© 2013 Marcin Nagy & N. Asokan & Jörg Ott 1 PeerShare: A System for Secure Distribution of Sensitive Data among Social Contacts Marcin Nagy, N. Asokan,

Slides:

Advertisements

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Advertisements

1 Do I Know You? Efficient, Privacy-Preserving Protocols for Finding Common Friends Marcin Nagy, Aalto University (joint work with Emiliano De Cristofaro,

Internet of Things Security Architecture

Secure Communication Architectures.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Authentication & Kerberos

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

Understanding Active Directory

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Security Management.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Key Management in Cryptography

Bluetooth Jennifer Portillo Thomas Razo Samson Vuong By Sonny Leung.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.

© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Doc.: IEEE xxxxx Submission doc. : IEEE Nov 2012 Slide 1 Project: IEEE P Working Group for Wireless Personal Area.

Module 9: Fundamentals of Securing Network Communication.

Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.

How far removed are you? Scalable Privacy-Preserving Estimation of Social Path Length with Social PaL Marcin Nagy joint work with Thanh Bui, Emiliano De.

Electronic data collection system eSTAT in Statistics Estonia: functionality, authentication and further developments issues 4th June 2007 Maia Ennok,

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

ACM 511 Introduction to Computer Networks. Computer Networks.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

FriendFinder Location-aware social networking on mobile phones.

FriendFinder Location-aware social networking on mobile phones.

Web Services Security Patterns Alex Mackman CM Group Ltd

Comments on Procedures for RBAC (doc#0056) Group Name: WG4(SEC), WG2(ARC) and WG5(MAS) Source: Suresh Nair, Alcatel-Lucent,

Security Considerations

N. Asokan, Kaisa Nyberg, Valtteri Niemi Nokia Research Center

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.

Key Management and Distribution Anand Seetharam CST 312.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

Methods of Tracking Position i Pod Touch – Wi-Fi used to find location by detecting known hotspots. iPhone – Cellular triangulation uses the mobile communication.

Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.

Information Management System Ali Saeed Khan 29 th April, 2016.

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

Jee sook, Eun May 2004 Presented in IEEE 802.1af - key management

NEW PRODUCT INTRODUCTION CONEKT™ Mobile Smartphone Access Control Identification Solution June 2018.

Web Information Systems Engineering (WISE)

Presentation transcript:

© 2013 Marcin Nagy & N. Asokan & Jörg Ott 1 PeerShare: A System for Secure Distribution of Sensitive Data among Social Contacts Marcin Nagy, N. Asokan, Jörg Ott

Motivation Key management is difficult Online social networks popular (provide SSO) Observation: Social networks can be used for authentic public keys distribution (SocialKeys project) Concept: Securely distribute application-specific data to a specific set of social contacts 2

Example applications Exchanging public keys Sharing access point keys Detecting nearby friends ( ) Finding common friends ( ) Authenticity-only vs. authenticity+confidentiality User-specific vs. device-specific data 3

Requirements Threat model –Channel compromise –Unauthorized usage Impersonation Accessing restricted data 4

System design Device PeerShare Service PeerShare communication module Applications Social Network (SN) SN authentication protocol PeerShare master bindings database SN access protocol (eg. Facebook Graph API) PeerShare Server PeerShare protocol (server) 1.SN authentication protocol (e.g. OAuth) 2.PeerShare protocol Social Network App Bindings database PeerShare API 5

Security considerations Channel compromise –TLS Impersonation –User: SN user authentication (e.g. OAuth + SSO) –Server: TLS + certificate “pinning” –Application: e.g. Facebook user access token validation User access control –User specifies authorized recipients –Enforced by server and service-on-device Application access control –Only an application that has created data can access it 6

Minimizing trust on the PeerShare server Trusted-hardware (HSM) –On-board Credentials Application-specific server 7

Sample applications 8 Tethering AppnearbyPeople Technical Report ACSAC 2013 paper Technical Report ACNS 2013 paper

© 2013 Marcin Nagy & N. Asokan & Jörg Ott 9 Questions? Thank you!