SlideShare ist ein Scribd-Unternehmen logo

Mobile device security using transient authentication

Als PPTX, PDF herunterladen
Paulo Martins
Paulo Martins

Presentation based on the paper: Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner, and Brian D. Noble

Technologie
1 von 24
Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner and Brian D. Noble Apresentação por: Paulo Martins 65929 MERC Filipe Tavares 65898 MEIC IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
Motivation
Goal Proximity Security PowerPoint 2013
Challenges • Tie Capabilities to Users • Do No Harm • Secure and Restore on People Time • Ensure Explicit Consent
Challenges & Requirements • Tie Capabilities to Users • Detect the presence of authorized users • Do No Harm • The system must not require the user’s interaction • When the user arrives the device must restore itself before the user can even notice it was blocked
Challenges & Requirements • Secure and Restore on People Time • When the user leaves the device must secure itself before the attacker would have the change to physically extract any information • Ensure Explicit Consent • The system must not be vulnerable to physical-possession attacks • Ensure that the user’s device is indeed talking to the user’s Token • The token is not communication with any other devices without the user’s consent
Challenges & Requirements • Other Requirements • Must not require extra Hardware
Related Work • Disable keyboard and Mouse: • Vulnerable to physical-possession attacks - Ensure explicit consent • Biometric information: • Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users physically – Do No Harm • Iris Scan – Requires the three cameras – Extra hardware • Erasable Memory: • Requires special hardware – Extra Hardware
Solution • Token System • Securing State • Token Authentication • Key Management and Binding
Solution – Token Authentication and Binding
Solution – Securing State • Persistent Storage • Virtual Memory • CPU and Chipset Registers and Caches • Peripherals • Displays
Implementation Securing File Systems • Using ZIAfs (Zero-Interaction File System) • Uses in per-directory keys Physical Memory • Encrypts main memory in-place - Kmem
Implementation Swap Space • Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption. • Never encrypt the pages of critical processes. • The system must ensure that the encryption keys are pinned in memory.
Implementation • Video • Lock Mouse and Keyboard • Blank the frame buffer via Display Manager • Application-Aware Mechanisms • Identify some key processes, that may not be able to survive the hibernation process or that handle sensitive data
Implementation – Example of Application
Evaluation • IBM ThinkPad x24 Notebook – Linux kernel 2.4.20 • • 256MB RAM • • 1.113 GHz Intel Pentium III 30GB IDE Disk Drive – 12ms average seek time Compaq iPAQ 3870 – Familiar Linux • 206 MHz StromARM • 64MB SDRAM • 32MB Flash ROM
Evaluation – File System Copy a source tree, traversing the tree and its contents and compiling it
Evaluation – Physical Memory 1. Freeze execution of all running processes 2. Encrypt in-place memory the physical memory pages of the frozen processes 3. Overwrite freed pages and other shared kernel buffers • 200MB Memory allocated • 10 Runs (On average 46,740 pages)
Evaluation – Physical Memory Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place
Evaluation – Swap Space
Evaluation – Microbenchmark
Evaluation – Video & AAM
Evaluation – Video & AAM
Do you have any Thank You Questions?

Empfohlen

Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Codiax
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology Education
Summerpair77
 
Internet security
Internet securityInternet security
Internet security
Antony Mathew
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
Greater Noida Institute Of Technology
 
Encryption
EncryptionEncryption
Encryption
Nitin Parbhakar
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
Justin Black
 
Mtslesson
MtslessonMtslesson
Mtslesson
grahamwell
 

Empfohlen

Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Codiax
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology Education
Summerpair77
 
Internet security
Internet securityInternet security
Internet security
Antony Mathew
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
Greater Noida Institute Of Technology
 
Encryption
EncryptionEncryption
Encryption
Nitin Parbhakar
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
Justin Black
 
Mtslesson
MtslessonMtslesson
Mtslesson
grahamwell
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
KashifKhan417
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
Sam Bowne
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.
Webroot
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systems
aissa benyahya
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network
Sentry Global Technologies, LLC
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
David Strom
 
Firewall
FirewallFirewall
Firewall
Nikhil Dagale
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
PROIDEA
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health Records
Health Informatics New Zealand
 
Personal security
Personal securityPersonal security
Personal security
Directorate of Information Security | Ditjen Aptika
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryption
guest990c6c
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 
Data security
Data securityData security
Data security
sbmiller87
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
CODE BLUE
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
Tanveer Malik
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelines
viplavsarkar
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
Panorama Software
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animation
viplavsarkar
 
Mvp2
Mvp2Mvp2
Mvp2
nolangage
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentation
dikshagupta111
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
NCCOMMS
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
Precisely
 

Weitere ähnliche Inhalte

Was ist angesagt?

Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.
Webroot
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
CODE BLUE
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelines
viplavsarkar
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animation
viplavsarkar
 

Was ist angesagt? (20)

Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systems
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
 
Firewall
FirewallFirewall
Firewall
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health Records
 
Personal security
Personal securityPersonal security
Personal security
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryption
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
Data security
Data securityData security
Data security
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelines
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animation
 
Mvp2
Mvp2Mvp2
Mvp2
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentation
 

Ähnlich wie Mobile device security using transient authentication

Security by Design for Law Firms
Security by Design for Law FirmsSecurity by Design for Law Firms
Security by Design for Law Firms
Clio - Cloud-Based Legal Technology
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Dan Griffin
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 

Ähnlich wie Mobile device security using transient authentication (20)

CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthautha
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
Security by Design for Law Firms
Security by Design for Law FirmsSecurity by Design for Law Firms
Security by Design for Law Firms
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain Transactions
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authentication
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical Security
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security Operations
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Kürzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Mobile device security using transient authentication

  • 1. Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner and Brian D. Noble Apresentação por: Paulo Martins 65929 MERC Filipe Tavares 65898 MEIC IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
  • 4. Challenges • Tie Capabilities to Users • Do No Harm • Secure and Restore on People Time • Ensure Explicit Consent
  • 5. Challenges & Requirements • Tie Capabilities to Users • Detect the presence of authorized users • Do No Harm • The system must not require the user’s interaction • When the user arrives the device must restore itself before the user can even notice it was blocked
  • 6. Challenges & Requirements • Secure and Restore on People Time • When the user leaves the device must secure itself before the attacker would have the change to physically extract any information • Ensure Explicit Consent • The system must not be vulnerable to physical-possession attacks • Ensure that the user’s device is indeed talking to the user’s Token • The token is not communication with any other devices without the user’s consent
  • 7. Challenges & Requirements • Other Requirements • Must not require extra Hardware
  • 8. Related Work • Disable keyboard and Mouse: • Vulnerable to physical-possession attacks - Ensure explicit consent • Biometric information: • Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users physically – Do No Harm • Iris Scan – Requires the three cameras – Extra hardware • Erasable Memory: • Requires special hardware – Extra Hardware
  • 9. Solution • Token System • Securing State • Token Authentication • Key Management and Binding
  • 10. Solution – Token Authentication and Binding
  • 11. Solution – Securing State • Persistent Storage • Virtual Memory • CPU and Chipset Registers and Caches • Peripherals • Displays
  • 12. Implementation Securing File Systems • Using ZIAfs (Zero-Interaction File System) • Uses in per-directory keys Physical Memory • Encrypts main memory in-place - Kmem
  • 13. Implementation Swap Space • Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption. • Never encrypt the pages of critical processes. • The system must ensure that the encryption keys are pinned in memory.
  • 14. Implementation • Video • Lock Mouse and Keyboard • Blank the frame buffer via Display Manager • Application-Aware Mechanisms • Identify some key processes, that may not be able to survive the hibernation process or that handle sensitive data
  • 15. Implementation – Example of Application
  • 16. Evaluation • IBM ThinkPad x24 Notebook – Linux kernel 2.4.20 • • 256MB RAM • • 1.113 GHz Intel Pentium III 30GB IDE Disk Drive – 12ms average seek time Compaq iPAQ 3870 – Familiar Linux • 206 MHz StromARM • 64MB SDRAM • 32MB Flash ROM
  • 17. Evaluation – File System Copy a source tree, traversing the tree and its contents and compiling it
  • 18. Evaluation – Physical Memory 1. Freeze execution of all running processes 2. Encrypt in-place memory the physical memory pages of the frozen processes 3. Overwrite freed pages and other shared kernel buffers • 200MB Memory allocated • 10 Runs (On average 46,740 pages)
  • 19. Evaluation – Physical Memory Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place
  • 24. Do you have any Thank You Questions?

Hinweis der Redaktion

  1. Mencionarquefoifeitoemconjunto com a National Security Agency e a US – National Science Foundation
  2. In Slide Show mode, click the arrow to enter the PowerPoint Getting Started Center.