Dan Boneh with Monica Lam, David Mazieres, John Mitchell, and many students. Security for Mobile Devices NSF Site Visit, June 2010.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Guru Parulkar Knowledge Transfer and Impact NSF Site Visit, June 2010 POMI 2020.
POMI in Education NSF Site Visit, June 2010 Paul Kim Stanford University POMI 2020.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Expedition Overview NSF Site Visit, June 2010 Nick McKeown Stanford University POMI 2020.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
A Non-Proprietary Social Internet Monica Lam MobiSocial Computing Laboratory Stanford University With Ben Dodson, Michael Fischer, T. J. Purtell, Ian Vo.
Wireless Security: A Search for Public and Secure Wireless networks Kory Kirk.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Android Mobile Security Krystal Salerno. Introductions.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Mobile Usage Patterns and Privacy Implications Michael Mitchell March 27, 2015 Ratnesh Patidar, Manik Saini, Parteek Singh, An-I Wang Florida State University.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Chapter 11 Message Authentication and Hash Functions.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
Digital Signatures and Digital Certificates Monil Adhikari.
science/internet-intro
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Security Outline Encryption Algorithms Authentication Protocols
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Welcome To : Group 1 VC Presentation
TRUST:Team for Research in Applied Cryptography
Presentation transcript:

Dan Boneh with Monica Lam, David Mazieres, John Mitchell, and many students. Security for Mobile Devices NSF Site Visit, June 2010 POMI 2020

POMI Research Agenda Applications Data & Computing Substrate PrPl, Junction and Concierge Radio technology Economics Cinder: Energy aware, secure OS secure apps UI HW Platform Network Substrate Software Defined Network & OpenFlow Handheld Infrastructure

platform security secure apps POMI mobile security work Snap2Pass and Snap2Pay [DSBL’10] A password manager for mobile devices [BBBB’09] Android security: ASLR on Android [BB’10] Unlocking phones using cheap tokens [BB’10] Preventing tap-Jacking attacks on mobile web sites [RBB’10]

Joint work with Arvind Narayanan, Narendran Thiagarajan, and Mugdha Lakhani Location services without big brother

Location-based social networking Finally taking off?

Proximity Alerts Detect when friends are nearby (e.g. Loopt) Today: 24/7 user tracking by server Our privacy goals: When not nearby, friends don’t see your location Server never sees your location Building block for more complex functionality

Proximity alerts: applications Granularity must be user-configurable

How we arrived at this problem POMI barrier #1: reliance on big brother PrPl effort: social networks with privacy Many discussions with PrPl participants: Can we make location-based services private? Similarly, can we do private targeted advertising? (NDSS’10) Other results from the interaction: QR codes for better user authentication [DSBL’10] Unlocking a phone using cheap tokens [BB’10]

Reducing proximity test to equality test

Equality testing Space of possible locations is small! (32 bits) Method 1: protocol based on public-key encryption (Lipmaa) Heavy computation: impractical for proximity of all friends xy = ? Requires shared secret keys between pairs of friends

Our approach An efficient protocol with server participation Trust assumption: server does not collude with your friends x y r ( x – y ) Total traffic: 24 bytes, easy computation ?? no one knows r

Problem: online brute-force attack If only there were a way to verify that a user really is where they claim to be… Solution: location tags (for small granularity)

Properties of location tags Location tag = vector + matching function i.e., space-time fingerprint Unpredictability cannot produce matching tag unless nearby Reproducibility two devices at same place & time produce matching tags (not necessarily identical)

Location tags using WiFi packets Discard packets like TCP that may originate outside local network DHCP, ARP, Samba etc. are local 15 packets/sec on CS/EE VLAN Two different devices see about 90% of packets in common Comparing location tags: privately test if intersection > 90%

Android implementation

Future work Many location privacy questions: Private location based advertising Private location based search Private location statistics