security in mobile systems - rené mayrhofer€¦ · guest editor for 2 journal special issues...

Security in Mobile Systems:Current Challenges and Selected Approaches

Wissenschaftlicher Fachvortrag zu Netzwerke und Sicherheit

6. Februar 2013 15:00 – 16:00JKU Linz, SCP1 MT 127

Priv.-Doz. DI Dr. René Mayrhofer

2013-02-06 Fachvortrag Netzwerke und Sicherheit: Security in Mobile Systems 2René Mayrhofer

Academic and research profile

Diploma thesis on Artificial Intelligence (Oct. 2002, event based simulation of Spiking Neural Networks)1998 – 2002, JKU

IT Security (network security, firewalls, industry projects)2001 – now, Project manager of Gibraltar Firewall and Security Consultant

Dissertation on Context-aware Systems (Nov. 2004, prediction of future contexts)2002 – 2005, JKU Inst. for Pervasive Computing

Habilitation thesis on Ubiquitous Computing Security (submitted Sept. 2008, venia docenci granted Mar. 2009)2008 – 2009, Guest Prof. at Vienna Univ.Sept.

2002

since2000

Security for Mobile Systems(Josef Ressel Center u'smile)2010 – now, Prof. for Mobile Computing, FH Hagenberg

Context-based Security and Security for Spontaneous Interaction2005 – 2008, Marie Curie Fellow at Lancaster Univ.

Aug. 2005

Feb.2008

Shared-Nothing Server Virtualization 2009 – 2010, FWF Impulsprojekt with eSYS GmbH

Feb.2009Feb

2010

IntroductionAuthentication in Mobile SystemsSelected Research Contributions

Future Research

Personal ProfileScientific Area: Networks and Security


Research and industry projects

2010 -20172012201120092005-20081999-


Future Research


JRC u'smile12 people, 1430k€

CDG

Joint Int. PhD Program4 PhD students, 588k€

Upper Austria

Server Virt.106k€

FWF

CAPER128k€

EC FP6

SESAME16 (3) people, 810 (135) k€ SESAME-S

17 (3) people, 771 (128) k€

FFGCOIN

Gibraltar Firewall5 people

NLN7 people

(Co-)

Pro

ject

lea

dPa

rtner

Indust

ry

Server Virt.106k€


Summary of academic activities

Publications● 9 journal articles, 6 as first author (2 since 2010)● 38 conference/workshop papers, 20 as first author (15 since 2010)● guest editor for 2 journal special issues

Organization● program chair for MoMM 2013● co-organizer of 7 workshops● co-organizer of 2 doctoral colloquiums● JKU/UAS Joint International PhD Program (together with Josef Küng for JKU)

Reviews● PC member of 58 international conferences/workshops● reviewer for 10 journals and 31 conferences

Teaching● 7 courses at FH Hagenberg, 4 at Vienna Univ., 2 at Lancaster Univ., 2 at JKU● 3 finished dissertations (7 ongoing), 9 finished Master's students (5 ongoing)


Future Research



Networks and Security


Future Research


Networks Security

protocols&

VPNs

usability

restrictedresources

&embedded

devices

sensing

socialethical

legalpolitical

aspects

privacy

hardwareOS

appsecurity

cryptography

userdevice authentication

virtualization

physicaldata linknetwork

transport

layer

wireless networks

ad-hoc

peer-to-peer

PANLAN

WANMAN

virtualization(overlays)

distributedsystems

mobile computing

wireless sensornetworks

Internetof Things

biometry


Networks and Security


Future Research


Networks Security

protocols&

VPNs

usability

restrictedresources

&embedded

devices

sensing

socialethical

legalpolitical

aspects

privacy

hardwareOS

appsecurity

cryptography

userdevice authentication

virtualization

physicaldata linknetwork

transport

layer

wireless networks

ad-hoc

peer-to-peer

PANLAN

WANMAN

virtualization(overlays)

distributedsystems

mobile computing

wireless sensornetworks

Internetof Things

biometrySESAME

GibraltarFirewall

GibraltarFirewall

SiLiConP2P

GibraltarFirewall

GibraltarFirewall

Server Virt.

CAPER

CAPER

SESAME

CAPER

CAPERNLN

JRC u'smile

JRC u'smile

JRC u'smile

CAPERServer Virt.

JRCu'smile

JRC u'smile

JRCu'smile


Security in production: Gibraltar Firewall

● first installation in July 2000● product- and project lead,

10 employees, 2-5 freelancers● during past 4 years >1000

commercial licenses in use● 1 Magister/Masters thesis

1 Bachelors thesis7 Student projects


Future Research

Personal ProfileScientific Area: Networks and SecuritySidenote: Industry projects on Network Security


Gibraltar – selected installations

References in Austria Universität Linz Fachhochschulen Kufstein,

Hagenberg Technikum Wien Stadtgemeinde Vöcklabruck Doubrava COPYright by Josef Schürz Kirsch – Muchitsch und Partner GIG Karasekgroup Wolf Systembau Stubai Werkzeugindustrie Financial Adivsory GmbH Ebnerbau Mondsee HGS Unternehmensberatung Profactor Steyr Datacontact CARE Österreich Gerstl Bau …

International references• Universität Washington• Universität der Bundeswehr• Universität Stuttgart• Universität Oxford• P&T Luxemburg• Graziano Transmissioni, Italien• Scotcomms, GB• ARIS AG, Schweiz• Calistel, Frankreich• COOPService Noncello, Italien• Kniel System Electronics• Noske-Kaeser GmbH, Deutschland• Städtische Überlandwerke Coburg• Scene Double, GB• …


Future Research



Project NLN

Goal: “Zero-interaction” secure gateway devices● installed by non-experts● managed by cloud service● always online, updates and configuration delivered automatically● target: >1M devices online at the same time within 24 months


Future Research



If security and/or privacy and usability collide, then usability always wins!

Most important aspect: Usability

● When security methods or implications on users' privacy are not properly understood, systems will be used incorrectly.

● Annoying and obtrusive security measures are simply deactivated so that users can get their jobs done.

● For example: – sharing passwords, never logging out

– writing PIN on back of card, most often used PINs “1234” and “0000”

– “ALERT: The URL says www.mybank.com, but the certificate is for cracker.net, really continue?” - “Yeah, whatever, just let me enter my PIN and TAN codes now...”


Future Research


2013-02-06 Fachvortrag Netzwerke und Sicherheit: Security in Mobile Systems 11

The most profound technologies are those that disappear. They

weave themselves into the fabric of everyday life until they are

indistinguishable from it.Mark Weiser, 1991, „The Computer for the 21st Century“


… as long as they do not ask for a password …


… or fail spectacularly with regards to securing their user's

data.


Spontaneous interaction to do it now

Core topic of Mobile and Pervasive/Ubiquitous Computing:

use of service when and where it is most appropriate● everywhere, anytime

● triggered by the user or automatically

● highly dependent on the specific situation

Interaction that can happen spontaneously without administrative overhead

● spontaneous as in “unplanned”: encounters, opportunities, serendipity ● spontaneous as in “self-acting”: operation out of the box, “plug and play”

IntroductionAuthentication in Mobile Systems

Selected Research ContributionsFuture Research

Mobile ComputingSecurity Issues


Mobile Computing – Everything new?





Wireless communication

Small, mobile devices● limited user interfaces

● limited resources (run time!)

Many devices● integrated with/into physical objects

● communicate among each other

● communicate with the user

Sensing

⇒ (mobile and stationary) devices and communication become more and moreinvisible, unobservable, and uncontrollable

Mobile Computing – Everything new?





Issue 1: Device OS/platform security

Security of mobile/smart/pervasive devices is hard to achieve

● many different (wireless) network interfaces ⇒ no more centralized firewalls

● security architectures (slightly) better than for client/server or desktops, but immature implementations and weak (non-existent) additional layers of protection

● proliferation of platforms, hardly any security updates for products older than 1 year

Small is beautiful, but:● easy to pocket ⇒ easy to forget, easy to steal● malicious wireless nodes nearly impossible to find





Issue 2: Secure channels to users

Assumption: devices can be made secure (or at least some parts)● certified/validated type-1 hypervisor ⇒ secure virtual guests on application CPU● integrated tamper-resistant hardware for crypto operations and key storage (e.g. NFC

secure elements as embedded JavaCard) ⇒ secure applets on crypto CPU

Components need to communicate among each other● secure virtual guest and applet● virtual guest and/or applet with infrastructure

Components need to communicate with user● e.g. financial transaction details,

PIN code to unlock smart card applet, OK for reading virtual passport, etc.





Issue 3: Secure channels to devices/infrastructure

Securing communication● between mobile/embedded (and/or

stationary) devices● that are under direct user control or

human-verifiable● for a specific interaction

⇒ associating with THIS device

Main issues● wireless communication● lack of user interfaces● scalability of user attention

Example applications● Bluetooth headset● printer in airport lounge● projector in conference room● Vcard exchange● micro payment● reading electronic ID card● access to health data● ...





Issue 4: Usability

Even more important for mobile security

● don't get hit by a bus while unlocking your phone to answer a call on-the-go

● don't make users read a manual for securing their device(they won't)





“The problem with passwords is that they're too easy to lose control of.”

Bruce Schneier, March 2005


New model for device authentication

Main threat scenario: MITM on wireless communication channel

– all parties have full access to the wireless (in-band) channel

– intended communication partners (A and B) share some context (out-of-band)

– attacker (E) has inferior access to this context

– respective aspect of context represented by sensor data streams ⇒ shared (weakly) secret information



Model for Out-of-Band AuthenticationOut-of-Band Authentication ChannelsUACAP: Unified Auxiliary Channel Authentication Protocol


Taxonomy of security properties



[Ma 2008] R. Mayrhofer, “Ubiquitous computing security: Authenticating spontaneous interactions,” September 2008. Habilitation thesis, University of Vienna



Taxonomy of user interaction

[Ma 2008] R. Mayrhofer, “Ubiquitous computing security: Authenticating spontaneous interactions,” September 2008. Habilitation thesis, University of Vienna





Spatial References:

verifiable by the user and the device – both can come to the same conclusions as to

which device they are interacting with

[MGH 2007] R. Mayrhofer, H. Gellersen, M.Hazas: “Security by spatial reference: Using relative positioning to authenticate devices for spontaneous interaction”, Ubicomp 2007

[MaGe 2007a] R. Mayrhofer, H. Gellersen: “On the security of ultrasound as out-of-band channel”, IPDPS 2007

Security by Spatial Reference





● ultrasound signals travel comparatively slowly in air ⇒ possible to measure time of flight ⇒ distance estimation

● angle-of-arrival estimation using multiple receivers difficult based on relative time of arrival

● angle-of-arrival estimation based on relative signal strengths works in practice

Quantitative measurements with ultrasound

Relate:● <10 cm accuracy for

distance measurements● ~33° accuracy for local

angle-of-arrival● without infrastructure● implemented as USB

dongles + Java host software

[HKG+ 2005] G. Kortuem, C. Kray, H. Gellersen: “Sensing and visualizing spatial relations of positioning system for co-located mobile devices”, In: Proc. MobiSys 2005





Visible laser channel as intuitive means of selecting THIS device

But, in contrast to previous assumptions:● laser channel is not confidential attacker can read

● laser channel is not completely authentic ⇒ “semi-authentic” attacker can modify

(add but not subtract)

Visible laser for authentication

[MaWe 2007] R. Mayrhofer, M. Welch: “A human-verifiable authentication protocol using visible laser light”, ARES 2007





Sender● prototype with pulsed laser based on

iMote1 (ARM7, 12 MHz) and TinyOS

Receiver● prototype for connecting to standard

serial port based on photo resistor and simple high-pass and thresholding

Protocol● DH key agreement and verification● continuous stream of nonces over laser

with double hash commitments over wireless channel

Prototype implementation

[MaWe 2007] R. Mayrhofer, M. Welch: “A human-verifiable authentication protocol using visible laser light”, ARES 2007





Shaking as shared context

Shaking is common movement● both (all) devices will experience very similar movement patterns● both (all) devices will experience very similar accelerations

Acceleration is a local physical phenomenon

⇒ difficult for an attacker (MITM) to estimate or replicate● not used for identifying users, only as shared context!

[MaGe 2007b] R. Mayrhofer, H. Gellersen: “Shake well before use: Authentication based on accelerometer data”, Pervasive 2007[MaGe 2009] R. Mayrhofer and H. Gellersen, “Shake well before use: Intuitive and secure pairing of mobile devices,” IEEE Transactions on Mobile Computing, vol. 8, pp. 792-806, June 2009





„Shake well before use“ in media outlets

● http://technology.newscientist.com/article/dn12912● http://www.youtube.com/watch?v=ktJC0S4_X58● http://www.heise.de/newsticker/meldung/99142● http://futurezone.orf.at/produkte/stories/236278/● http://mobile.slashdot.org/article.pl?sid=07/11/17/1231254&from=rss● Blogs, technical new sites, etc.





Creating keys from common sensor data

Candidate Key Protocol (CKP)● generates secret shared keys directly

from sensor data streams● computes feature vectors (e.g. of

quantized FFT coefficients)● exchanges and compares hashes of

feature vectors ⇒ candidate key parts

● matching vectors concatenated⇒ candidate keys

[May 2007b] R. Mayrhofer: “The candidate key protocol for generating secret shared keys from similar sensor data streams”. In Proc. ESAS 2007: 4th European Workshop on Security and Privacy in Ad hoc and Sensor Networks. Springer-Verlag, July 2007





Unified Auxiliary Channel Authentication Protocol (UACAP)

● uses Diffie-Hellman for key agreement

● exchanges sensor time series (after pre-processing) for key verification (e.g. with interlock* protocol)

● both devices verify locally (e.g. compare time series with coherence)

Verifying keys with accelerometer data






Protocol properties

UACAP● two phases:

– key agreement

– key verification

● either with opportunistic key agreement or slight delay

● only one-off chance for online attack

● independent signal analysis

CKP● single, continuous phase● devices “tune into” each other's

key streams● multi-device authentication ● offline lookup table attacks

possible when feature vectors have insufficient entropy(can be prevented with asymmetric key agreement and additional commitment)






Data collection from accelerometers






1. Sensor data acquisition● potential problem: side-channel attacks

2. Temporal alignment● triggering

● synchronization

⇒ use motion detection

3. Spatial alignment● devices arbitrarily aligned in 3D

● alignment changes when picked up (between “silent” and “active”)

⇒ reduce to 1 dimension (magnitude)

Pre-processing





http://technology.newscientist.com/article/dn12912

http://www.youtube.com/watch?v=ktJC0S4_X58

http://www.heise.de/newsticker/meldung/99142

http://futurezone.orf.at/produkte/stories/236278/

http://mobile.slashdot.org/article.pl?sid=07/11/17/1231254&from=rss


Features for shaking:● frequency domain

– less accuracy required for synchronization

– less sensitive to noise and alignment problems

● Coherence: measures power spectrum correlation between two signals split into overlapping slices, produces similarity value in [0; 1]

● Quantized FFT coefficients: pairwise added FFT coefficients quantized into exponential bands as feature vectors, compare equality

Feature extraction






3 experiments:– How do people shake?– “hacking” competition– live mode – does it work?

Quantitative evaluation

Results:– parameters for no false positives– false negatives 10.24%, 11.96%– 25/30 subjects successful






Quantitative evaluation

[MaGe 2009] R. Mayrhofer and H. Gellersen, “Shake well before use: Intuitive and secure pairing of mobile devices,” IEEE Transactions on Mobile Computing, vol. 8, pp. 792-806, June 2009





Unified Auxiliary Channel Authentication Protocol (UACAP)

● need to distinguish between different scenarios

– transfer (T)

– input (I)

– verify (V)

● and channels– long (L) / short (S)

– confidential (C) / non-confidential (N)

UACAP overview

[MaFuIo 2012] “UACAP: A unified auxiliary channel authentication protocol,” IEEE Transactions on Mobile Computing, February 2012. currently in pre-print and available online, journal issue to appear in 2013





UACAP specification – 1/3






OpenUAT: Ubicomp Authentication Toolkit

Documentation, demo applications, data sets: http://www.openuat.org

Source code, mailing list, bug tracker: http://sourceforge.net/projects/openuat

[R. Mayrhofer: “Towards an open source toolkit for ubiquitous device authentication”, PerSec/PerCom 2007][MaFuIo 2012] “UACAP: A unified auxiliary channel authentication protocol,” IEEE Transactions on Mobile Computing, February 2012. currently in pre-print and available online, journal issue to appear in 2013





Josef Ressel Center u'smile

Many open issues in research and development● fundamental research: hardware, cryptography, mobile operating systems● applied research: integration in devices and infrastructure● social aspects: comprehensibility by end-users

Consortium of the Josef Ressel Center„User-friendly Secure Mobile Environments“

● host institution: FH Hagenberg● academic partner: Secure Business Austria● company partners: NXP Semiconductors,

A1 Telekom Austria, Drei-Banken-EDV, LG Nexera

Mobile Security research group● 3 PhD students, 5 Master's students, 8 Bachelor students● www.usmile.at and https://dev.usmile.at (in progress)● JRC provides most of the funding● 1 PhD student funded by JKU/UAS Joint International PhD Program


Future Research

Mobile Device Security… and beyond


Vision: Convergence of security services


Future Research



Overview of current JRC topics

Figure created by JRC team


Future Research



User authentication on mobile phones...

… is difficult because it should be:

● secure● quick● unobtrusive● robust● fun● and much better than the one

published by <the other company> a few weeks ago.


Future Research



Results for speaker recognition

Features: Mel frequency cepstral coecients (MFCC)Classifier: simple Vector Quantization (VQ) with k-means clustering for trainingHardware for evaluation: HTC Desire HD, 8kHz, 8 bit quantizationTraining set: 60 seconds with same text for all speakersTesting set: 15 seconds with different text for each speakerDetails: in the paper


Future Research

[MaKa 2012] R. Mayrhofer and T. Kaiser, “Towards usable authentication on mobile phones: An evaluation of speaker and face recognition on off-the-shelf handsets,” in Proc. IWSSI/SPMU 2012



2D pan shot face unlock● face detection + face recognition with multiple views● recognition: multiple classifiers, one for each window● first Android prototype: Eigenfaces for recognition

as baseline for comparison with extended methods

3D face recognition


Future Research

[FiMa 2012] R. Findling and R. Mayrhofer, “Towards face unlock: On the difficulty of reliably detecting faces on mobile phones,” in Proc. MoMM 2012, ACM

Figure created by R. Findling



2D+range pan shot face unlock● face detection (2D) + face segmentation (3D)

+ face recognition (currently multiple 2D, aiming for 3D)● separate 2D/range classifiers● recognition: neural networks,

support vector machines, boosting

3D face recognition


Future Research

Figure created by R. Findling

[FiMa 2013a] R. Findling and R. Mayrhofer, “Towards Secure Personal Device Unlock using Stereo Camera Pan Shots”, accepted for publication at EUROCAST 2013



There can be more then one!

Biometric authentication on mobile phones is hard

Why not use an arbitrary number of them together (e.g. gait recognition), driven by the application needs?

Framework for multi-method authentication and implementations for speaker and face recognition on Android online at https://gitorious.org/android-user-auth


Future Research


http://www.usmile.at/

https://dev.usmile.at/


Advantages of embedded smartcard support● protected environment (Trusted Execution Environment)● hardware-based implementation guarantees protection or unauthorized

access or data manipulation● secure element is able to perform cryptographic operation● encryption directly on chip● smartcard OS is small enough to be certifiable

NFC Secure Element


Future Research



Virtualization on smart phones


Future Research

Figure created by JRC team



Secure (private)

Banking, ticketing, payment

Insecure (private)

Family photos, angry birds, private mail

switch switch

Secure (company)

ERP, VPN, company

mail

Visualizing virtual state


Future Research


Figure created by Peter Riedl


Planned upcoming research topics

2021-2024 2033-2029-20322025-20282017-20202013-2016-2012


Future Research

Mobile security

3Gconnectivity

Proje

ct lea

dIn

dust

ry

Privacy in car-to-carcommunication

“Smart” personalized security

Cloudsecurity

Devicemanagement


IPv6 securityand overlays

PANs


“If we knew what it was we were doing, it would not be called research, would it?”

Albert Einstein


Thank you for your attention!

Slides: http://www.mayrhofer.eu.org/presentationsLater questions: [email protected]

OpenPGP keys: 0x249BC034 and 0xC3C24BDE717A 033B BB45 A2B3 28CF B84B A1E5 2A7E 249B C034 7FE4 0DB5 61EC C645 B2F1 C847 ABB4 8F0D C3C2 4BDE

security in mobile systems - rené mayrhofer€¦ · guest editor for 2 journal special issues...

Documents