Smart Media Journal (스마트미디어저널)

THE KOREAN INSTITUTE OF SMART MEDIA (한국스마트미디어학회)
권호 표지
DOI QR코드

DOI QR Code

ECDH based authentication protocol for the Apple Bonjour protocol

애플 Bonjour 프로토콜을 위한 ECDH 기반 인증 프로토콜

  • 권순홍 (상명대학교 프로토콜공학연구실) ;
  • 이종혁 (상명대학교 프로토콜공학연구실)
  • Received : 2019.07.22
  • Accepted : 2019.08.19
  • Published : 2019.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Apple provides its own protocol, the Bonjour protocol, for convenient file transmission and reception between device. Airdrop is a Bonjour-based, representative service that is widely used as a simple data transmission/reception protocol for Apple's desktops, laptops and smartphones. However, it was demonstrated in Black Hat, a hacking security conference in 2016, that it is possible to commence a Man-in-the-Middle attack by exploiting the Bonjour protocol's weak points. In this paper, we explain the Bonjour protocol's such vulnerability for secure file transmission/reception between devices and propose an ECDH (Elliptic Curve Diffie-Hellman) based authentication protocol to enhance the protocol's security. The proposed protocol is described along with detailed operational procedures, demonstrating that it is possible to reduce the possibility of Man-in-the-Middle attack and its masquerade variant.

애플사는 장비 간 간편한 파일 송수신을 위해 자체적인 프로토콜인 Bonjour 프로토콜을 제공한다. 대표 서비스로는 Airdrop이 있으며, 애플사의 데스크탑, 노트북, 스마트폰 간에 간편한 데이터 송수신 프로토콜로 널리 사용되고 있다. 하지만, 2016년 해킹 보안 컨퍼런스인 Black Hat에서 Bonjour 프로토콜 취약점을 통해 중간자 공격이 가능함을 보였다. 본 논문은 장비 간 안전한 파일 송수신을 위해 Bonjour 프로토콜의 알려진 취약점을 설명하고, Bonjour 프로토콜의 안전성을 높이기 위해 ECDH(Elliptic Curve Diffie-Hellman) 기반 인증 프로토콜을 제안한다. 제안된 프로토콜을 상세한 동작 프로시저와 함께 설명하며, 중간자 공격과 신분위장 공격 가능성을 줄일 수 있음을 증명한다.

Keywords

References

  1. F. Siddiqui, S. Zeadally, T. Kacem, and S. Fowler, "Zero Configuration Networking: Implementation, performance, and security," Computers & electrical engineering, vol. 38, no. 5, pp. 1129-1145, 2012. https://doi.org/10.1016/j.compeleceng.2012.02.011
  2. iOS Security. https://www.apple.com/business/docs/site/iOS_Security_Guide.pdf (accessed Jun., 2019).
  3. Bonjour Operations. https://developer.apple.comb/library/archive/documentation/Cocoa/Conceptual/NetServices/Articles/NetServicesArchitecture.html (accessed June, 2019).
  4. X. Bai, et al., "Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf," 2016 IEEE Symposium on Security and Privacy (SP), pp. 655-674, San Jose, USA, 2016.
  5. Y.J. Song, et al., "Analysis of Airdrop Packets and Known Vulnerabilities," Proc. of Symposium of the Korean Institute of communications and Information Sciences, pp. 987-988, June, 2018.
  6. S.H. Kim, "Comparison and analysis on efficiency of scalar multiplication for Elliptic Curve Cryptosystem", M. S. dissertation, Korea Maritime and Ocean University graduate school, Busan, 2003.
  7. S.h. Kwon, et al., "Simple Challenge-Response Authentication for Apple's Bonjour Protocol," Proc. of Symposium of the Korean Institute of communications and Information Sciences, pp. 989-990, June, 2018.
  8. J.N. Kim, "Implementation of Virtualization-based Domain Separation Security Platform for Smart Devices," Smart Media Journal, vol. 5, no. 4, pp. 116-123, 2016.
  9. W.J. Joe, H.J. Shin, and H.S. Kim, "A log visualization method for network security monitoring," Smart Media Journal, vol. 7, no. 4, pp. 70-78, 2018.