Exploiting TLS Client Authentication for Widespread User Tracking

Open access


TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-the-middle versions as well as a more powerful on-path attack that can be carried out without full network control.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] cipherscan. https://github.com/mozilla/cipherscan. Accessed: 2017-12-28.

  • [2] CVE-2017-2383. https://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2017-2383. Accessed: 2017-10-17.

  • [3] CVE-2017-13863. https://support.apple.com/enus/HT208112. Accessed: 2018-02-24.

  • [4] CVE-2017-13864. https://nvd.nist.gov/vuln/detail/CVE-2017-13864. Accessed: 2018-02-24.

  • [5] URL http://dbsign.com/products/dbsign/uws.

  • [6] eID card - eID programs. https://www.gemalto.com/govt/identity. Accessed: 2017-11-28.

  • [7] e-estonia - e-identity. https://e-estonia.com/solutions/eidentity/id-card/. Accessed: 2017-11-28.

  • [8] App Store - As measured by the App Store on November 6 2017. https://developer.apple.com/support/app-store/. Accessed: 2017-11-28.

  • [9] Cisco - Umbrella Popularity List. http://s3-us-west-1.amazonaws.com/umbrella-static/index.html. Accessed: 2017-12-28.

  • [10] What Is A UDID And Why Is Apple Killing Apps That Track Them? https://www.cultofmac.com/160248/whatthe-hell-is-a-udid-and-why-is-apple-worried-about-themfeature/. Accessed: 2017-11-28.

  • [11] China Deputizes Smart Phones to Spy on Beijing Residents’ Real-Time Location. https://www.eff.org/deeplinks/2011/03/china-deputizes-smart-phones-spy-beijing-residents Oct 2011.

  • [12] D. Adrian K. Bhargavan Z. Durumeric P. Gaudry M. Green J. A. Halderman N. Heninger D. Springall E. Thomé L. Valenta et al. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pages 5–17. ACM 2015.

  • [13] B. Anderson and D. McGrew. OS Fingerprinting: New Techniques and a Study of Information Gain and Obfuscation. IEEE Conference on Communications and Network Security 2017.

  • [14] R. Clayton S. Murdoch and R. Watson. Ignoring the Great Firewall of China. In Privacy Enhancing Technologies pages 20–35. Springer 2006.

  • [15] M. Cunche. I Know Your MAC Address: Targeted Tracking of Individual Using Wi-Fi. Journal of Computer Virology and Hacking Techniques 2014.

  • [16] M. Dischinger A. Mislove A. Haeberlen and K. P. Gummadi. Detecting Bittorrent Blocking. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement pages 3–8. ACM 2008.

  • [17] E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3 draft.

  • [18] P. Eckersley F. von Lohmann and S. Schoen. Packet Forgery by ISPs: A Report on the Comcast Affair. Electronic Frontier Foundation 2007.

  • [19] M. Egele C. Kruegel E. Kirda and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS pages 177–183 2011.

  • [20] W. Enck P. Gilbert S. Han V. Tendulkar B.-G. Chun L. P. Cox J. Jung P. McDaniel and A. N. Sheth. Taint-Droid: an Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. ACM Transactions on Computer Systems (TOCS) 2014.

  • [21] C. Gibler J. Crussell J. Erickson and H. Chen. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. Trust 12:291–307 2012.

  • [22] L.-S. Huang S. Adhikarla D. Boneh and C. Jackson. An Experimental Study of TLS Forward Secrecy Deployments. IEEE Internet Computing 18(6):43–51 2014.

  • [23] V. Jacobson R. Braden and D. Borman. Tcp extensions for high performance. 1992.

  • [24] D. Johansson. Privacy Risks with Using Client Certificates for Authentication. http://www.infosecurityeurope.com/__novadocuments/89008?v=635703263638330000. Accessed: 2017-11-28.

  • [25] D. Kerr. Russian police spy on people’s mobile data to catch thieves. https://www.cnet.com/news/russian-police-spy-onpeoples-mobile-data-to-catch-thieves/ Jul 2013.

  • [26] T. Kohno A. Broido and k. c. claffy. Remote Physical Device Fingerprinting. IEEE Transactions on Dependable and Secure Computing 2(2):93–108 2005.

  • [27] M. Luckie R. Beverly T. Wu M. Allman et al. Resilience of Deployed TCP to Blind Attacks. In Proceedings of the 2015 ACM Conference on Internet Measurement Conference pages 13–26. ACM 2015.

  • [28] B. Marczak N. Weaver J. Dalek R. Ensafi D. Fifield S. McKune A. Rey J. Scott-Railton R. Deibert and V. Paxson. China’s great cannon. Citizen Lab 10 2015.

  • [29] J. Martin D. Rhame R. Beverly and J. McEachen. Correlating GSM and 802.11 Hardware Identifiers. In IEEE Military Communications Conference 2013.

  • [30] J. Martin E. Rye and R. Beverly. Decomposition of MAC Address Structure for Granular Device Inference. In Proceedings of the 32nd Annual Conference on Computer Security Applications pages 78–88. ACM 2016.

  • [31] J. Martin T. Mayberry C. Donahue L. Foppe L. Brown C. Riggins E. C. Rye and D. Brown. A Study of MAC Address Randomization in Mobile Devices and When it Fails. Proceedings on Privacy Enhancing Technologies pages 365–383 2017.

  • [32] B. Möller T. Duong and K. Kotowicz. This POODLE Bites: Exploiting the SSL 3.0 Fallback. PDF online pages 1–4 2014.

  • [33] E. Network and I. S. Agency. Privacy and Security Risks when Authenticating on the Internet with European eID Cards. https://www.enisa.europa.eu/publications/eid-onlinebanking/at_download/fullReport. Accessed: 2017-11-28.

  • [34] B. L. Owsley. Spies in the Skies: Dirtboxes and Airplane Electronic Surveillance. Mich. L. Rev. First Impressions 113: 75–75 2015.

  • [35] A. Parsovs. Practical Issues with TLS Client Certificate Authentication. In NDSS volume 14 pages 23–26 2014.

  • [36] Z. Qian and Z. M. Mao. Off-path TCP Sequence Number Inference Attack-How Firewall Middleboxes Reduce Security. In Security and Privacy (SP) 2012 IEEE Symposium on pages 347–361. IEEE 2012.

  • [37] A. Ramaiah R. Stewart and M. Dalal. Improving TCP’s Robustness to Blind In-Window Attacks. Technical report 2010.

  • [38] T. Dierks. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 Aug. 2008.

  • [39] S. Thurm and Y. I. Kane. Your apps are watching you. The Wall Street Journal 17:1 2010.

  • [40] M. Vanhoef C. Matte M. Cunche L. S. Cardoso and F. Piessens. Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi network discovery mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security pages 413–424. ACM 2016.

  • [41] L. Völker and M. Schöller. Secure TLS: Preventing DoS Attacks with Lower Layer Authentication. In Kommunikation in Verteilten Systemen (KiVS) pages 237–248. Springer 2007.

  • [42] M. Wachs Q. Scheitle and G. Carle. Push Away Your privacy: Precise User Tracking Based on TLS Client Certificate Authentication. In Network Traffic Measurement and Analysis Conference (TMA) 2017 pages 1–9. IEEE 2017.

  • [43] P. Watson. Slipping in the Window: TCP Reset Attacks. Presentation at 2004.

  • [44] N. Weaver R. Sommer and V. Paxson. Detecting Forged TCP Reset Packets. In NDSS 2009.

  • [45] X. Xu Z. M. Mao and J. A. Halderman. Internet Censorship in China: Where Does the Filtering Occur? In International Conference on Passive and Active Network Measurement pages 133–142. Springer 2011.

  • [46] M. Zalewski. Strange Attractors and TCP/IP Sequence Number Analysis 2001.

Journal information
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 399 347 26
PDF Downloads 256 210 5