ryan lackey dynamic locations: secure mobile services discovery and dynamic group membership ryan...
TRANSCRIPT
![Page 1: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/1.jpg)
Ryan Lackey http://www.metacolo.com/
Dynamic Locations:Secure Mobile Services Discovery and Dynamic Group Membership
Ryan Lackey<[email protected]>
www.metacolo.com
![Page 2: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/2.jpg)
Ryan Lackey http://www.metacolo.com/
Who?
Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash
Ultimate goal: anonymous secure infrastructure from end to end: clients, servers, networks, pro
Founded HavenCo/ran 2000-2002 metacolo: offshore colo in 9 markets, related
projects, including secure mobile systems
![Page 3: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/3.jpg)
Ryan Lackey http://www.metacolo.com/
Introduction
Lots of work has been done to network fixed equipment, and to secure fixed network connections, but most mobile apps are just slightly modified versions of fixed applications
Most mobile networked systems have simplified security models; some link security but little application specific security end to end
Fundamentally new kinds of applications are possible with secure mobile systems
![Page 4: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/4.jpg)
Ryan Lackey http://www.metacolo.com/
Fundamental Constraints
Power and bandwidth limited Many nodes in continual motion and
appear/disappear rapidly Much infrastructure is closed and
long cycles to upgrade and deploy UI complicated by devices and use
cases (user attention not dedicated)
![Page 5: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/5.jpg)
Ryan Lackey http://www.metacolo.com/
Platform
HP/Compaq iPaq running Linux Laptops running Linux and FreeBSD 802.11b and 1xRTT IP-based
communications Open systems for easy
development, python for rapid development
![Page 6: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/6.jpg)
Ryan Lackey http://www.metacolo.com/
Applications of Interest
“Matchmaking” – letting parties meet with similar interests meet up
Secure messaging (communications and message-based low-overhead protocols, including payment systems)
Secure streams (VoIP, VPN)
![Page 7: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/7.jpg)
Ryan Lackey http://www.metacolo.com/
“Matchmaking”
Demo app is letting people define a set of interests, then announce to the world, without risk of being “interrogated” by third parties
Useful for service discovery too – announce that you’re running certain services to others in the set, but not to the public (RIAA, MPAA, Government, etc)
Attestations, with optional protection from traffic analysis as well
![Page 8: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/8.jpg)
Ryan Lackey http://www.metacolo.com/
Secure short messages
Text messaging Much easier technically than
streams Store/forward possibility Also useful for many protocols,
either in two way or polled mode
![Page 9: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/9.jpg)
Ryan Lackey http://www.metacolo.com/
Streams
Voice over IP is key market – encrypted cellphone using low-bandwidth channel (1xRTT or HSCSD GSM) and anonymization of calls
![Page 10: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/10.jpg)
Ryan Lackey http://www.metacolo.com/
Interaction models
True peer to peer “Security proxy” or user
selected/operated operational server Centralized client-server operated by
application developers Centralized client-server operated by
communications providers
![Page 11: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/11.jpg)
Ryan Lackey http://www.metacolo.com/
Existing p2p systems
Generally designed for high bandwidth media sharing with minimal anonymity layered over existing IP networks
Not really designed for interactive communication
![Page 12: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/12.jpg)
Ryan Lackey http://www.metacolo.com/
Existing mobile client-server systems Designed with link encryption to the
wireless hub, or to the server Closed development environment
controlled by mobile companies Hard for users and application
developers to really trust the security model
![Page 13: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/13.jpg)
Ryan Lackey http://www.metacolo.com/
Early mobile p2p systems
“lovegety” – a system to use RF to share information about membership in certain groups
Subject to “trawling”, direction finding attacks, and “corraling” small numbers of users to identify
![Page 14: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/14.jpg)
Ryan Lackey http://www.metacolo.com/
Security Implications
Confidentiality, Integrity, Authentication solvable through traditional systems
Traffic analysis is the hard problem Complete undetectability of special
traffic Of course, reliability, availability, etc. are
still major concerns, and special mobile constraints
![Page 15: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/15.jpg)
Ryan Lackey http://www.metacolo.com/
Policy Implications
Centralized systems vulnerable to technical or legal attack
Who to trust – communications provider, applications provider?
Trust is essential to enabling certain applications
![Page 16: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/16.jpg)
Ryan Lackey http://www.metacolo.com/
Central Mediation
Servers trusted by some party to take all communications and retransmit
Defeats firewalls/proxies/NAT as well as provides protection from traffic analysis
Persistence; can buffer communications for users with intermittent connectivity
![Page 17: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/17.jpg)
Ryan Lackey http://www.metacolo.com/
True Peer to Peer Cryptographic Systems Computationally intensive on client Bandwidth intensive; may only be
able to send single bits! Generally can put user into a
“collusion set” but unless set is large, elimination can identify user
![Page 18: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/18.jpg)
Ryan Lackey http://www.metacolo.com/
Covert channels for mobile use Masking using pre-recorded traffic Sniffing and simulating MITM “Design for MITM” – Dining
Cryptographer’s Networks, etc.
![Page 19: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/19.jpg)
Ryan Lackey http://www.metacolo.com/
Dining Cryptographer’s Network
Due to David Chaum, described at http://cypherpunks.venona.com/date/1992/12/msg00107.html
Multiple parties can communicate without revealing to one another which is initiating the communications
![Page 20: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/20.jpg)
Ryan Lackey http://www.metacolo.com/
Anonymizing remailers as model Store and forward messaging with
latency added Complicated due to node
unreliability Send out multiple messages;
tradeoff of bandwidth waste vs. latency vs. reliability
![Page 21: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/21.jpg)
Ryan Lackey http://www.metacolo.com/
Current solution
Communications with a trusted server using fixed-rate messaging (tuned for bandwidth)
Inter-server communications, allowing users to select “security proxy servers” to act on their behalf, optionally running servers themselves
![Page 22: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/22.jpg)
Ryan Lackey http://www.metacolo.com/
Conclusions
Mobile-specific (more properly, dynamic) security is a very hard problem
Key is finding applications which fit currently available technology – message based, with secure service discovery
![Page 23: Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey](https://reader036.vdocuments.us/reader036/viewer/2022062322/56649ea85503460f94bac334/html5/thumbnails/23.jpg)
Ryan Lackey http://www.metacolo.com/
Future work
Develop an application developer’s toolkit with service discovery on top of secure message-passing and streams systems
“Killer apps” of VoIP and mobile payment – good stream based systems