Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Applications with Transient Authentication Mark Corner and Brian Noble University of Michigan - EECS Department

Published byNora Allison Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting Applications with Transient Authentication Mark Corner and Brian Noble University of Michigan - EECS Department"— Presentation transcript:

1 Protecting Applications with Transient Authentication Mark Corner and Brian Noble University of Michigan - EECS Department http://mobility.eecs.umich.edu

2 Scenario: Losing Your Laptop Imagine rushing to a talk and leaving your laptop in a taxi cab A finder may be malicious, may not be What do you do in the interim? buy a new machine---not really a big deal just like credit cards you should cancel all your passwords what about your web cache? what about your account numbers?

3 Tension in Proving Identity The device can ask for proof once and never ask again finder assumes the full rights of the user The device can continuously ask users would not tolerate such a system A compromise is to ask periodically Current authentication methods do not resolve this tension hedge on the side of less security and more usability Need something to provide constant proof without user burden More Secure Less Usable More Usable Less Secure Frequency of Proof

4 Solution: Constant but Invisible Authentication Transient Authentication protect data by constantly authenticating user keep usable by having something answer for the user Authentication token: provides this ability worn by user to prove proximity enough computational power for small cryptographic tasks communication via short-range wireless network Challenge Response

5 Outline Trust and Threat Model Principles of Transient Authentication Tie capabilities to users Do no harm Secure faster than attackers Ensure explicit consent Transient Authentication for Applications Application-Transparent protection Application-Aware protection Related work and Conclusions

6 Trust and Threat Model Focus on foiling physical possession or proximity inspection and removal of disk, probing physical memory exploitation of wireless link eavesdropping, modification, insertion Cannot protect against certain kinds of attacks trojan horses denial of service trusted, but malicious, users Do not protect against these, yet defenses exist wormhole attacks residual charge attacks

7 Tie Capabilities to Token Require token to decrypt device’s data device alone is useless, regardless of physical attacks Tokens have limited computation, (slow) wireless link tokens cannot decrypt data directly never expose root capability, key-encrypting keys only transmit data key

8 Tie Capabilities to Token Require token to decrypt device’s data device alone is useless, regardless of physical attacks Tokens have limited computation, (slow) wireless link tokens cannot decrypt data directly never expose root capability, key-encrypting keys only transmit data key

9 Tie Capabilities to Token Require token to decrypt device’s data device alone is useless, regardless of physical attacks Tokens have limited computation, (slow) wireless link tokens cannot decrypt data directly never expose root capability, key-encrypting keys only transmit data key

10 Tie Capabilities to Token Require token to decrypt device’s data device alone is useless, regardless of physical attacks Tokens have limited computation, (slow) wireless link tokens cannot decrypt data directly never expose root capability, key-encrypting keys only transmit data key

11 Tie Capabilities to Token Require token to decrypt device’s data device alone is useless, regardless of physical attacks Tokens have limited computation, (slow) wireless link tokens cannot decrypt data directly never expose root capability, key-encrypting keys only transmit data key

12 Zeroed Data Just Faster than Attackers When token does not answer assume user is absent, protect all keys/data Protection doesn’t have to be instantaneous just faster than attackers, people are slow TA has two alternatives: flush vs. encrypt flush is faster than encrypt on departure filling data is potentially slow or require user intervention encrypt is slower to protect, but faster on return Secret User Departs

13 Do No Harm Key acquisition costly (~10ms) too expensive to pay on every use of data overhead would be prohibitive without optimization Some techniques hide/avoid cost cache data keys pre-fetch fresh keys Optimizations reduce laptop/token interactions loss of interaction -> user has left add periodic polling to refresh authentication

14 Ensure Explicit Consent Could keep users entirely out of the loop complete transparency == complete loss of control Consider the “tailgater” attack thief steals my advisor’s laptop thief sits behind me advisor’s laptop asks for key-encrypting key my token transparently responds Solution: provide explicit binding between tokens/devices this user means to use that laptop can be infrequent, e.g. once a day

15 Application Protection Protections for file systems exist: ZIA (Mobicom ‘02) Protecting file systems is not enough data read from file system into address space (and read from network, and typed by user, and …) Mobile devices are typically always on or suspended ephemeral state always vulnerable Possible attacks on memory space OS interfaces probing memory bus

16 Application-Transparent Protection Simple solution: encrypt entire memory space suspend processes & encrypt in-memory state on departure decrypt state & resume processes on return encrypt and decrypt 216MB state in <10s Brute-force approach may be overkill not all applications are sensitive not all application state is sensitive application might know the difference could perform useful, non-secure work

17 Application-Aware Protection Through an API give applications ability to continue to execute manage their own secrets gain information about user proximity Services provided to application register departure/return callbacks request decryption/encryption of buffer with master key obtain fresh keys Application/designer responsible for identifying sensitive state/operations tying capabilities to token

18 Modified Applications Three examples: PGP Email, SSH suite and Mozilla most difficult application: many secrets, large code base secrets: passwords, cookies, SSL keys, memory cache

19 Mozilla Modifications Minimal code modifications (4200 line patch file) a month of “Mozilla novice” effort SSL Session Keys and Memory Cache stored in memory encrypted if user leaves and decrypted when user returns Cookies, Cached Passwords stored encrypted on disk encryption key forgotten by laptop, retrieved using token

20 Evaluation Overview: Mozilla Wanted to answer a few questions what overhead does TA impose? how long does it take to secure/restore secrets? Prototype System client system: IBM Thinkpad X24 PIII 1.1GHz, 256MB token system: Compaq iPAQ 3870 Strongarm 200MHz connected by Bluetooth

21 Evaluation: Protecting Mozilla Typical page load overhead <150ms, can be further optimized Protect/Restore Times: Protect, secRestore, sec Memory Cache0.222 (0.002) 0.222 (0.004) SSL Keys0.003 (0.000) 0.074 (0.006) Passwords + Cookies N/A0.066 (0.005)

22 Application-Aware Limitations Applications must be modified Application designers must identify all the secrets Leaked memory may contain secrets Freed memory may contain secrets OS can scrub free pages free/delete can be intercepted to scrub Secrets may be passed to other applications Myers and Liskov language support may hold promise

23 Related work Proximity Detection Landwehr locks input based on proximity beacon Provos encrypted virtual memory focuses on swap using short term keys Secure coprocessors, smart cards, XOM processor all use physical security to protect secrets do not solve authentication question performance/cost implications

24 Conclusions Usually, your machine has the long-term authority to act as you Transient Authentication user retains long-term authority to decrypt sensitive data laptop holds only transient authority defends against physically losing a laptop Does not change user behavior only user-visible action at (infrequent) login time Protects and restores machine quickly Can protect application’s secrets in milliseconds

25 Lost Laptops Bad and getting worse 1.36 million lost in 2000, of those 387,000 stolen 591,000 stolen in 2001 Seattle-Tacoma Airport found 204 laptops in three months Several high profile cases Irwin Jacobs lost a laptop containing 2 years of financials MI6 agent left a laptop in a taxi containing field methods Department of State laptop with nuclear proliferation secrets all were insecure

26 Mozilla Modifications

Download ppt "Protecting Applications with Transient Authentication Mark Corner and Brian Noble University of Michigan - EECS Department"

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Zero-Interaction Authentication April 15, 2003 Mark D.Corner, Brian D. Noble Presented by Seong Oun Hwang CS744 Special Topics in System Architecture:

Zero-Interaction Authentication April 15, 2003 Mark D.Corner, Brian D. Noble Presented by Seong Oun Hwang CS744 Special Topics in System Architecture:
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
15-446 Networked Systems Practicum Lecture 12 – Privacy 1.

Networked Systems Practicum Lecture 12 – Privacy 1.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Department of Electrical & Computer Engineering Advisor: Michael Zink.

Department of Electrical & Computer Engineering Advisor: Michael Zink.
Zero-Interaction Authentication Mark Corner Brian Noble

Zero-Interaction Authentication Mark Corner Brian Noble
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Similar presentations

Ads by Google