Keypad: Auditing Encrypted Filesystem for Theft-prone Devices Roxana Geambasu John P. John Steve Gribble Yoshi Kohno Hank Levy University of Washington.

Slides:



Advertisements
Similar presentations
Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.
Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Objectives Overview Define an operating system
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Zero-Interaction Authentication April 15, 2003 Mark D.Corner, Brian D. Noble Presented by Seong Oun Hwang CS744 Special Topics in System Architecture:
Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004.
Towards Application Security On Untrusted OS
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Building an Encrypted and Searchable Audit Log 11th Annual Network and Distributed Security Symposium (NDSS '04); 2004 February 5-6; San Diego; CA. Presented.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Towards a Safe Playground for HTTPS and Middle-Boxes with QoS2 Zhenyu Zhou CS Dept., Duke University.
Modularizing B+-trees: Three-Level B+-trees Work Fine Shigero Sasaki* and Takuya Araki NEC Corporation * currently with 1st Nexpire Inc.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
File-Mate 1500 Design Review II
Troubleshooting Windows Vista Security Chapter 4.
Explain the purpose of an operating system
Protecting Data on Smartphones and Tablets from Memory Attacks
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Agenda Introduction. Design. Trust and Threat Model. Key-Encrypting Keys. Token Vulnerabilities. Token-Laptop Interaction. Assigning File keys & Handling.
Amit Warke Jerry Philip Lateef Yusuf Supraja Narasimhan Back2Cloud: Remote Backup Service.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Wireless and Mobile Security
King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.
Chapter 9 Operating Systems Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet.
Manish Kumar,MSRITSoftware Architecture1 Remote procedure call Client/server architecture.
Introduction TO Network Administration
CSCE 201 Identification and Authentication Fall 2015.
Overview on Web Caching COSC 513 Class Presentation Instructor: Prof. M. Anvari Student name: Wei Wei ID:
SDSM IN MOBILE CLOUD COMPUTING By- ID NO-1069 K.C. SHARMILAADEVI Sethu Institute Of Tech IV year-ECE Department CEC Batch: AUG 2012.
Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.
DISCOVERING COMPUTERS 2018 Digital Technology, Data, and Devices
Web Applications Security Cryptography 1
Outline The basic authentication problem
Password Management Limit login attempts Encrypt your passwords
Outline What does the OS protect? Authentication for operating systems
Tutorial on Creating Certificates SSH Kerberos
Outline What does the OS protect? Authentication for operating systems
I'm Kenichi Kourai from Kyushu Institute of Technology.
Uses Of Encryption Algorithms
Meltdown / Spectre issue?
CSE 451: Operating Systems Winter Module 22 Distributed File Systems
Distributed File Systems
Distributed File Systems
Hiding Information, Encryption, and Bypasses
CSE 451: Operating Systems Spring Module 21 Distributed File Systems
Distributed File Systems
CSE 451: Operating Systems Winter Module 22 Distributed File Systems
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Distributed File Systems
Distributed File Systems
Presentation transcript:

Keypad: Auditing Encrypted Filesystem for Theft-prone Devices Roxana Geambasu John P. John Steve Gribble Yoshi Kohno Hank Levy University of Washington

The Move to Small, Powerful, Mobile Devices Small, powerful mobile devices are replacing desktops Mobile devices bring important advantages:  Location-based services, mobile web  Constant connectivity, data access, 2 DesktopSmall mobile devices

The Problem with Mobile Devices Mobile devices are prone to theft and loss  500K laptops per year are lost in US airports [Ponemon Institute '09] Mobile device theft/loss exposes sensitive data  SSNs, financial data, health data, trade secrets, state secrets, … 3

Is Encryption Sufficient? Encrypting files on a mobile device increases security  E.g.: BitLocker, PGP Whole Disk Encryption, TrueCrypt, … But is encryption enough? 4

Problem 1: Encryption can and does fail  Security and usability are at odds “Johnny can’t encrypt” [Whitten, Tygar '99] Users set guessable passwords, reuse them [Gaw, Felten '05], [Imperva '10] Users leave smartcards inside laptops [Caveo '03]  Hardware attacks are possible Cold-boot attacks [Halderman, Schoen, Heninger, et.al. '08] TPM attacks [Anderson, Kuhn '96] Problem 2: When encryption fails, it fails silently  User cannot know whether or not the data was compromised Problems with Encryption 5

After a device is stolen or lost, we want to:  know whether or not the data was compromised  know exactly what data was compromised  prohibit future compromises once the user detects theft We want strong auditing guarantees:  Even if thief turns off network (unlike Apple MobileMe, Intel AT)  Even if thief tampers with the device  Without impacting usability 6 Our Goals time T notice audit compromises prohibit future compromises T loss

Provides fine-grained remote access auditing and control Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses Keypad: An Auditing Encrypted File System 7 T notice T loss user File F get file F ’s key file F ’s key audit server audit log access file F Keypad FS

Provides fine-grained remote access auditing and control Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses Keypad: An Auditing Encrypted File System 8 T notice T loss File F get file F ’s key file F ’s key thief audit server audit log access file F Any compromise leaves a forensic trail on the server. Keypad FS

Provides fine-grained remote access auditing and control Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses Keypad: An Auditing Encrypted File System 1. Disable keys for my laptop 2. What’s been accessed since 5pm? My laptop is gone!! audit server audit log T notice T loss

Provides fine-grained remote access auditing and control Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses Keypad: An Auditing Encrypted File System audit server audit log T loss : 5pm 4:10pm: calendar.cal 4:05pm: picture2.jpg 4:00pm: picture1.jpg T notice : 6pm 5:10pm: tax2011.pdf 5:05pm: ccard.txt 10 auditor Compromised files.

Keypad FS Keypad’s Architecture application mobile device file operations ( read, write, rename,...) audit server (trusted) audit server (trusted) e.g., /home/ccard.txt time: ID F audit log ID F filename filename table RFRF ID F key requests ( on read, write ) OK ID F, filename filename registrations (on create, rename ) 11 ID F RFRF key table file F ’s internal header ( ID F is a long, random number) file F ’s contents, encrypted with symmetric key L F E ( L F ) RFRF E ( F ) LFLF ID F

Challenge 1: Performance over mobile networks  Mobile networks have huge RTTs (e.g., 300ms for 3G) Challenge 2: Disconnected data access  Disconnection is rare (WiFi, 3G, 4G), but it happens Keypad’s design includes novel techniques to address challenges while preserving strong auditing semantics  Short-term key caching  Localized key prefetching  Key preallocation  Key derivation Huge Practical Challenges 12  Limited scope/granularity  IBE-based filename registrations  Device pairing ……

1. Optimizing key requests:  Standard techniques: key caching, prefetching, preallocation, …  2 order of magnitude improvement (compilation now takes 8 min) 2. Optimizing filename registrations:  After key optimizations, 56% of the time goes to registrations!  Next: optimizing filename registrations with strong semantics Challenge 1: Performance Over Mobile Networks 13 audit server time: ID F audit log ID F filename filename table ID F RFRF key table Keypad FS application mobile device file ops ID F E ( F ) LFLF E ( L F ) RFRF 2. filename registrations (on create, rename ) 1. key requests ( on read, write ) network (e.g., 3G)

Strong semantics requires up-to-date filenames on the server for any compromised file ID Name Registrations: Semantics/Performance Tradeoff 14 audit server time: ID F audit log ID F filename table ID F RFRF key table filename ID F was compromised! T loss T notice ??? old filename e.g.: /tmp/IRS_form.pdf instead of /home/my_taxes.pdf

Two Options for Filename Registrations 15 Blocking registrations Non-blocking registrations filename OK Poor semantics Good performance ? Good semantics Poor performance time Device Audit server create/rename F write F read F write F 300ms! filename OK T loss read F time DeviceAudit server write F read F write F create/rename F T loss read F (thief) (user)

How to Have Your Cake and Eat It Too 16 filename time DeviceAudit server write F read F write F filename create/rename F T loss read F Good semantics Good performance (user) (thief) OK Our Idea: Do non-blocking registration But if it fails, force the thief to reveal the filename in order to access the file! The Challenge: How do we force the thief to tell us the filename?  Thief might lie to mislead user  E.g., declare /tmp/download instead of /home/ccard.txt

One Solution: Identity-based Encryption (IBE) We develop a protocol for both efficient and secure filename registrations that relies on IBE IBE background [Boneh, Franklin '01] :  A client can encrypt data using any string as the public key  A designated server can produce a private key for any public key  To decrypt, client must provide public key to get private key Our protocol uses the filename as the public key 17

IBE-Based Filename Registrations (Intuition) Wrap encrypted L F with IBE using filename as the public key *  Only the audit server can compute the private IBE key Thief must provide the true filename to server to obtain L F !  Lying about the filename prevents file access For performance, we cache L F in memory for one second  Normally, user workloads will not block waiting for private key 18 ID F E ( F ) LFLF IBE_E (E ( L F )) RFRF filename E ( L F ) RFRF file header file contents * A nonce is also included in the IBE public key for security.

Summary of Filename Registration Protocol Our protocol enables both efficient (non-blocking) filename registrations and strong semantics Idea: Force the thief to reveal the true name of a file in order to access it We use IBE in a unique way:  It is typically used for confidentiality  We use it for auditing 19

Keypad Implementation We built the Keypad file system on Linux  We augment EncFS with auditing and remote control  The audit server runs on Google’s AppEngine I used Keypad for several weeks with 3G emulated latencies  Overall experience was positive – Keypad absorbs most latency We measured Keypad with many workloads and metrics  Microbenchmarks, Andrew benchmark, popular applications 20

300 Apache Compilation Time (seconds) Network RTT (ms) – logscale IBE’s Performance Impact Apache Compilation Time (seconds) Network RTT (ms) – logscale Disable IBE Enable IBE Keypad

So, Is Keypad Practical? ApplicationTask Time (seconds) Baseline (EncFS) Keypad WiFi3G OpenOffice Word Processor Launch Save as Open Firefox Launch Save a page Open tab0.2 Thunderbird Launch Read Quit0.2 Evince PDF Viewer Launch0.1 Open document Quit0.0 22

Challenge 2: Audited Disconnected Access Keypad’s design relies on network connectivity for auditing! Our observation: today’s users carry multiple devices  E.g.: laptop, phone, iPad, Kindle Paired-device Keypad extension uses one device to enable audited disconnected access on another device 23 bluetooth keys, filenames hoard keys batch filenames and access logs File F audit server partial access log partial key & filename tables

Paired-Device Implementation We modified Keypad to support device pairing  Simple Python daemon runs on an Android Nexus One phone Bonus: device pairing can improve 3G/4G performance  Bluetooth is one order of magnitude faster than 3G  We designed strong-semantics performance improvements  44% improvement on 3G over the results we have seen before 24 keys, filenames hoard keys batch filenames and access logs File F audit server bluetooth 3G

Summary Traditional encryption systems fail silently Keypad enhances encrypted file systems with:  Fine-grained file access auditing after theft  Remote access control even in the absence of network Our use of cryptography is unique  Auditing instead of confidentiality 25

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.