Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart Phones Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura.

Slides:



Advertisements
Similar presentations
웹 서비스 개요.
Advertisements

Introduction Why do we need Mobile OGSI.NET? Drawbacks:
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
1 Chapter 11: Data Centre Administration Objectives Data Centre Structure Data Centre Structure Data Centre Administration Data Centre Administration Data.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Multimedia Communications Tejinder Judge Usable Security – CS 6204 – Fall, 2009.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Technical Architectures
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Secure Communications … or, the usability of PKI.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Research on access control policy configuration Manya and Shuai.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.
Remote Networking Architectures
Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.
1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.
Customer Sales Presentation Stoneware webNetwork Powered by ThinkServer.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Lesson 3 Introduction to Networking Concepts Lesson 3.
Clinic Security and Policy Enforcement in Windows Server 2008.
Chapter 10: Authentication Guide to Computer Network Security.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Cloud Computing.
AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.
Intranet, Extranet, Firewall. Intranet and Extranet.
Sensors and Actuator Network Based Architectures and Protocols for Smart Homes Bluetooth enabled Smart Home Mark Shaw Giorgio Politano Supervisor: Mieso.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Computing on the Cloud Jason Detchevery March 4 th 2009.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Auditing Information Systems (AIS)
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Computer Emergency Notification System (CENS)
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲 吳俊逸.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
Packet Capture and Analysis: An Introduction to Wireshark 1.
9 Systems Analysis and Design in a Changing World, Fourth Edition.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.
Security Planning and Administrative Delegation Lesson 6.
Virtual Infrastructure By: Andy Chau Farzana Mohsini Anya Mojiri Virginia Nguyen Bobby Phimmasane.
Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart, Secure and Sustainable Home: A Socio-Technological Perspective Aleksandr.
Who Created telephones ? Alexander Graham Bell was an scientist, inventor, engineer and innovator. Also, he is credited for inventing the first telephone.
SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
IS3220 Information Technology Infrastructure Security
Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.
Citrix MetaFrame Conferencing Manager 3.0 Codename – “Opal” Release Date – April 27, 2004.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
CS 325: Software Engineering
Module 8: Networking Services
Goals Introduce the Windows Server 2003 family of operating systems
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart Phones Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Smart Phones Device-enabled authorization in the Grey system(2005)  Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, Peter Rutenbar Lessons learned from the deployment of a smartphone-based access-control system(2007)  Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kami Vaniea Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Introduction Grey is a flexible platform that provides ubiquitous access control to both physical and virtual resources, via smartphones. At the core is a flexible and provably sound authorization framework based on proof- carrying authorization( PCA), extended with a new distributed proving technique that offers significant efficiency and usability advances

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Introduction (continued) Delegates authority in a convenient fashion. Relies on cryptographic key management. Also incorporates capture resilience Takes advantage of Bluetooth, cellular data (GPRS), and messaging protocols (SMS and MMS)

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech COMPONENTS Graphical Identifiers Capture-Resilient Cryptography Proof-Carrying Authorization

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Graphical Identifiers Person  Photograph – less failure-prone Public Key  Two-dimensional barcode of the hash Network Address  Two-dimensional barcode of the address  Circumvent the high-latency of device discovery in Bluetooth

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Capture-Resilient Cryptography Protects the phones private key by using a remote capture-protect server User can disable the key if the phone has been lost or can temporarily disable to protect from dictionary attacks Server is an untrusted space  user’s key information is not passed back and forth Decentralized system  each user can use their own server (i.e., desktop computer)

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Proof-Carrying Authorization Utilizes formal logic directly in the implementation of the system. Directly manipulates fragments of the logic and represents credentials/proofs of access as constructed in formal logic. Contains an automated theorem prover and checker Client is responsible to prove that access should be granted

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech USAGE SCENARIOS

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Alice Bob

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

SOFTWARE ARCHITECTURE Graphical User Interfaces Prover Verifier Communication Framework Performance

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Graphical User Interfaces Phone  Address Book  Access requests to a resource  Reactive policy creation Computer  Groups  Roles  Policy Creation

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Prover Distributed proving  Eager – completely unable to make progress  Lazy - ask for help as soon as he isolates a theorem that someone else might help with

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Prover

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Verifier Simple, lightweight, and device independent

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Communication Framework Support for multiple transport layers Reliable, flexible message routing Light user burden

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Communication Framework Application Layer Management Layer Carriers

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Performance

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech PILOT APPLICATIONS Office Access Windows XP Login

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Office Access Enables access to office doors Standard electrical door strike and embedded PC (4.55×3.75×1.70 inches).  Bluetooth and RS-485 relay controller

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Windows XP Login

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech LESSONS LEARNED

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Introduction 9 months and 19 participants Periodic interviews and logs generated by the system Principles of concern:  Usability downfalls  Network effects  New flexibility  End use behavior

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Floor Plan

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Users Faculty, staff, students in the building 19 users Demographics:  6 CS and ECE  3 Technical Staff  1 Administrative Staff  16 male and 3 female

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Procedure Conducted an initial interview Given the phone Basic Instructions Interviewed in a month and then every 4 to 6 weeks  All at desk or conference room

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Data One year of data 19,500 Grey and 236,900 total access attempts Video of 70 accesses 30 hours of interview data Resources: 7.4 average (15 max, 2 min) Users: 5.7 average (11 max, 3 min) 18 still use the system

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Lessons Learned 1. Perceived speed and convenience are critical to a user’s satisfaction and acceptance 2. A single failure can strongly discourage adoption 3. Users won’t user features they don’t understand 4. Systems that benefit from the network effect are often untenable for small user populations 5. Low overhead for creating and changing policies encourages policy change 6. Unanticipated uses can bolster acceptance

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Perceived speed and convenience are critical to a user’s satisfaction and acceptance

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech A single failure can strongly discourage adoption Getting locked out caused user to go from 28 system requests to 7 Delegation took so long that users thought it was broken Lent someone their phone

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Users won’t user features they don’t understand Passed up more effective ways of delegation for simpler to use

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Systems that benefit from the network effect are often untenable for small user populations To really start to be able to do amazing thing you need large user population and installation base

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Low overhead for creating and changing policies encourages policy change Role based key policy of students, staff, and faculty Spare and hidden keys Delegation more casual, 11 received access to resource they did not have before Users ideal policy for 95% of access controls

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Unanticipated uses can bolster acceptance Could open doors from the inside Satisfying clicking noises the door made

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Discussion Why do technical users behave like non technical users? What access problems does this technology introduce? Is a smart phone the correct device to use? Is there a better distributed server system than desktop computers?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.