• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Mobile device security using transient authentication
 

Mobile device security using transient authentication

on

  • 151 views

Presentation based on the paper:

Presentation based on the paper:
Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner, and Brian D. Noble

Statistics

Views

Total Views
151
Views on SlideShare
151
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Mencionarquefoifeitoemconjunto com a National Security Agency e a US – National Science Foundation
  • In Slide Show mode, click the arrow to enter the PowerPoint Getting Started Center.

Mobile device security using transient authentication Mobile device security using transient authentication Presentation Transcript

  • Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner and Brian D. Noble Apresentação por: Paulo Martins 65929 MERC Filipe Tavares 65898 MEIC IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
  • Motivation
  • Goal Proximity Security PowerPoint 2013
  • Challenges • Tie Capabilities to Users • Do No Harm • Secure and Restore on People Time • Ensure Explicit Consent
  • Challenges & Requirements • Tie Capabilities to Users • Detect the presence of authorized users • Do No Harm • The system must not require the user’s interaction • When the user arrives the device must restore itself before the user can even notice it was blocked
  • Challenges & Requirements • Secure and Restore on People Time • When the user leaves the device must secure itself before the attacker would have the change to physically extract any information • Ensure Explicit Consent • The system must not be vulnerable to physical-possession attacks • Ensure that the user’s device is indeed talking to the user’s Token • The token is not communication with any other devices without the user’s consent
  • Challenges & Requirements • Other Requirements • Must not require extra Hardware
  • Related Work • Disable keyboard and Mouse: • Vulnerable to physical-possession attacks - Ensure explicit consent • Biometric information: • Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users physically – Do No Harm • Iris Scan – Requires the three cameras – Extra hardware • Erasable Memory: • Requires special hardware – Extra Hardware
  • Solution • Token System • Securing State • Token Authentication • Key Management and Binding
  • Solution – Token Authentication and Binding
  • Solution – Securing State • Persistent Storage • Virtual Memory • CPU and Chipset Registers and Caches • Peripherals • Displays
  • Implementation Securing File Systems • Using ZIAfs (Zero-Interaction File System) • Uses in per-directory keys Physical Memory • Encrypts main memory in-place - Kmem
  • Implementation Swap Space • Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption. • Never encrypt the pages of critical processes. • The system must ensure that the encryption keys are pinned in memory.
  • Implementation • Video • Lock Mouse and Keyboard • Blank the frame buffer via Display Manager • Application-Aware Mechanisms • Identify some key processes, that may not be able to survive the hibernation process or that handle sensitive data
  • Implementation – Example of Application
  • Evaluation • IBM ThinkPad x24 Notebook – Linux kernel 2.4.20 • • 256MB RAM • • 1.113 GHz Intel Pentium III 30GB IDE Disk Drive – 12ms average seek time Compaq iPAQ 3870 – Familiar Linux • 206 MHz StromARM • 64MB SDRAM • 32MB Flash ROM
  • Evaluation – File System Copy a source tree, traversing the tree and its contents and compiling it
  • Evaluation – Physical Memory 1. Freeze execution of all running processes 2. Encrypt in-place memory the physical memory pages of the frozen processes 3. Overwrite freed pages and other shared kernel buffers • 200MB Memory allocated • 10 Runs (On average 46,740 pages)
  • Evaluation – Physical Memory Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place
  • Evaluation – Swap Space
  • Evaluation – Microbenchmark
  • Evaluation – Video & AAM
  • Evaluation – Video & AAM
  • Do you have any Thank You Questions?