Are More Companies Staying Private? Meeting of SEC Advisory Committee on Small and Emerging

Why Are More Companies Staying Private? Meeting of SEC Advisory Committee on Small and Emerging Companies Jamie Hutchinson February 15, 2017 Why Are More Companies Staying Private? BECAUSE THEY CAN 1 Reasons Why More Companies Are Staying

217 views • 17 slides
Kathleen F. Gabriel, Teaching Unprepared Students: Strategies for Promoting Success and Retention

Kathleen F. Gabriel, Teaching Unprepared Students: Strategies for Promoting Success and Retention

Kathleen F. Gabriel, Teaching Unprepared Students: Strategies for Promoting Success and Retention in Higher Education , (Sterling, VA: Stylus Publishing, 2008). Chapter 3: The First Week of Class: Sharing a Mission for Success The first week is

366 views • 3 slides
Colorado Water Colorado Water Plan 101 Plan 101 Better Understanding the Better Understanding

Colorado Water Colorado Water Plan 101 Plan 101 Better Understanding the Better Understanding

Colorado Water Colorado Water Plan 101 Plan 101 Better Understanding the Better Understanding the Roadmap to a Secure Water Future Roadmap to a Secure Water Future Photo Credit: Russ Schnitzer The Colorado Water Plan is roadmap that leads

583 views • 31 slides
Employee Benefits STAYING IN WITH TASTECARD+ We know health and safety are on everyones

Employee Benefits STAYING IN WITH TASTECARD+ We know health and safety are on everyones

Employee Benefits STAYING IN WITH TASTECARD+ We know health and safety are on everyones minds right now. With tastecard+ you can offer your employees access to deals and discounts at home. Includes access to our 'Staying In Hub' with

474 views • 10 slides

More recommend