一个坏苹果可以破坏你的IPv6隐私

IF 2.2 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

ACM Sigcomm Computer Communication Review Pub Date : 2022-03-16 DOI:10.1145/3544912.3544915

Said Jawad Saidi, Oliver Gasser, Georgios Smaragdakis

{"title":"一个坏苹果可以破坏你的IPv6隐私","authors":"Said Jawad Saidi, Oliver Gasser, Georgios Smaragdakis","doi":"10.1145/3544912.3544915","DOIUrl":null,"url":null,"abstract":"IPv6 is being more and more adopted, in part to facilitate the millions of smart devices that have already been installed at home. Unfortunately, we find that the privacy of a substantial fraction of end-users is still at risk, despite the efforts by ISPs and electronic vendors to improve end-user security, e.g., by adopting prefix rotation and IPv6 privacy extensions. By analyzing passive data from a large ISP, we find that around 19% of end-users' privacy can be at risk. When we investigate the root causes, we notice that a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix---even if other devices use IPv6 privacy extensions. Our results show that IoT devices contribute the most to this privacy leakage and, to a lesser extent, personal computers and mobile devices. To our surprise, some of the most popular IoT manufacturers have not yet adopted privacy extensions that could otherwise mitigate this privacy risk. Finally, we show that third-party providers, e.g., hypergiants, can track up to 17% of subscriber lines in our study.","PeriodicalId":50646,"journal":{"name":"ACM Sigcomm Computer Communication Review","volume":"6 1","pages":"10 - 19"},"PeriodicalIF":2.2000,"publicationDate":"2022-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"One bad apple can spoil your IPv6 privacy\",\"authors\":\"Said Jawad Saidi, Oliver Gasser, Georgios Smaragdakis\",\"doi\":\"10.1145/3544912.3544915\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IPv6 is being more and more adopted, in part to facilitate the millions of smart devices that have already been installed at home. Unfortunately, we find that the privacy of a substantial fraction of end-users is still at risk, despite the efforts by ISPs and electronic vendors to improve end-user security, e.g., by adopting prefix rotation and IPv6 privacy extensions. By analyzing passive data from a large ISP, we find that around 19% of end-users' privacy can be at risk. When we investigate the root causes, we notice that a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix---even if other devices use IPv6 privacy extensions. Our results show that IoT devices contribute the most to this privacy leakage and, to a lesser extent, personal computers and mobile devices. To our surprise, some of the most popular IoT manufacturers have not yet adopted privacy extensions that could otherwise mitigate this privacy risk. Finally, we show that third-party providers, e.g., hypergiants, can track up to 17% of subscriber lines in our study.\",\"PeriodicalId\":50646,\"journal\":{\"name\":\"ACM Sigcomm Computer Communication Review\",\"volume\":\"6 1\",\"pages\":\"10 - 19\"},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2022-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Sigcomm Computer Communication Review\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3544912.3544915\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Sigcomm Computer Communication Review","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3544912.3544915","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 14

摘要

IPv6正被越来越多的人采用，部分原因是为了方便已经安装在家中的数百万智能设备。不幸的是，我们发现，尽管互联网服务提供商和电子供应商努力提高最终用户的安全性，例如采用前缀轮换和IPv6隐私扩展，但很大一部分最终用户的隐私仍然处于危险之中。通过分析来自大型ISP的被动数据，我们发现大约19%的最终用户的隐私可能处于危险之中。当我们调查根本原因时，我们注意到，在家中将其MAC地址编码为IPv6地址的单个设备可以用作整个最终用户前缀的跟踪标识符-即使其他设备使用IPv6隐私扩展。我们的研究结果表明，物联网设备对这种隐私泄露的贡献最大，个人电脑和移动设备的影响较小。令我们惊讶的是，一些最受欢迎的物联网制造商还没有采用隐私扩展，否则就会降低这种隐私风险。最后，我们表明第三方提供商，例如，在我们的研究中，可以跟踪高达17%的用户线路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

One bad apple can spoil your IPv6 privacy

IPv6 is being more and more adopted, in part to facilitate the millions of smart devices that have already been installed at home. Unfortunately, we find that the privacy of a substantial fraction of end-users is still at risk, despite the efforts by ISPs and electronic vendors to improve end-user security, e.g., by adopting prefix rotation and IPv6 privacy extensions. By analyzing passive data from a large ISP, we find that around 19% of end-users' privacy can be at risk. When we investigate the root causes, we notice that a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix---even if other devices use IPv6 privacy extensions. Our results show that IoT devices contribute the most to this privacy leakage and, to a lesser extent, personal computers and mobile devices. To our surprise, some of the most popular IoT manufacturers have not yet adopted privacy extensions that could otherwise mitigate this privacy risk. Finally, we show that third-party providers, e.g., hypergiants, can track up to 17% of subscriber lines in our study.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Sigcomm Computer Communication Review 工程技术-计算机：信息系统

CiteScore

6.90

自引率

3.60%

发文量

审稿时长

4-8 weeks

期刊介绍： Computer Communication Review (CCR) is an online publication of the ACM Special Interest Group on Data Communication (SIGCOMM) and publishes articles on topics within the SIG''s field of interest. Technical papers accepted to CCR typically report on practical advances or the practical applications of theoretical advances. CCR serves as a forum for interesting and novel ideas at an early stage in their development. The focus is on timely dissemination of new ideas that may help trigger additional investigations. While the innovation and timeliness are the major criteria for its acceptance, technical robustness and readability will also be considered in the review process. We particularly encourage papers with early evaluation or feasibility studies.