We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Device Tracking via Linux's New TCP Source Port Selection Algorithm (Extended Version)

Abstract: We describe a tracking technique for Linux devices, exploiting a new TCP source port generation mechanism recently introduced to the Linux kernel. This mechanism is based on an algorithm, standardized in RFC 6056, for boosting security by better randomizing port selection. Our technique detects collisions in a hash function used in the said algorithm, based on sampling TCP source ports generated in an attacker-prescribed manner. These hash collisions depend solely on a per-device key, and thus the set of collisions forms a device ID that allows tracking devices across browsers, browser privacy modes, containers, and IPv4/IPv6 networks (including some VPNs). It can distinguish among devices with identical hardware and software, and lasts until the device restarts.
We implemented this technique and then tested it using tracking servers in two different locations and with Linux devices on various networks. We also tested it on an Android device that we patched to introduce the new port selection algorithm. The tracking technique works in real-life conditions, and we report detailed findings about it, including its dwell time, scalability, and success rate in different network types. We worked with the Linux kernel team to mitigate the exploit, resulting in a security patch introduced in May 2022 to the Linux kernel, and we provide recommendations for better securing the port selection algorithm in the paper.
Comments: This is an extended version of a paper with the same name that will be presented in the 32nd Usenix Security Symposium (USENIX 2023). UPDATE (2022-10-08): We revised some bibliography entries and clarified some aspects of the mathematical analysis
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2209.12993 [cs.CR]
  (or arXiv:2209.12993v2 [cs.CR] for this version)

Submission history

From: Amit Klein [view email]
[v1] Mon, 26 Sep 2022 20:10:57 GMT (462kb,D)
[v2] Sat, 8 Oct 2022 09:07:15 GMT (463kb,D)

Link back to: arXiv, form interface, contact.