Presentation is loading. Please wait.

Presentation is loading. Please wait.

Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES.

Published byBailey Cannon Modified over 11 years ago

Similar presentations

Presentation on theme: "Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES."— Presentation transcript:

1 Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES

2 Our aim: To rethink palm security from scratch

3 u Palm pros: –Cheap –Convenient –Someday ubiquitous –Smartcard alternative? u Palm cons: –Easily stolen –No tamper resistance –Often used for sensitive data –New (sometimes clumsy) style of data entry

4 Despite this, we want: u To prevent unauthorized access u Get good security from low entropy keys u Alert/disable in case of unauthorized access u Achieve functionality like backup in hostile environments

5 Attackers may u Steal devices and copy them surreptitiously u Emulate copied devices completely u See all old transcripts u Do fairly serious computing (2 50 or so…) u Mount some on-line attack

6 Problem with passwords on palm devices u Passwords geared toward keyboards –Palm devices use other data entry u Some studies suggest superiority of visual memory (e.g., Sheperd) u The visual approach... –Jermyn et al., Xerox PARC, Blonder, Perrig, Passfaces –Only Jermyn et al. suitable for palm devices

7 Visual Passwords Your PIN consists of a point on an image (or multiple such) Icons help stimulate the user s memory

8 Visual Passwords Error-tolerance techniques allow user to come only close to point, but security remains maximal Training routine helps fix PIN in user s memory Prototype available

9 Some more problems with passwords Users and passwords don t mix well: –Either too long to be easily memorized (high entropy) –Or too short to be used effectively in naïve manner u For example, AES encryption of credit cards

10 Credit-Card Vault Special non-redundant encryption protects card and bank account numbers with just a PIN -- Protection even against a determined hacker Prototype available

11 Encryption using low-entropy keys u To encrypt a list of PINS: –Select master PIN -- call it M –E[PIN 1 ] = PIN 1 M –E[PIN 2 ] = PIN 2 M, etc. u But a credit card is not so simple: –Has redundancy: Check digit –Unprotected parts may give clues to attacker

12 Accommodate credit-card structure u Idea: Isolate essential digits –Strip away check digit –Strip away bank numbers u Encrypt remaining digits under stream cipher mod 10 –RC4(key) 10 (cc digits) u Note: Decryption with any key yields a valid- looking credit card number

13 Credit-card vault Can we do Social Security Numbers? Names? Addresses?

14 Infrared Palm Lock Small key locks and unlocks PalmPilot Strong key would be inexpensive ($2) to manufacture in quantity

15 Current prototype is conceptual –Static key –20-bit entropy u Evolution: –Static key, 80-bit entropy encryption key –Rolling key, rolling encryption –Bluetooth -- interactive variant Infrared Palm Lock

16 Digital Signing on the Palm Online approaches may suffer from spotty connectivity Palm is convenient platform for signing An offline digital signing key protected with a PIN is vulnerable to attack if palm device is stolen I agree to buy 1000 shares of Enron at $100/share from Ken.

17 Our aim Distinguish attacker–generated signatures from real signatures u Alert authorities of any attacks But make alarm silent –attacker should be unable to distinguish a good signature from a bad one u All with a low-entropy PIN!

18 Funkspiel schematic h s1s1 s2s2 s3s3 s4s4 hh hh h r1r1 r2r2 r3r3 s i = h(s i, i) r i = h(s i, PIN) Incorporate r i into message to be signed Verifier can check correctness of r i

19 Why does this yield silent alarm? h s1s1 s2s2 s3s3 s4s4 hh hh h r1r1 r2r2 r3r3 r2r2 s2s2 ? ? Attacker cant learn s 2 because of one-wayness of h Attacker cant learn PIN because she cant learn s 2 Attacker cant tell whether shes tripping alarm if she signs using s 3

20 Inserting r i into standard scheme u We use RSA-PSS (Bellare-Rogaway) u RSA-PSS supplies random padding of messages to be signed using RSA – to avoid existential forgery u Padding has some random component, some redundancy u We let r i be the random portion

21 The Big Picture u Everybody can verify signatures using standard RSA-PSS Alarm center can check PIN, too, for silent alarm ! Alarm center can, e.g., inform bank if theft suspected

22 LABORATORIES Prototypes available for visual passwords, credit-card vault, and IR key Patents pending on visual passwords

Download ppt "Handball: Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels LABORATORIES."

Similar presentations

Simple and Practical Anonymous Digital Coin Tracing

Simple and Practical Anonymous Digital Coin Tracing
Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.

Ari Juels RSA Laboratories Marty Wattenberg 328 W. 19th Street, NYC A Fuzzy Commitment Scheme.
Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.

Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.

Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.
Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.

Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.
Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.

Client Puzzles A Cryptographic Defense Against Connection Depletion Attacks Most of slides come from Ari Juels and John Brainard RSA Laboratories.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Tutorial 8: Developing an Excel Application

Tutorial 8: Developing an Excel Application
1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.

1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
J. Håstad J. Jakobsson A. Juels M. Yung Funkspiel Schemes: An Alternative to Conventional Tamper Resistance Royal Inst. of Technology, Stockholm RSA Laboratories.

J. Håstad J. Jakobsson A. Juels M. Yung Funkspiel Schemes: An Alternative to Conventional Tamper Resistance Royal Inst. of Technology, Stockholm RSA Laboratories.

Similar presentations

Ads by Google