SlideShare ist ein Scribd-Unternehmen logo

Mobile device security using transient authentication

Als PPTX, PDF herunterladen
Paulo Martins
Paulo Martins

Presentation based on the paper: Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner, and Brian D. Noble

Technologie
1 von 24
Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner and Brian D. Noble Apresentação por: Paulo Martins 65929 MERC Filipe Tavares 65898 MEIC IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
Motivation
Goal Proximity Security PowerPoint 2013
Challenges • Tie Capabilities to Users • Do No Harm • Secure and Restore on People Time • Ensure Explicit Consent
Challenges & Requirements • Tie Capabilities to Users • Detect the presence of authorized users • Do No Harm • The system must not require the user’s interaction • When the user arrives the device must restore itself before the user can even notice it was blocked
Challenges & Requirements • Secure and Restore on People Time • When the user leaves the device must secure itself before the attacker would have the change to physically extract any information • Ensure Explicit Consent • The system must not be vulnerable to physical-possession attacks • Ensure that the user’s device is indeed talking to the user’s Token • The token is not communication with any other devices without the user’s consent
Challenges & Requirements • Other Requirements • Must not require extra Hardware
Related Work • Disable keyboard and Mouse: • Vulnerable to physical-possession attacks - Ensure explicit consent • Biometric information: • Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users physically – Do No Harm • Iris Scan – Requires the three cameras – Extra hardware • Erasable Memory: • Requires special hardware – Extra Hardware
Solution • Token System • Securing State • Token Authentication • Key Management and Binding
Solution – Token Authentication and Binding
Solution – Securing State • Persistent Storage • Virtual Memory • CPU and Chipset Registers and Caches • Peripherals • Displays
Implementation Securing File Systems • Using ZIAfs (Zero-Interaction File System) • Uses in per-directory keys Physical Memory • Encrypts main memory in-place - Kmem
Implementation Swap Space • Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption. • Never encrypt the pages of critical processes. • The system must ensure that the encryption keys are pinned in memory.
Implementation • Video • Lock Mouse and Keyboard • Blank the frame buffer via Display Manager • Application-Aware Mechanisms • Identify some key processes, that may not be able to survive the hibernation process or that handle sensitive data
Implementation – Example of Application
Evaluation • IBM ThinkPad x24 Notebook – Linux kernel 2.4.20 • • 256MB RAM • • 1.113 GHz Intel Pentium III 30GB IDE Disk Drive – 12ms average seek time Compaq iPAQ 3870 – Familiar Linux • 206 MHz StromARM • 64MB SDRAM • 32MB Flash ROM
Evaluation – File System Copy a source tree, traversing the tree and its contents and compiling it
Evaluation – Physical Memory 1. Freeze execution of all running processes 2. Encrypt in-place memory the physical memory pages of the frozen processes 3. Overwrite freed pages and other shared kernel buffers • 200MB Memory allocated • 10 Runs (On average 46,740 pages)
Evaluation – Physical Memory Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place
Evaluation – Swap Space
Evaluation – Microbenchmark
Evaluation – Video & AAM
Evaluation – Video & AAM
Do you have any Thank You Questions?

Empfohlen

Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldCodiax
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer Greater Noida Institute Of Technology
 
Encryption
EncryptionEncryption
EncryptionNitin Parbhakar
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_roomNCC Group
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Justin Black
 
Mtslesson
MtslessonMtslesson
Mtslessongrahamwell
 

Empfohlen

Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldCodiax
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer Greater Noida Institute Of Technology
 
Encryption
EncryptionEncryption
EncryptionNitin Parbhakar
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_roomNCC Group
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Justin Black
 
Mtslesson
MtslessonMtslesson
Mtslessongrahamwell
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware KashifKhan417
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)securitySam Bowne
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Webroot
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network Sentry Global Technologies, LLC
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
Firewall
FirewallFirewall
FirewallNikhil Dagale
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsHealth Informatics New Zealand
 
Personal security
Personal securityPersonal security
Personal securityDirectorate of Information Security | Ditjen Aptika
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryptionguest990c6c
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
Data security
Data securityData security
Data securitysbmiller87
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet SecurityCODE BLUE
 
Lecture 4
Lecture 4Lecture 4
Lecture 4Tanveer Malik
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelinesviplavsarkar
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access securityPanorama Software
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animationviplavsarkar
 
Mvp2
Mvp2Mvp2
Mvp2nolangage
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentationdikshagupta111
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 

Weitere ähnliche Inhalte

Was ist angesagt?

1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)securitySam Bowne
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Webroot
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsHealth Informatics New Zealand
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryptionguest990c6c
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet SecurityCODE BLUE
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelinesviplavsarkar
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access securityPanorama Software
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animationviplavsarkar
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentationdikshagupta111
 

Was ist angesagt? (20)

Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systems
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
 
Firewall
FirewallFirewall
Firewall
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health Records
 
Personal security
Personal securityPersonal security
Personal security
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryption
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
Data security
Data securityData security
Data security
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelines
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animation
 
Mvp2
Mvp2Mvp2
Mvp2
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentation
 

Ähnlich wie Mobile device security using transient authentication

CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaOlajide Kuku
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore developmentgmaran23
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsRivetz
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authenticationMecklerMedia
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webST_World
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityPrecisely
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsSam Bowne
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Hai Nguyen
 

Ähnlich wie Mobile device security using transient authentication (20)

CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthautha
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
Security by Design for Law Firms
Security by Design for Law FirmsSecurity by Design for Law Firms
Security by Design for Law Firms
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain Transactions
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authentication
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical Security
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security Operations
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 

Kürzlich hochgeladen

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Intelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfIntelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfAnthony Lucente
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Boni Yeamin
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Intelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfIntelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.Enterprise Security Monitoring, And Log Management.
Enterprise Security Monitoring, And Log Management.
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 

Mobile device security using transient authentication

  • 1. Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner and Brian D. Noble Apresentação por: Paulo Martins 65929 MERC Filipe Tavares 65898 MEIC IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
  • 4. Challenges • Tie Capabilities to Users • Do No Harm • Secure and Restore on People Time • Ensure Explicit Consent
  • 5. Challenges & Requirements • Tie Capabilities to Users • Detect the presence of authorized users • Do No Harm • The system must not require the user’s interaction • When the user arrives the device must restore itself before the user can even notice it was blocked
  • 6. Challenges & Requirements • Secure and Restore on People Time • When the user leaves the device must secure itself before the attacker would have the change to physically extract any information • Ensure Explicit Consent • The system must not be vulnerable to physical-possession attacks • Ensure that the user’s device is indeed talking to the user’s Token • The token is not communication with any other devices without the user’s consent
  • 7. Challenges & Requirements • Other Requirements • Must not require extra Hardware
  • 8. Related Work • Disable keyboard and Mouse: • Vulnerable to physical-possession attacks - Ensure explicit consent • Biometric information: • Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users physically – Do No Harm • Iris Scan – Requires the three cameras – Extra hardware • Erasable Memory: • Requires special hardware – Extra Hardware
  • 9. Solution • Token System • Securing State • Token Authentication • Key Management and Binding
  • 10. Solution – Token Authentication and Binding
  • 11. Solution – Securing State • Persistent Storage • Virtual Memory • CPU and Chipset Registers and Caches • Peripherals • Displays
  • 12. Implementation Securing File Systems • Using ZIAfs (Zero-Interaction File System) • Uses in per-directory keys Physical Memory • Encrypts main memory in-place - Kmem
  • 13. Implementation Swap Space • Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption. • Never encrypt the pages of critical processes. • The system must ensure that the encryption keys are pinned in memory.
  • 14. Implementation • Video • Lock Mouse and Keyboard • Blank the frame buffer via Display Manager • Application-Aware Mechanisms • Identify some key processes, that may not be able to survive the hibernation process or that handle sensitive data
  • 15. Implementation – Example of Application
  • 16. Evaluation • IBM ThinkPad x24 Notebook – Linux kernel 2.4.20 • • 256MB RAM • • 1.113 GHz Intel Pentium III 30GB IDE Disk Drive – 12ms average seek time Compaq iPAQ 3870 – Familiar Linux • 206 MHz StromARM • 64MB SDRAM • 32MB Flash ROM
  • 17. Evaluation – File System Copy a source tree, traversing the tree and its contents and compiling it
  • 18. Evaluation – Physical Memory 1. Freeze execution of all running processes 2. Encrypt in-place memory the physical memory pages of the frozen processes 3. Overwrite freed pages and other shared kernel buffers • 200MB Memory allocated • 10 Runs (On average 46,740 pages)
  • 19. Evaluation – Physical Memory Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place
  • 24. Do you have any Thank You Questions?

Hinweis der Redaktion

  1. Mencionarquefoifeitoemconjunto com a National Security Agency e a US – National Science Foundation
  2. In Slide Show mode, click the arrow to enter the PowerPoint Getting Started Center.