PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop
2021
Apple's offline file-sharing service AirDrop
is integrated into more than 1.5 billion end-user devices worldwide. We
discovered two design flaws in the underlying protocol that allow attackers to
learn the phone numbers and email addresses of both sender and receiver
devices. As a remediation, we study the applicability of private set
intersection (PSI) to mutual authentication, which is similar to contact
discovery in mobile messengers. We propose a novel optimized PSI-based protocol
called PrivateDrop that addresses the specific challenges of offline
resource-constrained operation and integrates seamlessly into the current
AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and
macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop's
exemplary user experience with an authentication delay well below one second.
We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop
implementation.
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
1
Citations
NaN
KQI