Investigating Traffic Analysis Attacks on Apple iCloud Private Relay

Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security Pub Date : 2023-07-10 DOI:10.1145/3579856.3595793

A. Zohaib, J. Sheffey, A. Houmansadr

{"title":"Investigating Traffic Analysis Attacks on Apple iCloud Private Relay","authors":"A. Zohaib, J. Sheffey, A. Houmansadr","doi":"10.1145/3579856.3595793","DOIUrl":null,"url":null,"abstract":"The iCloud Private Relay (PR) is a new feature introduced by Apple in June 2021 that aims to enhance online privacy by protecting a subset of web traffic from both local eavesdroppers and websites that use IP-based tracking. The service is integrated into Apple’s latest operating systems and uses a two-hop architecture where a user’s web traffic is relayed through two proxies run by disjoint entities. PR’s multi-hop architecture resembles traditional anonymity systems such as Tor and mix networks. Such systems, however, are known to be susceptible to a vulnerability known as traffic analysis: an intercepting adversary (e.g., a malicious router) can attempt to compromise the privacy promises of such systems by analyzing characteristics (e.g., packet timings and sizes) of their network traffic. In particular, previous works have widely studied the susceptibility of Tor to website fingerprinting and flow correlation, two major forms of traffic analysis. In this work, we are the first to investigate the threat of traffic analysis against the recently introduced PR. First, we explore PR’s current architecture to establish a comprehensive threat model of traffic analysis attacks against PR. Second, we quantify the potential likelihood of these attacks against PR by evaluating the risks imposed by real-world AS-level adversaries through empirical measurement of Internet routes. Our evaluations show that some autonomous systems are in a particularly strong position to perform traffic analysis on a large fraction of PR traffic. Finally, having demonstrated the potential for these attacks to occur, we evaluate the performance of several flow correlation and website fingerprinting attacks over PR traffic. Our evaluations show that PR is highly vulnerable to state-of-the-art website fingerprinting and flow correlation attacks, with both attacks achieving high success rates. We hope that our study will shed light on the significance of traffic analysis to the current PR deployment, convincing Apple to perform design adjustments to alleviate the risks.","PeriodicalId":156082,"journal":{"name":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","volume":"101 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3579856.3595793","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The iCloud Private Relay (PR) is a new feature introduced by Apple in June 2021 that aims to enhance online privacy by protecting a subset of web traffic from both local eavesdroppers and websites that use IP-based tracking. The service is integrated into Apple’s latest operating systems and uses a two-hop architecture where a user’s web traffic is relayed through two proxies run by disjoint entities. PR’s multi-hop architecture resembles traditional anonymity systems such as Tor and mix networks. Such systems, however, are known to be susceptible to a vulnerability known as traffic analysis: an intercepting adversary (e.g., a malicious router) can attempt to compromise the privacy promises of such systems by analyzing characteristics (e.g., packet timings and sizes) of their network traffic. In particular, previous works have widely studied the susceptibility of Tor to website fingerprinting and flow correlation, two major forms of traffic analysis. In this work, we are the first to investigate the threat of traffic analysis against the recently introduced PR. First, we explore PR’s current architecture to establish a comprehensive threat model of traffic analysis attacks against PR. Second, we quantify the potential likelihood of these attacks against PR by evaluating the risks imposed by real-world AS-level adversaries through empirical measurement of Internet routes. Our evaluations show that some autonomous systems are in a particularly strong position to perform traffic analysis on a large fraction of PR traffic. Finally, having demonstrated the potential for these attacks to occur, we evaluate the performance of several flow correlation and website fingerprinting attacks over PR traffic. Our evaluations show that PR is highly vulnerable to state-of-the-art website fingerprinting and flow correlation attacks, with both attacks achieving high success rates. We hope that our study will shed light on the significance of traffic analysis to the current PR deployment, convincing Apple to perform design adjustments to alleviate the risks.

查看原文本刊更多论文

调查流量分析攻击苹果iCloud私有中继

iCloud私有中继(PR)是苹果公司于2021年6月推出的一项新功能，旨在通过保护一部分网络流量免受本地窃听者和使用基于ip的跟踪的网站的侵害，从而增强在线隐私。这项服务被整合到苹果最新的操作系统中，并使用两跳架构，即用户的网络流量通过由互不关联的实体运行的两个代理进行中继。PR的多跳架构类似于传统的匿名系统，如Tor和mix网络。然而，众所周知，这样的系统容易受到流量分析漏洞的影响:拦截对手(例如，恶意路由器)可以试图通过分析其网络流量的特征(例如，数据包定时和大小)来破坏此类系统的隐私承诺。特别是，之前的工作已经广泛研究了Tor对网站指纹和流量关联的敏感性，这是流量分析的两种主要形式。在这项工作中，我们首先研究了流量分析对最近引入的PR的威胁。首先，我们探索了PR的当前架构，以建立针对PR的流量分析攻击的综合威胁模型。其次，我们通过对互联网路由的经验测量，通过评估现实世界as级对手施加的风险，量化了这些针对PR的攻击的潜在可能性。我们的评估表明，一些自主系统在对大部分PR流量进行流量分析方面处于特别有利的地位。最后，在展示了这些攻击发生的可能性之后，我们评估了公关流量上的几个流量关联和网站指纹攻击的性能。我们的评估表明，PR非常容易受到最先进的网站指纹和流量关联攻击，这两种攻击都取得了很高的成功率。我们希望我们的研究能够阐明流量分析对当前公关部署的意义，说服苹果公司进行设计调整以降低风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

自引率

0.00%

发文量