{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,17]],"date-time":"2025-09-17T15:23:10Z","timestamp":1758122590336},"reference-count":46,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2018,8,29]],"date-time":"2018-08-29T00:00:00Z","timestamp":1535500800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,10,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. [42] determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include <jats:italic>in-path<\/jats:italic> man-in-the-middle versions as well as a more powerful <jats:italic>on-path<\/jats:italic> attack that can be carried out without full network control.<\/jats:p>","DOI":"10.1515\/popets-2018-0031","type":"journal-article","created":{"date-parts":[[2018,8,31]],"date-time":"2018-08-31T09:30:30Z","timestamp":1535707830000},"page":"51-63","source":"Crossref","is-referenced-by-count":6,"title":["Exploiting TLS Client Authentication for Widespread User Tracking"],"prefix":"10.56553","volume":"2018","author":[{"given":"Lucas","family":"Foppe","sequence":"first","affiliation":[{"name":"U.S. Naval Academy"}]},{"given":"Jeremy","family":"Martin","sequence":"additional","affiliation":[{"name":"The MITRE Corporation, U.S. Naval Academy"}]},{"given":"Travis","family":"Mayberry","sequence":"additional","affiliation":[{"name":"U.S. Naval Academy"}]},{"given":"Erik C.","family":"Rye","sequence":"additional","affiliation":[{"name":"U.S. Naval Academy"}]},{"given":"Lamont","family":"Brown","sequence":"additional","affiliation":[{"name":"U.S. Naval Academy"}]}],"member":"35752","published-online":{"date-parts":[[2018,8,29]]},"reference":[{"key":"2021040618053754043_j_popets-2018-0031_ref_001_w2aab3b7b4b1b6b1ab1ab1Aa","unstructured":"[1] cipherscan. https:\/\/github.com\/mozilla\/cipherscan. Accessed: 2017-12-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_002_w2aab3b7b4b1b6b1ab1ab2Aa","unstructured":"[2] CVE-2017-2383. https:\/\/cve.mitre.org\/cgibin\/cvename.cgi?name=CVE-2017-2383,. Accessed: 2017-10-17."},{"key":"2021040618053754043_j_popets-2018-0031_ref_003_w2aab3b7b4b1b6b1ab1ab3Aa","unstructured":"[3] CVE-2017-13863. https:\/\/support.apple.com\/enus\/HT208112,. Accessed: 2018-02-24."},{"key":"2021040618053754043_j_popets-2018-0031_ref_004_w2aab3b7b4b1b6b1ab1ab4Aa","unstructured":"[4] CVE-2017-13864. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13864,. Accessed: 2018-02-24."},{"key":"2021040618053754043_j_popets-2018-0031_ref_005_w2aab3b7b4b1b6b1ab1ab5Aa","unstructured":"[5] URL http:\/\/dbsign.com\/products\/dbsign\/uws."},{"key":"2021040618053754043_j_popets-2018-0031_ref_006_w2aab3b7b4b1b6b1ab1ab6Aa","unstructured":"[6] eID card - eID programs. https:\/\/www.gemalto.com\/govt\/identity. Accessed: 2017-11-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_007_w2aab3b7b4b1b6b1ab1ab7Aa","unstructured":"[7] e-estonia - e-identity. https:\/\/e-estonia.com\/solutions\/eidentity\/id-card\/. Accessed: 2017-11-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_008_w2aab3b7b4b1b6b1ab1ab8Aa","unstructured":"[8] App Store - As measured by the App Store on November 6, 2017. https:\/\/developer.apple.com\/support\/app-store\/. Accessed: 2017-11-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_009_w2aab3b7b4b1b6b1ab1ab9Aa","unstructured":"[9] Cisco - Umbrella Popularity List. http:\/\/s3-us-west-1.amazonaws.com\/umbrella-static\/index.html. Accessed: 2017-12-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_010_w2aab3b7b4b1b6b1ab1ac10Aa","unstructured":"[10] What Is A UDID And Why Is Apple Killing Apps That Track Them? https:\/\/www.cultofmac.com\/160248\/whatthe-hell-is-a-udid-and-why-is-apple-worried-about-themfeature\/. Accessed: 2017-11-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_011_w2aab3b7b4b1b6b1ab1ac11Aa","unstructured":"[11] China Deputizes Smart Phones to Spy on Beijing Residents\u2019 Real-Time Location. https:\/\/www.eff.org\/deeplinks\/2011\/03\/china-deputizes-smart-phones-spy-beijing-residents, Oct 2011."},{"key":"2021040618053754043_j_popets-2018-0031_ref_012_w2aab3b7b4b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thom\u00e9, L. Valenta, et al. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 5\u201317. ACM, 2015.","DOI":"10.1145\/2810103.2813707"},{"key":"2021040618053754043_j_popets-2018-0031_ref_013_w2aab3b7b4b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] B. Anderson and D. McGrew. OS Fingerprinting: New Techniques and a Study of Information Gain and Obfuscation. IEEE Conference on Communications and Network Security, 2017.","DOI":"10.1109\/CNS.2017.8228647"},{"key":"2021040618053754043_j_popets-2018-0031_ref_014_w2aab3b7b4b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] R. Clayton, S. Murdoch, and R. Watson. Ignoring the Great Firewall of China. In Privacy Enhancing Technologies, pages 20\u201335. Springer, 2006.","DOI":"10.1007\/11957454_2"},{"key":"2021040618053754043_j_popets-2018-0031_ref_015_w2aab3b7b4b1b6b1ab1ac15Aa","doi-asserted-by":"crossref","unstructured":"[15] M. Cunche. I Know Your MAC Address: Targeted Tracking of Individual Using Wi-Fi. Journal of Computer Virology and Hacking Techniques, 2014.","DOI":"10.1007\/s11416-013-0196-1"},{"key":"2021040618053754043_j_popets-2018-0031_ref_016_w2aab3b7b4b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] M. Dischinger, A. Mislove, A. Haeberlen, and K. P. Gummadi. Detecting Bittorrent Blocking. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, pages 3\u20138. ACM, 2008.","DOI":"10.1145\/1452520.1452523"},{"key":"2021040618053754043_j_popets-2018-0031_ref_017_w2aab3b7b4b1b6b1ab1ac17Aa","unstructured":"[17] E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3 draft."},{"key":"2021040618053754043_j_popets-2018-0031_ref_018_w2aab3b7b4b1b6b1ab1ac18Aa","unstructured":"[18] P. Eckersley, F. von Lohmann, and S. Schoen. Packet Forgery by ISPs: A Report on the Comcast Affair. Electronic Frontier Foundation, 2007."},{"key":"2021040618053754043_j_popets-2018-0031_ref_019_w2aab3b7b4b1b6b1ab1ac19Aa","unstructured":"[19] M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In NDSS, pages 177\u2013183, 2011."},{"key":"2021040618053754043_j_popets-2018-0031_ref_020_w2aab3b7b4b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taint-Droid: an Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. ACM Transactions on Computer Systems (TOCS), 2014.","DOI":"10.1145\/2619091"},{"key":"2021040618053754043_j_popets-2018-0031_ref_021_w2aab3b7b4b1b6b1ab1ac21Aa","unstructured":"[21] C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. Trust, 12:291\u2013307, 2012."},{"key":"2021040618053754043_j_popets-2018-0031_ref_022_w2aab3b7b4b1b6b1ab1ac22Aa","doi-asserted-by":"crossref","unstructured":"[22] L.-S. Huang, S. Adhikarla, D. Boneh, and C. Jackson. An Experimental Study of TLS Forward Secrecy Deployments. IEEE Internet Computing, 18(6):43\u201351, 2014.","DOI":"10.1109\/MIC.2014.86"},{"key":"2021040618053754043_j_popets-2018-0031_ref_023_w2aab3b7b4b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] V. Jacobson, R. Braden, and D. Borman. Tcp extensions for high performance. 1992.","DOI":"10.17487\/rfc1323"},{"key":"2021040618053754043_j_popets-2018-0031_ref_024_w2aab3b7b4b1b6b1ab1ac24Aa","unstructured":"[24] D. Johansson. Privacy Risks with Using Client Certificates for Authentication. http:\/\/www.infosecurityeurope.com\/__novadocuments\/89008?v=635703263638330000. Accessed: 2017-11-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_025_w2aab3b7b4b1b6b1ab1ac25Aa","unstructured":"[25] D. Kerr. Russian police spy on people\u2019s mobile data to catch thieves. https:\/\/www.cnet.com\/news\/russian-police-spy-onpeoples-mobile-data-to-catch-thieves\/, Jul 2013."},{"key":"2021040618053754043_j_popets-2018-0031_ref_026_w2aab3b7b4b1b6b1ab1ac26Aa","doi-asserted-by":"crossref","unstructured":"[26] T. Kohno, A. Broido, and k. c. claffy. Remote Physical Device Fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2):93\u2013108, 2005.","DOI":"10.1109\/TDSC.2005.26"},{"key":"2021040618053754043_j_popets-2018-0031_ref_027_w2aab3b7b4b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] M. Luckie, R. Beverly, T. Wu, M. Allman, et al. Resilience of Deployed TCP to Blind Attacks. In Proceedings of the 2015 ACM Conference on Internet Measurement Conference, pages 13\u201326. ACM, 2015.","DOI":"10.1145\/2815675.2815700"},{"key":"2021040618053754043_j_popets-2018-0031_ref_028_w2aab3b7b4b1b6b1ab1ac28Aa","unstructured":"[28] B. Marczak, N. Weaver, J. Dalek, R. Ensafi, D. Fifield, S. McKune, A. Rey, J. Scott-Railton, R. Deibert, and V. Paxson. China\u2019s great cannon. Citizen Lab, 10, 2015."},{"key":"2021040618053754043_j_popets-2018-0031_ref_029_w2aab3b7b4b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] J. Martin, D. Rhame, R. Beverly, and J. McEachen. Correlating GSM and 802.11 Hardware Identifiers. In IEEE Military Communications Conference, 2013.","DOI":"10.1109\/MILCOM.2013.237"},{"key":"2021040618053754043_j_popets-2018-0031_ref_030_w2aab3b7b4b1b6b1ab1ac30Aa","doi-asserted-by":"crossref","unstructured":"[30] J. Martin, E. Rye, and R. Beverly. Decomposition of MAC Address Structure for Granular Device Inference. In Proceedings of the 32nd Annual Conference on Computer Security Applications, pages 78\u201388. ACM, 2016.","DOI":"10.1145\/2991079.2991098"},{"key":"2021040618053754043_j_popets-2018-0031_ref_031_w2aab3b7b4b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] J. Martin, T. Mayberry, C. Donahue, L. Foppe, L. Brown, C. Riggins, E. C. Rye, and D. Brown. A Study of MAC Address Randomization in Mobile Devices and When it Fails. Proceedings on Privacy Enhancing Technologies, pages 365\u2013383, 2017.","DOI":"10.1515\/popets-2017-0054"},{"key":"2021040618053754043_j_popets-2018-0031_ref_032_w2aab3b7b4b1b6b1ab1ac32Aa","unstructured":"[32] B. M\u00f6ller, T. Duong, and K. Kotowicz. This POODLE Bites: Exploiting the SSL 3.0 Fallback. PDF online, pages 1\u20134, 2014."},{"key":"2021040618053754043_j_popets-2018-0031_ref_033_w2aab3b7b4b1b6b1ab1ac33Aa","unstructured":"[33] E. Network and I. S. Agency. Privacy and Security Risks when Authenticating on the Internet with European eID Cards. https:\/\/www.enisa.europa.eu\/publications\/eid-onlinebanking\/at_download\/fullReport. Accessed: 2017-11-28."},{"key":"2021040618053754043_j_popets-2018-0031_ref_034_w2aab3b7b4b1b6b1ab1ac34Aa","unstructured":"[34] B. L. Owsley. Spies in the Skies: Dirtboxes and Airplane Electronic Surveillance. Mich. L. Rev. First Impressions, 113: 75\u201375, 2015."},{"key":"2021040618053754043_j_popets-2018-0031_ref_035_w2aab3b7b4b1b6b1ab1ac35Aa","doi-asserted-by":"crossref","unstructured":"[35] A. Parsovs. Practical Issues with TLS Client Certificate Authentication. In NDSS, volume 14, pages 23\u201326, 2014.","DOI":"10.14722\/ndss.2014.23036"},{"key":"2021040618053754043_j_popets-2018-0031_ref_036_w2aab3b7b4b1b6b1ab1ac36Aa","doi-asserted-by":"crossref","unstructured":"[36] Z. Qian and Z. M. Mao. Off-path TCP Sequence Number Inference Attack-How Firewall Middleboxes Reduce Security. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 347\u2013361. IEEE, 2012.","DOI":"10.1109\/SP.2012.29"},{"key":"2021040618053754043_j_popets-2018-0031_ref_037_w2aab3b7b4b1b6b1ab1ac37Aa","doi-asserted-by":"crossref","unstructured":"[37] A. Ramaiah, R. Stewart, and M. Dalal. Improving TCP\u2019s Robustness to Blind In-Window Attacks. Technical report, 2010.","DOI":"10.17487\/rfc5961"},{"key":"2021040618053754043_j_popets-2018-0031_ref_038_w2aab3b7b4b1b6b1ab1ac38Aa","doi-asserted-by":"crossref","unstructured":"[38] T. Dierks. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, Aug. 2008.","DOI":"10.17487\/rfc5246"},{"key":"2021040618053754043_j_popets-2018-0031_ref_039_w2aab3b7b4b1b6b1ab1ac39Aa","unstructured":"[39] S. Thurm and Y. I. Kane. Your apps are watching you. The Wall Street Journal, 17:1, 2010."},{"key":"2021040618053754043_j_popets-2018-0031_ref_040_w2aab3b7b4b1b6b1ab1ac40Aa","doi-asserted-by":"crossref","unstructured":"[40] M. Vanhoef, C. Matte, M. Cunche, L. S. Cardoso, and F. Piessens. Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi network discovery mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pages 413\u2013424. ACM, 2016.","DOI":"10.1145\/2897845.2897883"},{"key":"2021040618053754043_j_popets-2018-0031_ref_041_w2aab3b7b4b1b6b1ab1ac41Aa","doi-asserted-by":"crossref","unstructured":"[41] L. V\u00f6lker and M. Sch\u00f6ller. Secure TLS: Preventing DoS Attacks with Lower Layer Authentication. In Kommunikation in Verteilten Systemen (KiVS), pages 237\u2013248. Springer, 2007.","DOI":"10.1007\/978-3-540-69962-0_20"},{"key":"2021040618053754043_j_popets-2018-0031_ref_042_w2aab3b7b4b1b6b1ab1ac42Aa","doi-asserted-by":"crossref","unstructured":"[42] M. Wachs, Q. Scheitle, and G. Carle. Push Away Your privacy: Precise User Tracking Based on TLS Client Certificate Authentication. In Network Traffic Measurement and Analysis Conference (TMA), 2017, pages 1\u20139. IEEE, 2017.","DOI":"10.23919\/TMA.2017.8002897"},{"key":"2021040618053754043_j_popets-2018-0031_ref_043_w2aab3b7b4b1b6b1ab1ac43Aa","unstructured":"[43] P. Watson. Slipping in the Window: TCP Reset Attacks. Presentation at, 2004."},{"key":"2021040618053754043_j_popets-2018-0031_ref_044_w2aab3b7b4b1b6b1ab1ac44Aa","unstructured":"[44] N. Weaver, R. Sommer, and V. Paxson. Detecting Forged TCP Reset Packets. In NDSS, 2009."},{"key":"2021040618053754043_j_popets-2018-0031_ref_045_w2aab3b7b4b1b6b1ab1ac45Aa","doi-asserted-by":"crossref","unstructured":"[45] X. Xu, Z. M. Mao, and J. A. Halderman. Internet Censorship in China: Where Does the Filtering Occur? In International Conference on Passive and Active Network Measurement, pages 133\u2013142. Springer, 2011.","DOI":"10.1007\/978-3-642-19260-9_14"},{"key":"2021040618053754043_j_popets-2018-0031_ref_046_w2aab3b7b4b1b6b1ab1ac46Aa","unstructured":"[46] M. Zalewski. Strange Attractors and TCP\/IP Sequence Number Analysis, 2001."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/content.sciendo.com\/view\/journals\/popets\/2018\/4\/article-p51.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/article\/10.1515\/popets-2018-0031","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:30:11Z","timestamp":1658334611000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2018\/popets-2018-0031.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,29]]},"references-count":46,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2018,8,29]]},"published-print":{"date-parts":[[2018,10,1]]}},"alternative-id":["10.1515\/popets-2018-0031"],"URL":"https:\/\/doi.org\/10.1515\/popets-2018-0031","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,8,29]]}}}