Flaw Label: Exploiting IPv6 Flow Label

Jonathan Berger, Amit Klein, Benny Pinkas

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations

Abstract

The IPv6 protocol was designed with security in mind. One of the changes that IPv6 has introduced over IPv4 is a new 20-bit flow label field in its protocol header.We show that remote servers can use the flow label field in order to assign a unique ID to each device when communicating with machines running Windows 10 (versions 1703 and higher), and Linux and Android (kernel versions 4.3 and higher). The servers are then able to associate the respective device IDs with subsequent transmissions sent from those machines. This identification is done by exploiting the flow label field generation logic and works across all browsers regardless of network changes. Furthermore, a variant of this attack also works passively, namely without actively triggering traffic from those machines.To design the attack we reverse-engineered and cryptanalyzed the Windows flow label generation code and inspected the Linux kernel flow label generation code. We provide a practical technique to partially extract the key used by each of these algorithms, and observe that this key can identify individual devices across networks, VPNs, browsers and privacy settings. We deployed a demo (for both Windows and Linux/Android) showing that key extraction and machine fingerprinting works in the wild, and tested it from networks around the world.

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1259-1276
Number of pages18
ISBN (Electronic)9781728134970
DOIs
StatePublished - May 2020
Externally publishedYes
Event41st IEEE Symposium on Security and Privacy, SP 2020 - San Francisco, United States
Duration: 18 May 202021 May 2020

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2020-May
ISSN (Print)1081-6011

Conference

Conference41st IEEE Symposium on Security and Privacy, SP 2020
Country/TerritoryUnited States
CitySan Francisco
Period18/05/2021/05/20

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Fingerprint

Dive into the research topics of 'Flaw Label: Exploiting IPv6 Flow Label'. Together they form a unique fingerprint.

Cite this