IETF Logo Mail Archive

Re: [dnssd] Privacy risks with smart home local device communication

Esko Dijk <esko.dijk@iotconsultancy.nl> Wed, 22 November 2023 16:32 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4351EC151548 for <dnssd@ietfa.amsl.com>; Wed, 22 Nov 2023 08:32:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F9zZoqIjnmMY for <dnssd@ietfa.amsl.com>; Wed, 22 Nov 2023 08:32:30 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2104.outbound.protection.outlook.com [40.107.15.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22953C151063 for <dnssd@ietf.org>; Wed, 22 Nov 2023 08:32:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ihMGfTxZMTPy0/yJCfql+ZlCB9pKimiEMqW07Ihkbq8qqbIUKZXWk1AlT/h7jtXb57U2IxPnO6hOSpctvjKie9cDl1igEGlRtKAzrEFYMgUqKcMp7ZfE214VNqjtBqAFkBBrSzRqmWrWEN3QuZSjEKkQLBb3iJwhtXi/QiBOY+JcIDN8Bc/o5edsAC0FbCZ+/yvdlNw63w+a8yayC6+W/2l7mQMC0gnpTPb6sYUC8ORt4uGX1QlnjlcQJb/gIPmrtK9BQWMLn/Nwf43XKe1zWB29L7cKC16tJFYE23oT688Gi0Ac271chYu7SVThqGy9inN5VjI8bxD2ktKYvHspfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DpOQ2dIatRVZyZx2SSYpkDmQC3kIGhem70xPw8T3S94=; b=nmFNwqokJG+f2m4j8H9XNkErdfwK25hJX2hI2Qtap7WKFEneJjmey+pv+Sb7zWMgnEXL5Q63eGT9NlYkV2lnj6z/qB1EvpTkhi4rJBWfDwsJseZ29kWkvdEU88aI6itwy2lqwzjLHZQpAI/hg0RoX89pjfDUERYfKLYm44TzVZRuG1xcJwvSaKeR8T82CLH8JAwk9Gk4G+c4v+lb/8H5aFXyTXqd/+WpIrNOqiBz5ZvFqVicn6JuKnJH2W2oQnmC7h++KGMXB3S1gMiYD8w24uF7lmw0KtjDBRHhjZBELiqUVXJ6idmXtuRW5A/758zM7DbbDpIS/I5asAURVLYsvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DpOQ2dIatRVZyZx2SSYpkDmQC3kIGhem70xPw8T3S94=; b=VfqHA0NlZVl9CRJzBcBry4e5ZBQ0eodl9ikNMqHZyliwBdBRhu1Oe7sEWfU4le+kVXrZ+lgxWQmkZJhn+JOMhfhAsZP4Gt86o4FJfwAV2O3Ed3602AhVpLyKVq2Eji7uAEa25LI1+Bck5JAhV5UHbVXvI9ZpOrhHkMJLaIAqBh8=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by AM9P190MB1634.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:3b7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.18; Wed, 22 Nov 2023 16:32:26 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::f3e2:8d88:9528:f2bb]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::f3e2:8d88:9528:f2bb%7]) with mapi id 15.20.7002.028; Wed, 22 Nov 2023 16:32:26 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Aniketh Girish <aniketh.girish@imdea.org>, "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: [dnssd] Privacy risks with smart home local device communication
Thread-Index: AQHaG+Z9KjcOmmaiQka36QS4XD2aCrCGiNkw
Date: Wed, 22 Nov 2023 16:32:26 +0000
Message-ID: <DU0P190MB1978A2A10A441E102C33ABD3FDBAA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <A0F8675F-5287-49FF-998D-1342FA426AE2@imdea.org>
In-Reply-To: <A0F8675F-5287-49FF-998D-1342FA426AE2@imdea.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|AM9P190MB1634:EE_
x-ms-office365-filtering-correlation-id: 1dfc78d8-3ff0-4f33-d380-08dbeb789cd2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DniWNHeeBRBr5YFP0rlSMd+Alqq1/YFHWWfER0Tdl0LdINc5UjQW9H6uFrsRg3FcfEao4O1Npr8sHY6aynGdM9Q8QVlTk89TsPkIbuMQ1Qdz9WaEAAoErjQ8hxZIMiz1kDRWJYdHs1reVCu3++XnuIRvXam90MVj0qciREqESW7ZScxvw1iY5VvA2ESH5GU1NRfQOvOj+EHaPeve+7WQN4AhGmZWQ1IRBmZ3ErowYimNji+/PXHiv45i4cdsKIGH13d4+CNLpzqwlB5q+gTtI+UlempMRbQdy+upBbYUQHfdggwGvhwt7AN8YtpCNw/hAifHxfccnojkv5pM1ShgWrONlQ5leKpPo68i/DGooE7JOB7aVFS1sfCsWyTCKtzfzk0Lg97zhLwgjBAue0YyxbXgtoqP3sw9d5TDMcNBvamrzfHs/RmHc61/+hYn0ElrDx720xIYDPlw/6WFvRfUu/ztb4+hsbaFyFF37J1j0SZ9JBKxCl0jOMTxzcDCBXIP9s8aPWNPhpbhumnGygIPAnaDi9pjQ2rBfBdB5utcazqf2PLi5EgajzI6peVuNq2y7z4tHNXItSmjuciF2lkqjfmPRSPqiKB7fU+wD0ODYtk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(396003)(136003)(376002)(346002)(366004)(39830400003)(230922051799003)(186009)(1800799012)(64100799003)(451199024)(316002)(66476007)(66446008)(64756008)(66556008)(2906002)(5660300002)(66946007)(110136005)(76116006)(71200400001)(8936002)(8676002)(7696005)(6506007)(9686003)(55016003)(53546011)(83380400001)(52536014)(166002)(38100700002)(122000001)(41300700001)(478600001)(44832011)(966005)(33656002)(86362001)(66899024)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: CZaDBFOfF5TiS4q2OYvPLZnyeg/NxvmGhK2FO2rF7jleVMTFLlJQ2sbUwTU0bsr0x0Lhyg5B+sLjfoOM9q0TMKBf91DyE9UlRENYdpgedzaKGNa4DAjVe5Xp4u09CT8Gg1qR5JzyjbSDzYAyndM6CNqsuzTyuizBpAwCznTL/IPblKJxmkPnZxWQwo52q8NbFMO5kRi7RRjVVPqEGvcIYUELIJBrLbvcOnRSBqr16/n2aWxFvn7JK08gkv4fXz1yK1ZIA7dJbb9VGDUuAGHMdRq/mbeevgQPfB3qB0CFyHpJZU1zibNGOO2fyge+oJE0+58ui8p5k2nmYl2f7zI2TkpqfhsUHAmEu8WQcHiSOEgAiAQVEjHawM7Fj4+gRSli+ifopnuJlafE3QnBEgeibn9fwe5oIaw3bMjiZnXfbrH3vdTg1H8skaQ9CyTXeL56FUh+Qu0ReqzL8YPNRcpX9CofAMteOKYm411GMeoDKM1xd3NBVlX22Kz+858dZ3ZTAV9KYGUmOPC3OYRk+R03idc8CqtRCOPXpa3jbhrtALDVUvdMwtjHfOmc3ANq1c0eTfimdNmur9CoS4nT4NmQsVxotwGUMvmAMhWjvn/RvKA2n6jTFoch59VquznmH2uqOZK+5K9BlNnRc1W6bHNx0H9pwEAOBCXjyEhZX+coOUhf4uokm4y4uBFcAEMxeMZ7Hr5hRoQdlPHQUmosGSmloCwiTeQKaavgKNKVZKyFBqWTnm+1S6N33FhQ66uLUcyCIB6ADIajNZ1+ZboA0XgSbBtbM976HpvAWHYTuMKZdFNPuKaKbkE/mgHsyRMAr+4tPGSouTWYrgaG4RfPRYZf+8XOBIKxB4dbY7v83zIUoXhR52uNZAib4wRTKtscWkcV4BcAuRx8hIcfN6ZPWJg7h+vzH1TvJXeZ28UDxY970IGm9nnIQ503koczMC6KIWi3fV5BtryYrbsMjfAdSSKwTVBtMm4WGeTb+crIWlDtUGCdQm9K3IG5n9EeZt5rGJSCTtvQJewW/pYvgDQjnCcjtlbPR4+UNe56sgWpxdWE9XaosS6pVE6gJbRxkc1IXKEytW8o885B82Zv3o2k6TPbSH4O3/CjyvaAJmbj31ZVw5PKYyjymdVO4/el7NzMZLEfzWDkRwc+g32F5MtcKmLpF82Lt6Wok66HYwiQGF4CIB0DUXloCFXP+qfKRQMmTenbxeqzaAsgBLzmkG323NnvrG8ic5byCEwee1bHuD/6bhwDiaejmy9vruNDCWQg2KoJNXEPATyQ+zUt6UCgx78R9xvq66pfsBGsBU1QQ8spDS6VAdCESdpZ17MyolKMnUssULIpCilD6vwj88anQ7V6tkeDZdJ61AXAnHv8jV0Tg0EaBEW3QCoFtV+bFuXjy2ei7sfsLcZyfI3pJ2Xc+2USVP8QdeVZEqU64QcWcMzq3dVt32U5elekE6qoqxJJMZL+z++oSxpp/On4puJ3J2JGtUkgplzRTyubDe9tIx1HV9dNC8CET7hsr2bzsInAL/L9CGDJledsaV0idKgo7YLEr9dZsWF+JlKO75vujsjsp+iAgRxpMbKa5QYBYej8TH9mfZ5hJPue787FwD9NV4RCe5rMws+o6CvPnIE3rkt6QJEiR1P3afEsJFcQU6aYQpoV8ea/aafuNMB/14iVLc4HSw==
Content-Type: multipart/alternative; boundary="_000_DU0P190MB1978A2A10A441E102C33ABD3FDBAADU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 1dfc78d8-3ff0-4f33-d380-08dbeb789cd2
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2023 16:32:26.2444 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vXBbFZCGqi+nzsMVlrL2etPbNRzPc7ge7A1CHnMF48I+uHS4ruuUNnu2arNwJ5t/+4JrAfUl96du+GLp2zZKfmClihqFN6vfsy7ii70pE3U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P190MB1634
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/bWCOoIzQnYfSNZWN_zowjneUhNk>
Subject: Re: [dnssd] Privacy risks with smart home local device communication
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2023 16:32:35 -0000

Thanks,

I believe there are definitely aspects mentioned in the paper that we need to consider in dnssd. mDNS (as mentioned in the paper) is one protocol, but newer ones are coming up (such as SRP).
Going towards authenticated + authorized access to discovery information still has some way to go, but SRP could enable this in the future.

But it's still a might puzzle to get there, given the requirements to stay compatible with existing/legacy approaches (e.g. unsecured mDNS advertisements of the contents of the SRP Registrar) and the prevalence of unique IDs for many things in IoT (keys, service names, host names etc).
Not entirely sure what a good next step would be.

Esko

From: dnssd <dnssd-bounces@ietf.org> On Behalf Of Aniketh Girish
Sent: Wednesday, November 15, 2023 11:23
To: dnssd@ietf.org; maprg@irtf.org; pearg@irtf.org; t2trg@irtf.org; homenet@ietf.org; upnp@openconnectivity.org
Cc: Tianrui Hu <hu.tian@northeastern.edu>; Narseo Vallina Rodriguez <narseo.vallina@imdea.org>; David Choffnes <choffnes@ccs.neu.edu>; Juan Tapiador <jestevez@inf.uc3m.es>
Subject: [dnssd] Privacy risks with smart home local device communication

Hi,

[Apologies for cross-posting]

I am writing to share our recent research paper[1] published at ACM IMC 2023, which addresses critical security and privacy concerns in smart home local networks. Our study focuses on characterizing local device communication and reveals substantial privacy risks associated with the misuse of discovery protocols. Additionally, we discover the inadvertent exposure of personally identifiable information (PII) by smart devices in discovery broadcasts/multicasts and detail the methods used by entities like advertisers and trackers to covertly exfiltrate this data.

Key findings of our paper include:


  1.  Unintentional PII Broadcasts and Protocol Vulnerabilities: Our study shows that half of the devices in our dataset directly communicate with each other without any user interactions, often conspicuously broadcasting sensitive information like device names, private IDs, and household geolocations. This is amplified by vulnerabilities in network protocols such as DHCP, mDNS, and UPnP, leading to risks like outdated DHCP clients being vulnerable to exploitation and cross-device tracking due to unique identifiers in discovery protocol fields such as hostnames.
  2.  Broadcasts exploited by Mobile Apps and Third-Party Libraries: We find that mobile apps and third-party libraries exploit these network broadcasts to secretly extract PIIs and device identifiers and relay this local network data to remote endpoints. This occurs without user consent, using discovery protocols to access data protected by Android and iOS permissions, enabling network observers to infer precise user geolocation and other sensitive information.

We have diligently disclosed all risks found in the paper to the affected vendors and they are actively working on several remedial measures. We would also like to engage with IETF Working Groups, as our work is closely aligned with the efforts of groups like DNS-SD, Homenet, and the Open Connectivity Foundation (OCF).We are reaching out to the relevant working groups to seek interest in our findings and to engage in discussions to improve the current state.

Would your group be interested in reconsidering these issues or connecting us with other ongoing efforts within the IETF where our work might be more relevant?  We would also be open to present our paper at one of your upcoming meetings and engage in a discussion on how we can collectively enhance network protocol security and privacy standards.

For more details, please refer to the paper. Your feedback on our paper and thoughts on how it impacts the work of the IETF would be invaluable. We look forward to hearing back from you soon.


[1]: https://dl.acm.org/doi/pdf/10.1145/3618257.3624830

Cheers.
--
Aniketh Girish
PhD Student, IMDEA Networks Institute
https://anikethgirish.in/

This message may contain confidential or privileged information. If you have received it in error, please do not use it, notify the sender and delete it. See https://networks.imdea.org/legal-notice-email/

v2.23.0 | Report a Bug | By Email