Devices That Tell On You: Privacy Trends in Consumer Ubiquitous

Computing

2008. 5. 19이재준

1

컴퓨터면역 및 정보보안담당교수님 : 박용수 교수님

Paper Information

2

Title : Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing

Authors : T. Scott Saponas , Jonathan Lester, Carl Hartung, Sameer Agarwal , Tadayoshi Kohno

Publish : 16th USENIX Security Symposium

Contents of Table

Wireless multimedia environmentsCommercial product ( Sling box pro )

Information leakage

Devices that we have on our persons all the timeCommercial product ( Nike+iPod Sports kit )

Lack of location privacyPrivacy-perserving mechanisms

Devices promoting social activityCommercial product ( Microsoft Zune )

Circumventing Zune’s blocking mechanism

Conclusion

3

Wireless multimedia environments

4

• The Slingbox Pro

The Slingbox Pro is a networked video streaming device built by Sling Media, Inc.

It allows users to remotely view (sling) the contents of their TV over the Internet.devices that permeate our environment and that stream or exchange informationVehicle to study the issues and challenges affecting next-generation wireless multime-dia environments

Wireless multimedia environments

5

• Information leakage

Re-encodes the video stream using a variable bitrate encoder.

Provides encryption for its data stream regardless of any transport encryption like WPA.

Private information could be potentially sensitive if the content is illegal, embarrassing, or is otherwise associated with some social stigma.

Eavesdropper

Re-encodes

EncryptionFor data stream Private

information

Wireless multimedia environments

6

• Eavesdropping algorithms

Using Wireshark protocol analyzer to capture all of the Slingbox encrypted packets to file.

We use these 100-millisecond throughput traces as the basis for our eavesdrop- ping analysis.

EncryptionFor data stream

Wireshark protocol analyzer

100-millisecond throughput traces

Wireless multimedia environments

7

• Eavesdropping algorithms

1) Building a Database of Reference Traces. we construct a database of reference traces. Each movie was represented by exactly one reference trace.

2) Matching a Query Trace to the Database. uses this database of reference traces to match against a previously unseen trace.

Building Database

Matching

Wireless multimedia environments

8

• Eavesdropping algorithms1) Building a database of movie signatures

1) The raw throughput traces corresponding to a movie are aligned and averaged to produce a single composite trace.

2) A windowed Fourier transform is performed on the single composite.

3) Database of movie signatures is constructed in this manner.

Wireless multimedia environments

9

• Eavesdropping algorithms2) Matching a Query Trace to the Database.

1) A query trace is transformed similarly into a signature.

2) The minimum sliding window distance between the movie signatures and the query signature is calculated.

3) The movie with the minimum distance is declared a match.

Wireless multimedia environments

10

• Information leakage

The implications of results that an adversary in close proximity to a users’ home might be able to infer information about what videos a user is watching.

!

Slingbox results provide further evidence that encryption alone cannot fully conceal the contents of encrypted data.

Devices that we have on our persons all the time

11

• Nike+iPod Sports kit

It is a wireless exercise accessory for the iPod Nano

The kit consists of two components a wireless sensor and a receiver.

The basis for assessing the issues and challenges with devices that we have on our persons all the time

Provide interactive audio feedback to the user about her workout.

Devices that we have on our persons all the time

12

• Lack of location privacy

receiver

Range

1) When one begins to walk or run with the sensor in their shoe, the sensor

begins transmitting.

2) While the sensor is awake and nearby we observed that it transmits

one packet every second (containing the UID)

3) Seven sensors indicated the receiver still hears every sensor UID at least

once in a ten second window.

transmitting

Devices that we have on our persons all the time

13

• Lack of location privacy

The Nike+iPod’s use of a globally unique persistent identifier.

Nike+iPod sensors we observed approximately a 10 meter range indoors and a 10–20 meter range outdoors.

An adversary to exploit the Nike+iPod Sport Kit’s lack of location privacy protection

An attacker might also establish patterns of presence.

receiver

Range

transmitting !location information

Devices that we have on our persons all the time

14

• Privacy preserving mechanism

1) Exploiting (Largely) Static Associations.

the cryptographic key could be written on the backs of the sensors, and a user could manually enter that key into their iPods before using that new sensor

special button on it that, when pressed, causes the sensor to actually broadcasts a cryptographic key for some short duration of time

+ cryptographic key

+ special button

Devices that we have on our persons all the time

15

• Privacy preserving mechanism

2) Un-Sniffable Unique Identifiers. K (shared key) K (shared key)

Assume now that both the sensor and the receiver are preprogrammed with the same shared 128-bit cryptographic key K.Generating X by using AES in CTR mode with a second, non-shared 128-bit AES key K′ during the one-second idle time between broadcasts.

X (pseudorandom value)

sensor receiverK′ (non-shared key)

Devices that we have on our persons all the time

16

• Privacy preserving mechanism

2) Un-Sniffable Unique Identifiers. K (shared key) K (shared key)

X (pseudorandom value)

sensor receiverK′ (non-shared key)

Also during this one-second idle time between broadcast, the sensor could pre-generate a keystream S using AES in CTR mode, this time with the initial counter X and the shared key K.

S (keystream)

Devices that we have on our persons all the time

17

• Privacy preserving mechanism

2) Un-Sniffable Unique Identifiers. K (shared key) K (shared key)

X (pseudorandom value)

sensor receiverK′ (non-shared key)

S (keystream)

when the sensor wishes to send a message M to the corresponding receiver, send the pair (X,M ⊕ S), where “⊕” denotes the exclusive-or operation. Upon receiving a message (X,Y)

M (Message)

(X,M ⊕ S)=(X,Y)

Devices that we have on our persons all the time

18

• Privacy preserving mechanism

2) Un-Sniffable Unique Identifiers. K (shared key) K (shared key)

X (pseudorandom value)

sensor receiverK′ (non-shared key)

S (key stream)

M (Message)

(X,M ⊕ S)=(X,Y)

S (key stream)(X,Y)

receiver would re-generate S from X and the shared key K

recover M as Y ⊕ S, and then accept M as coming from the paired sensor if M contains the desired UID

M (Recovered message)

Devices promoting social activity

19

• Microsoft Zune

It is a portable digital media player with one wireless capabilities.

The intended goal is to let users share pictures and songs with other nearby Zunes.

A foothold into understanding the issues and challenges with devices promoting social activity

Devices promoting social activity

20

• Circumventing Zune’s blocking mechanism

Consider a scenario consisting of two users, Alice and Bob, and assume that Alice and Bob respectively name their Zunes AliceZune and BobZune;

AliceZune BobZune

If Bob wishes to share a song or picture with his neighbors, he must first select the song or picture and then select the “send” option.

share a song or picture

send

Devices promoting social activity

21

• Circumventing Zune’s blocking mechanism

AliceZune BobZune

share a song or picture

send

Alice has two choices: to accept the content or to not accept the content.

If Alice accepts the song and later decides that she would like to prevent Bob from ever sending her a song in the future, she can navigate to her Zune’s menu, select BobZune, and then select the “block” option.

1. Accept2. Not accept3. Block (after Accept)

Devices promoting social activity

22

• Circumventing Zune’s blocking mechanism

AliceZune BobZune

send

1) Disappearing attack Zune

inappropriate image

The crux of the problem is that Alice will not be able to block Bob’s Zune if BobZune is no longer nearby or discoverable

Alice may remember the name of Bob’s Zune, and thereby simply deny messages from BobZune in the future

Devices promoting social activity

23

• Circumventing Zune’s blocking mechanism

AliceZune BobZune → CharlieZune

send

1) Disappearing attack Zune

inappropriate image

Bob can change the name of his Zune before trying to beam Alice additional content.Bob could scan his nearby community, find a nearby Zune named CharlieZune and then name his Zune CharlieZune.

CharlieZunesc

an

Devices promoting social activity

24

• Circumventing Zune’s blocking mechanism

AliceZune

send

1) Disappearing attack Zune

inappropriate image CharlieZunesc

an

BobZune → CharlieZune

If Bob sends inappropriate content to Alice and then turns off his wireless, he might trick Alice into blocking the real CharlieZune.

blocking

Devices promoting social activity

25

• Circumventing Zune’s blocking mechanism

2) Fake MAC addresses

Bob could therefore use a Linux laptop to fool Alice into thinking that she has blocked BobZune when in fact she has not.

The Zune neighbor discovery process and blocking mechanism is based on Zune’s MAC addresses.

Conclusion

26

We technically explore privacy and security properties of several commercial UbiComp products.

Need to provide strong levels of privacy protection.

Thank you

27

Question and Answer