The IPv6 protocol was designed with security in mind. One of the changes that IPv6 has introduced over IPv4 is a new 20-bit flow label field in its protocol header.We show that remote servers can use the flow label field in order to assign a unique ID to each device when communicating with machines running Windows 10 (versions 1703 and higher), and Linux and Android (kernel versions 4.3 and higher). The servers are then able to associate the respective device IDs with subsequent transmissions sent from those machines. This identification is done by exploiting the flow label field generation logic and works across all browsers regardless of network changes. Furthermore, a variant of this attack also works passively, namely without actively triggering traffic from those machines.To design the attack we reverse-engineered and cryptanalyzed the Windows flow label generation code and inspected the Linux kernel flow label generation code. We provide a practical technique to partially extract the key used by each of these algorithms, and observe that this key can identify individual devices across networks, VPNs, browsers and privacy settings. We deployed a demo (for both Windows and Linux/Android) showing that key extraction and machine fingerprinting works in the wild, and tested it from networks around the world.
|Title of host publication||Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020|
|Publisher||Institute of Electrical and Electronics Engineers Inc.|
|Number of pages||18|
|State||Published - May 2020|
|Event||41st IEEE Symposium on Security and Privacy, SP 2020 - San Francisco, United States|
Duration: 18 May 2020 → 21 May 2020
|Name||Proceedings - IEEE Symposium on Security and Privacy|
|Conference||41st IEEE Symposium on Security and Privacy, SP 2020|
|Period||18/05/20 → 21/05/20|
Bibliographical noteFunding Information:
X. ACKNOWLEDGEMENTS This work was supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Ministers’ Office, by a grant from the Israel Science Foundation, and by the Alter Family Foundation.
© 2020 IEEE.