Dan Boneh with Monica Lam, David Mazieres, John Mitchell, and many students. Security for Mobile Devices NSF Site Visit, June 2010 POMI 2020
POMI Research Agenda Applications Data & Computing Substrate PrPl, Junction and Concierge Radio technology Economics Cinder: Energy aware, secure OS secure apps UI HW Platform Network Substrate Software Defined Network & OpenFlow Handheld Infrastructure
platform security secure apps POMI mobile security work Snap2Pass and Snap2Pay [DSBL’10] A password manager for mobile devices [BBBB’09] Android security: ASLR on Android [BB’10] Unlocking phones using cheap tokens [BB’10] Preventing tap-Jacking attacks on mobile web sites [RBB’10]
Joint work with Arvind Narayanan, Narendran Thiagarajan, and Mugdha Lakhani Location services without big brother
Location-based social networking Finally taking off?
Proximity Alerts Detect when friends are nearby (e.g. Loopt) Today: 24/7 user tracking by server Our privacy goals: When not nearby, friends don’t see your location Server never sees your location Building block for more complex functionality
Proximity alerts: applications Granularity must be user-configurable
How we arrived at this problem POMI barrier #1: reliance on big brother PrPl effort: social networks with privacy Many discussions with PrPl participants: Can we make location-based services private? Similarly, can we do private targeted advertising? (NDSS’10) Other results from the interaction: QR codes for better user authentication [DSBL’10] Unlocking a phone using cheap tokens [BB’10]
Reducing proximity test to equality test
Equality testing Space of possible locations is small! (32 bits) Method 1: protocol based on public-key encryption (Lipmaa) Heavy computation: impractical for proximity of all friends xy = ? Requires shared secret keys between pairs of friends
Our approach An efficient protocol with server participation Trust assumption: server does not collude with your friends x y r ( x – y ) Total traffic: 24 bytes, easy computation ?? no one knows r
Problem: online brute-force attack If only there were a way to verify that a user really is where they claim to be… Solution: location tags (for small granularity)
Properties of location tags Location tag = vector + matching function i.e., space-time fingerprint Unpredictability cannot produce matching tag unless nearby Reproducibility two devices at same place & time produce matching tags (not necessarily identical)
Location tags using WiFi packets Discard packets like TCP that may originate outside local network DHCP, ARP, Samba etc. are local 15 packets/sec on CS/EE VLAN Two different devices see about 90% of packets in common Comparing location tags: privately test if intersection > 90%
Android implementation
Future work Many location privacy questions: Private location based advertising Private location based search Private location statistics