Presentation on theme: "Capture Resistance in Mobile Devices Jeffrey Hui - csc586a summer03."— Presentation transcript:
Capture Resistance in Mobile Devices Jeffrey Hui - csc586a summer03
Outline Definitions How safe is your mobile device? Existing capture resistance technologies Technologies for early adopters Future Research
Your network is only as secured as your weakest link. If your mobile device is lost or stolen, it might become the weakest link due to its software setup or sensitive data. Capture resistance is technologies that protect the mobile data in a captured device. Mobile devices are computing devices that can be unplugged from the wall, e.g. notebooks, PDAs, cell phones. They have enough CPU horsepower to run network- centric software or components, e.g. VPN, workflow automation…etc.
Loss/Theft Statistics In the US, 53% more notebooks were stolen in 2001 than 2000. – Safeware Insurance Group …208,000 notebooks with a value of nearly $640 million were reported stolen in 2000. – InformationWeek …2,900 notebooks, 1,300 PDAs and over 62,000 mobile phones have been left in Londons taxi cabs in…6 months with an average of 3 phones per taxi. - TECS A recent study conducted by the FBI found that 57% of computer crimes were linked to stolen computers that were then used to break into computer servers later on. – SC Magazine The FBI lost 184 notebooks along with a number of weapons. At least 14 of the laptops were believed to have been stolen and one contained classified information of two closed cases. - USA Today
Mobile Data PersonalEmails, family pictures, eCash. DoctorPatient records. EngineerNew product spec, VPN client. ExecutivePrivate key for e-signature, earnings reports. ResearcherResearch data, results. PoliceInvestigative data.
Capture Resistance Technologies Tracking Self-destruct files 2+ Factor Encryption Biometric systems Private key that supports disabling
Tracking A stealth agent that resides in a mobile device, and periodically contacts a monitoring center by modem or IP [Cotichini & Cain]. If by modem, monitoring center will record the incoming caller id. If by IP, the devices traceroute is recorded.
Agent Technical Details Implemented like a virus. A sub-loader in the boot sector loads the agent before the OS. Cloaking techniques (rootkit) intercept OS read and write calls to prevent detection and deletion. Alternatively, agent can be implemented in BIOS or ROM extensions, e.g. Toshiba/Computrace.
Self Destruct Files The same stealth technique can be used for remote delete. The monitoring center can send a remote delete command when the agent calls in from a stolen device. The agent will delete the data directory in the background over several hours to avoid detection.
Encryption Self-destruct files might not work 100%. Strong encryption should be used for all sensitive data on mobile devices.
Problem Many applications already support encryption. But few people use them as they are tedious. Automatic encryption utilities based on the login password are available but susceptible to offline dictionary attacks. Last week, new offline attack based on Oechslin broke 99.9% of alphanumeric passwords in 13.6s.
2+ Factor Authentication & Encryption What you know. What you have. What you are.
What you Know Password + salt is harder to break than even non-dictionary alphanumeric passwords.
What you have A symmetric key stored in a separate object, e.g. smart card, RFID chip, USB memory key…
What you are Biometric systems are emerging as the third factor of authentication & encryption, e.g. fingerprints, hand geometry, iris scans, facial recognition, voice recognition, facial temperature… Potentially much harder to forge.
Issues of Biometric Systems Current biometric systems still have non-zero FRR and FAR. Certain fingerprint patterns cause high FAR. Glasses and certain camera angles decrease accuracy of facial recognition. Matsumoto demonstrated that he could make gelatin fingers using latent fingerprints on a wine glass. He then successfully cheat 11 commercial fingerprint sensors over 80% of the times. Researchers propose fusion of 2-3 biometric systems.
Improvement Experiments show that sum rule at the matching module (weighted average of scores from multiple modalities) gives one of the best improvements to FAR and FRR. With 50 users and 3 modalities, the FAR is 0.03% and FRR is 1.78%. [Ross & Jain]
2+ Layered Encryption V = E(m) password + salt V = E(v) external token key V = E(v) biometric vector hash @ time 0
Private Key in Mobile Device Electronic signature acts have been passed in many countries. Private keys will become more ubiquitous in mobile devices for digital signature, eCash, decrypting workflow documents, emails…etc.
Limitation of CRL & OCSP Imagine your boss sends you a confidential document encrypted using your public key. After you retrieve the document, your PDA is stolen. Even if you request the CA to revoke the public certificate, there is no way to prevent the adversary from reading your confidential document with the captured private key.
Private Key that Supports Instantaneous Disabling Security Mediator (SEM) architecture using an online semi-trusted server [Boneh & Ding]. Based on Mediated RSA (mRSA), a variant of RSA that splits a private key into 2 parts using threshold cryptography. mRSA transparent to RSA public key users.
Conclusion & Future Research Firewall makes it safe for Networked PC in every home. Capture resistance technology will be a must before Networked mobile device in every pocket becomes a reality. Location aware security. Smart intrusion detection agent for self-destruct files. Less intrusive & more accurate biometric systems.
References 1.C. Cotichini, F. Cain, US Patent 6,300,863, 1998. 2.D. Boneh, X. Ding, G. Tsudik, C. Wong, A Method for Fast Revocation of Public Key Certificates and Security Capabilities, USENIX Security Symposium 2001. 3.A. Ross, A. Jain, Information Fusion in Biometrics, 2002. 4.L. Gong, M. Lomas, R. Needham, J. Saltzer, Protecting Poorly Chosen Secrets from Guessing Attacks, IEEE Journal on Selected Areas in Communications, Vol. 11, No.5, June 1993. 5.P. MacKenzie, M. Reiter, Networked Cryptographic Devices Resilient to Capture, DIMACS May 2001.