PowerPoint PresentationSlide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Zero-Interaction AuthenticationUser-Centric AuthenticationSolution: constant but invisible authenticationOutlineDesign guidelinesMoving data from disk to cacheHandle keys efficientlyAssign keys per directoryMaintain performance, ensure securityMake protection fast and invisibleImplementationEvaluation overviewEvaluation: Andrew BenchmarkAndrew Benchmark resultsTime to secure/restore the file systemSlide 35Other ResultsRelated workConclusionsBenefit of optimizationsPossible Authentication MethodsEvaluation: Per-Operation OverheadCreating directoriesReading directoriesCopying large treesKey-encrypting keys carry permissionsFoil tailgatersWhat if I lose my token?Trust and Threat ModelWhat about Wormhole attacks?Security in Wireless and Mobile Networks•Issues and possible security attacks in wireless and mobile systems•Zero-interaction authentication•Problems in 802.11 and Mobile IP •Possible directionsOn AttacksAttacks can happen in each layer of the protocol stack over wireless and mobile networksExample: jamming in the physical layer intruder sends jamming signals in the same physical channel to “jam” the users’ signalsAttacks happen in military context, and also civilian environmentPossible solution:Limit the transmission power for intruders and usersTurn to spread spectrum technologyExample: link-layer snooping/eavesdroppingProblem: passively listen to the channel and retrieve information without being detectedSolution: encrypt the dataOn Attacks (II)Example: Denial of Service Attack at the network layerIntruders break into the system and prevent the system from serving normal network usersBy issuing a large amount of junk trafficBy silently dropping user traffic By sending false signals to invoke incorrect reaction from the protocols and usersIt is hard to enumerate a generic attack model (it can be really big!), has to look at the specific problem contextSecurity supportAuthenticationEnsure that users are the persons they claim to beThe most important serviceMessage PrivacyEnsure that information is not accessible by unauthorized personsMessage IntegrityEnsure that information is not altered by unauthorized users in a way that is not detectable by authorized usersSecurity Support (II)Non-repudiation: ensure the message originators cannot deny that they sent the messagesService availability: a system is operational and functionalAccess Control: only qualified users can access services and resourcesPrivacy: users maintain the right to control what information about them is collected about them, how it is used and maintained, what for and by who uses it.AuthenticationVerify the true identity of a userIssues in wireless:Mobility: how to manage mobile usersComputation: where to place the computational workloadScalability: how to handle a large number of devices/usersNeed an inherent trust modelOn trust modelstypical models:Trusted third party basedPGP web of trustLocalized trust modelA relevant problem: root of trustProblem: who to trust in your security design?Philosophy issuePoint of attackCases:Proxy server in a proxy-based architecture?Home agent, foreign agent in mobile IP?Ad hoc networks?Current status in wireless securityMany protocols provide certain security featuresIEEE 802.11 MACMobile IPTLS wireless extensionsMobile ad-hoc routingStill a wide open research area802.11 WEP ProtocolIntends to enforce confidentiality, access control and data integrityThe use of stream cipher exposes to keystream reuse attackCRC-32 is not sufficient for message integritySecurity Issues in Mobile IPv6Mobile IPv6 uses binding updates that confirm the identity of a device as it moves to a new location.Once the binding update is authenticated, communications go straight to the new location without passing through the HAUses IPsec to secure binding update messages. But IPsec will not work for these messages:IPSec depends on a public-key infrastructure that has not yet been deployedThe key management component of IPsec requires heavy processing by end devicesMobile IPv6Alternative solution: Purpose-built keys (PBK)Before each Mobile IPv6 session, Generate a temporary public/private key pair; discard the key pair when the session is completeNo need to register the temporary keys with a third partyKeys change regularly, user anonymity is preservedCons:PBKs cannot confirm the actual identity of the user, only the identity of the device. Leave communications open to “man-in-the-middle” attacksSPINS: Sensor Network SecurityMessage broadcast authenticationBased on a modified TESLA, but still use key chainSender setup: generate a secret chain of keysBroadcast authenticated messages: for synchronized. Sender uses the key of the current interval to compute the message authentication code of packets in the interval. Then reveal the key after a delay after the end of the current intervalBootstrapping a receiver Each receiver needs an authentic key of the key chain. Once the receiver has a key in the chain, the key chain can self authenticate.Authenticating broadcast messages: receiver verifies the key revealed for previous interval•Nodes freely roam•Multi-hop communication towards remote nodes•Shared wireless medium is error-proneAd hoc network securityDesign Challenges•Security breach–Vulnerable wireless links–Occasional break-ins may be inevitable over long time•Service ubiquity in presence of mobility–Anywhere, anytime availability•Network dynamics–Wireless channel errors–Node failures–Node join/leave•Network scaleConventional Approaches•Centralized & Hierarchical scheme–Single server–Multi-server infrastructureServerServerServerServerProblems of Conventional Approaches(Centralized & Hierarchical)•Service performance comparison–Low success ratio: 80%–Large average delayOne ProposalUbiquitous and robust service provision in the presence of random mobilityLocalized algorithms and protocolsOne-hop wireless communicationWhy this model?•No single point of compromise–Hackers must break into K nodes simultaneously to compromise the system•No single point of DoS attack & node failure•K offers tradeoff between intrusion tolerance and service availability–K=1, single point of compromise, maximal availability–K=N, single point of DoS attack, maximal intrusion toleranceNetwork