
Precise User Tracking Based on TLS Client Certificate Authentication [pdf] - okket
http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
======
okket
Abstract:

"The design and implementation of cryptographic systems offer many subtle
pitfalls. One such pitfall is that cryptography may create unique identifiers
potentially usable to repeatedly and precisely re-identify and hence track
users. This work investigates TLS Client Certificate Authentication (CCA),
which currently transmits certificates in plain text. We demonstrate CCA’s
impact on client traceability using Apple’s Apple Push Notification service
(APNs) as an example. APNs is used by all Apple products, employs plain-text
CCA, and aims to be constantly connected to its backend. Its novel combination
of large device count, constant connections, device proximity to users and
unique client certificates provides for precise client traceability. We show
that passive eavesdropping allows to pre- cisely re-identify and track users
and that only ten interception points are required to track more than 80
percent of APNs users due to global routing characteristics. We conduct our
work under strong ethical guidelines, responsibly disclose our findings, and
can confirm a working patch by Apple for the highlighted issue. We aim for
this work to provide the necessary factual and quantified evidence about
negative implications of plain-text CCA to boost deployment of encrypted CCA
as in TLS 1.3."

------
brudgers
related code, [https://github.com/tumi8/cca-
privacy](https://github.com/tumi8/cca-privacy)

------
Animats
TLS is for security, not anonymity.

~~~
karussell
Sure, but I think the interesting part here is more that with TLS it seems to
introduce less anonymity compared to a connection without TLS

------
wiml
This is one of the things that's made me hesitant to deploy client-cert-based
user authentication. I'm looking forward to TLS1.3, though.

~~~
lol768
I'm assuming it being better in TLS 1.3 follows from this provision?

> All handshake messages after the ServerHello are now encrypted.

