Thor: The Hybrid Online Repository

Slides:



Advertisements
Similar presentations
RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.
Advertisements

Mobile Communication MMS.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
02/12/00 E-Business Architecture
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.
Social Building social capital for the children? Do children need social media? How can mobile media enhance social interaction in family? How do children.
IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.
Cloud Usability Framework
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Public Key Infrastructure from the Most Trusted Name in e-Security.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
The Study of Security and Privacy in Mobile Applications Name: Liang Wei
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
XPand your capabilities with Citrix ® MetaFrame XP ™ for Windows ®, Feature Release 2.
Review 2 Chapters 7, 8, 9. 2  Define a network and its purpose.  Explain how communications technologies are used in our every day lives.  Understand.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Requirement for Enterprise Directory Services A Customer Influenced Perspective TOG DCE Program Group ® Brian Breton Gradient Technologies, Inc.
Chapter 2 Securing Network Server and User Workstations.
S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Šarūnas Končius Technology Strategist of Microsoft Microsoft Lithuania.
KeepItSafe Solution Suite Securely control and manage all of your data backups with ease, from a single location. KeepItSafe Online Backup KeepItSafe.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
Novell iFolder Novell Academy QuickTrain. What is iFolder? Novell iFolder lets users’ files follow them anywhere A simple and secure way to access, organize.
Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.
WHAT ARE BACKUPS? Backups are the last line of defense against hardware failure, floods or fires the damage caused by a security breach or just accidental.
Dr. Ir. Yeffry Handoko Putra
Unit 3 Virtualization.
Data and database administration
Private Facebook Chat Chris Robison, Scott Ruoti, Tim van der Horst, Kent Seamons Internet Security Research Lab Computer Science Department Brigham Young.
Operating Systems : Overview
MEF Modeling Activities
Information Technology Deanship
David P. Reed MIT CFP Draft May 2007
Peer-to-peer networking
Introduction to Networking
Introduction to Computers
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Unit 27: Network Operating Systems
Content Management lifecycle
Enhancing Web Application Security with Secure Hardware Tokens
An Introduction to Computer Networking
RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.
Strengthening Password-based Authentication
Tim van der Horst, Tore Sundelin, Kent Seamons, and Charles Knutson
Security & .NET 12/1/2018.
Public Key Infrastructure from the Most Trusted Name in e-Security
Systems Analysis and Design in a Changing World, 6th Edition
Operating Systems : Overview
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Operating Systems : Overview
Operating Systems : Overview
Operating Systems : Overview
UNIT No: IV IDENTITY MANAGEMENT MODELS IN IoT
Securing Windows 7 Lesson 10.
Operating Systems : Overview
Operating Systems : Overview
Cengage Learning: Computer Networking from LANs to WANs
Unit 8 Network Security.
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Microsoft Virtual Academy
Presentation transcript:

Thor: The Hybrid Online Repository Tim van der Horst and Kent Seamons Internet Security Research Lab Brigham Young University http://isrl.cs.byu.edu Good afternoon. Today, I am presenting Thor: The Hybrid Online Repository First IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks Athens, Greece 5th-9th September 2005

Digital Repositories Repository – a place to store and protect valuable objects Digital credential repository stores and protects digital credentials Important service to applications and protocols that use credentials Many repositories have been created and successfully deployed Not designed with the mobile environment in mind What is a repository? –Give Def Digital CRED repository – Give Def This is a valuable support service for apps and protocols that use creds Many digital repositories have been created and successfully deployed. However, many of these repositories were not designed with the mobile environment in mind.

Purpose Identify the requirements of a mobile environment Evaluate existing repositories in light of these requirements Present the design of a repository that meets these requirements The purpose of this research is to…

Requirements Physical Security Connectivity Manageability The loss of the mobile device must not equate to a loss of the user’s credentials Connectivity A user-defined subset of credentials must be accessible regardless of the current communications topology Manageability Provide an interface to manage and maintain credentials across all participating devices R1 R2 We have identified 3 requirements for secure credential repositories in a mobile environment The first requirement has to do with physical security. Due to the small size of mobile devices and their use outside a trusted domain, they are more prone to loss, theft, and destruction. As such, our first requirement is that: --Give R1 The second requirement has to do with connectivity. Due to the transient nature of mobile devices, they can experience a variety of both connect and disconnected topologies. As such, our second requirement states: -- Give R2 Our third requirement has to do with manageability. Management, replication, and synchronization of credentials is a critical task. As such, our third requirement states: --Give R3 R3

Existing Repositories Application Local R1 R2 R3 Local Repository Now that we have a set of requirements to evaluate repositories in the context of a mobile environment, lets do so. Existing repositories fall into two different types: Local and remote Local – Existing entirely on-device, as such if the device is destroyed, so is the repository and its contents and thus does not satisfy our first requirement. Also, since the repository is contained completely on-device it doesn’t have the facilities to interact with the repositories on the user’s other participating devices. Remote – resides completely off-device. Because of this, when the device is destroyed the credentials remain safe. This type of repository can be shared by all of a user’s participating devices, thus providing satisfaction for the third requirement. Notice that the requirements satisfied by these two types of repositories are complimentary. That is to say, if we were to combine the correct elements of these repositories we should get I repository that does satisfy all of these requirements. Application R1 R2 R3 Remote The Internet Remote Repository

Hybrid Repository R1 R2 R3 Application The Internet Remote Repository Local Repository This is in fact what a hybrid repository does. It combines local and remote elements in order to satisfy all three requirements.

Thor A design for a hybrid repository Design Goals Leverages existing repositories, rather than creating a new one Design Goals All three requirements for a secure credential repository in a mobile environment must be satisfied There must be no modifications required to the existing repository implementations Where possible, increase usability and security of existing repositories without modifying them G1 G2 G3

Thor – Repository Interface Creates an additional layer of abstraction All repositories have three basic operations: Put Get Delete

Thor – Design Root repository constraints Must be a remote repository ? Leaf Leaf Leaf R2   

Centralized Management Provides a single location to manage credentials Local agent Stores and manages meta-data in the repositories Contains additional information about the credentials Used to manage credentials Meta-data is stored as an encrypted credential in the repository R3

Thor – Enhancements Credential organization Create a virtual organization Credential identifier obfuscation Password management Create a mapping of secure passwords to credentials, encrypt with a single password 145c01342ee13a015954fefe01 Credit card credential 4fe4c30f4a2466f52a591071dd CIA agent credential

Central Management Transparent features

Evaluation Does Thor meet its goals? All three requirements for a secure credential repository in a mobile environment must be satisfied There must be no modifications required to the existing repository implementations Where possible, increase usability and security of existing repositories without modifying them G1 G1 G2 G2 G3 G3

Conclusions Delineated a set of requirements for a repository in a mobile environment Evaluated existing repositories based on those requirements Designed and implemented a hybrid repository Satisfies requirements of a mobile environment Leverages existing repositories Provides transparent features that enhance the protection of its contents

Future Work Incorporate more repositories into this system Email-based repository No need for a specialized credential server Context-aware application interface Create a virtual smart card interface for each type of application Usability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.