Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES.

Slides:



Advertisements
Similar presentations
Simple and Practical Anonymous Digital Coin Tracing
Advertisements

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.
Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
CSC 774 Advanced Network Security
Tutorial 8: Developing an Excel Application
1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
J. Håstad J. Jakobsson A. Juels M. Yung Funkspiel Schemes: An Alternative to Conventional Tamper Resistance Royal Inst. of Technology, Stockholm RSA Laboratories.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Iron Key and Portable Drive Security Zakary Littlefield.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Security Awareness: Applying Practical Security in Your World
Final Project Review Team Tessier Brandon Thorpe Michael Shusta Telin Kim Lucas Root.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 10: Authentication Guide to Computer Network Security.
Introduction to Information Technology: Your Digital World © 2013 The McGraw-Hill Companies, Inc. All rights reserved.Using Information Technology, 10e©
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Week #7 Objectives: Secure Windows 7 Desktop
PIN-on-Card New contact-less smart card with integrated PIN pad for secure user verification at unparalleled cost effectiveness.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
On OAEP, PSS, and S/MIME John Linn RSA Laboratories S/MIME WG, San Diego IETF, 13 December 2000.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.
Chap1: Is there a Security Problem in Computing?.
Focus On Bluetooth Security Presented by Kanij Fatema Sharme.
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
SECURITY ISSUES. TYPES BLUE JACKING SENDING MESSAGES TO OPEN BLUETOOTH CONNECTION VIRUSES HARMFUL PROGRAMS THAT SPREAD WITHIN DIGITAL DEVICES COOKIES.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Fall 2006CS 395: Computer Security1 Key Management.
Computer Security Set of slides 8 Dr Alexei Vernitski.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Challenge/Response Authentication
Crypto in information security
Controlling Computer-Based Information Systems, Part II
Trezor Support Phone Number For You!! Round The Clock
Cryptography Lecture 26.
Cryptography Lecture 9.
Cryptography Lecture 22.
Cryptography Lecture 25.
Presentation transcript:

Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES

Our aim: To rethink palm security from scratch

u Palm pros: –Cheap –Convenient –Someday ubiquitous –Smartcard alternative? u Palm cons: –Easily stolen –No tamper resistance –Often used for sensitive data –New (sometimes clumsy) style of data entry

Despite this, we want: u To prevent unauthorized access u Get good security from low entropy keys u Alert/disable in case of unauthorized access u Achieve functionality like backup in hostile environments

Attackers may u Steal devices and copy them surreptitiously u Emulate copied devices completely u See all old transcripts u Do fairly serious computing (2 50 or so…) u Mount some on-line attack

Problem with passwords on palm devices u Passwords geared toward keyboards –Palm devices use other data entry u Some studies suggest superiority of visual memory (e.g., Sheperd) u The visual approach... –Jermyn et al., Xerox PARC, Blonder, Perrig, Passfaces –Only Jermyn et al. suitable for palm devices

Visual Passwords Your PIN consists of a point on an image (or multiple such) Icons help stimulate the user s memory

Visual Passwords Error-tolerance techniques allow user to come only close to point, but security remains maximal Training routine helps fix PIN in user s memory Prototype available

Some more problems with passwords Users and passwords don t mix well: –Either too long to be easily memorized (high entropy) –Or too short to be used effectively in naïve manner u For example, AES encryption of credit cards

Credit-Card Vault Special non-redundant encryption protects card and bank account numbers with just a PIN -- Protection even against a determined hacker Prototype available

Encryption using low-entropy keys u To encrypt a list of PINS: –Select master PIN -- call it M –E[PIN 1 ] = PIN 1 M –E[PIN 2 ] = PIN 2 M, etc. u But a credit card is not so simple: –Has redundancy: Check digit –Unprotected parts may give clues to attacker

Accommodate credit-card structure u Idea: Isolate essential digits –Strip away check digit –Strip away bank numbers u Encrypt remaining digits under stream cipher mod 10 –RC4(key) 10 (cc digits) u Note: Decryption with any key yields a valid- looking credit card number

Credit-card vault Can we do Social Security Numbers? Names? Addresses?

Infrared Palm Lock Small key locks and unlocks PalmPilot Strong key would be inexpensive ($2) to manufacture in quantity

Current prototype is conceptual –Static key –20-bit entropy u Evolution: –Static key, 80-bit entropy encryption key –Rolling key, rolling encryption –Bluetooth -- interactive variant Infrared Palm Lock

Digital Signing on the Palm Online approaches may suffer from spotty connectivity Palm is convenient platform for signing An offline digital signing key protected with a PIN is vulnerable to attack if palm device is stolen I agree to buy 1000 shares of Enron at $100/share from Ken.

Our aim Distinguish attacker–generated signatures from real signatures u Alert authorities of any attacks But make alarm silent –attacker should be unable to distinguish a good signature from a bad one u All with a low-entropy PIN!

Funkspiel schematic h s1s1 s2s2 s3s3 s4s4 hh hh h r1r1 r2r2 r3r3 s i = h(s i, i) r i = h(s i, PIN) Incorporate r i into message to be signed Verifier can check correctness of r i

Why does this yield silent alarm? h s1s1 s2s2 s3s3 s4s4 hh hh h r1r1 r2r2 r3r3 r2r2 s2s2 ? ? Attacker cant learn s 2 because of one-wayness of h Attacker cant learn PIN because she cant learn s 2 Attacker cant tell whether shes tripping alarm if she signs using s 3

Inserting r i into standard scheme u We use RSA-PSS (Bellare-Rogaway) u RSA-PSS supplies random padding of messages to be signed using RSA – to avoid existential forgery u Padding has some random component, some redundancy u We let r i be the random portion

The Big Picture u Everybody can verify signatures using standard RSA-PSS Alarm center can check PIN, too, for silent alarm ! Alarm center can, e.g., inform bank if theft suspected

LABORATORIES Prototypes available for visual passwords, credit-card vault, and IR key Patents pending on visual passwords

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.