Exploiting TLS Client Authentication for Widespread User Tracking

Authors: Lucas Foppe (U.S. Naval Academy), Jeremy Martin (The MITRE Corporation, U.S. Naval Academy), Travis Mayberry (U.S. Naval Academy), Erik C. Rye (U.S. Naval Academy), Lamont Brown (U.S. Naval Academy)

Volume: 2018
Issue: 4
Pages: 51–63
DOI: https://doi.org/10.1515/popets-2018-0031

Download PDF

Abstract: TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-themiddle versions as well as a more powerful on-path attack that can be carried out without full network control.

Keywords: TLS, privacy, device tracking, clientcertificates, device identifiers, anonymity

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.