security and pdas in mobile computing environments
Download
Skip this Video
Download Presentation
Security and PDAs in Mobile Computing Environments

Loading in 2 Seconds...

play fullscreen
1 / 24

Security and PDAs in Mobile Computing Environments - PowerPoint PPT Presentation


  • 381 Views
  • Uploaded on

Security and PDAs in Mobile Computing Environments. By Loo Tang Seet and Camilla Fjortoft. Today we will talk about . PDAs and their characteristics Security requirements Advantages and Limitations Operating Systems Authentication & Authorization (A&A) in Mobile Computing Environments

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security and PDAs in Mobile Computing Environments' - arleen


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security and pdas in mobile computing environments

Security and PDAs in Mobile Computing Environments

By Loo Tang Seet

and

Camilla Fjortoft

today we will talk about
Today we will talk about
  • PDAs and their characteristics
    • Security requirements
    • Advantages and Limitations
    • Operating Systems
  • Authentication & Authorization (A&A) in Mobile Computing Environments
    • A&A in Mobile Computing environment
    • Charon Architecture
    • Tiny SESAME Architecture

ISRC Workshop, May 2002

personal digital assistants pdas
Personal Digital Assistants (PDAs)
  • Small, smaller, smallest
  • View, store and transmit data from a handheld device
  • New applications
    • FiloFax or Business/Enterprise applications?
      • Mix of personal and business data
      • Less personal
    • Access and store corporate data

ISRC Workshop, May 2002

pdas cont
PDAs cont..
  • Extremely portable, huge advantage
  • Can be used as an access control device by a wireless network
    • The access to the device must be controlled
    • This control must be greater than that for your PC
    • Constitute Availability, Confidentiality and Integrity of data

ISRC Workshop, May 2002

threats
Threats
  • Small, easy to run-away-with, forget, lose..
    • Removable memory card with data
  • Wireless communication
    • IR,
      • data is being ‘beamed’ to another device

via the IR port

    • Wireless network access points
  • Virus
    • Synchronizing with Host PC
    • Email attachments

ISRC Workshop, May 2002

threats cont
Threats cont..
  • Operating System
    • Four to seven digit PIN for accessing the device
    • Single user access
    • Input methods
      • I.e. by pen, choose simple passwords
    • Not all OS have support for data to be encrypted, need third party software  power consumption

ISRC Workshop, May 2002

security requirements
Security Requirements
  • Secure access to device, data and network
  • Encryption of data
  • The device,or data, cannot be tampered with
    • OS integrity and file system security
  • Protection against virus and malicious code
  • Sufficient power supply and memory
  • Security policy involving handheld devices

ISRC Workshop, May 2002

limitations of pdas
Limitations of PDAs
  • Power
    • Battery only lasts for couple of hours when connected to wireless network
    • Reduces the amount of time to run applications
    • Power is a major limitation
  • Processing speed
    • Good enough for cryptographic operations
  • Memory
    • Memory no longer a limitation for new PDAs. Can get micro drivers with several GB of capacity

ISRC Workshop, May 2002

operating systems
Operating Systems
  • Windows CE
    • 4 to 7 digit PIN, accessible by others
    • No support for data to be encrypted
      • Need third party software
      • Larger power consumption
  • PalmOS
    • For devices with restricted resources
    • Password for accessing the device
    • Single user OS, no file access based on user identity
  • Linux
    • Many different distribution available

ISRC Workshop, May 2002

pda survey
PDA survey

ISRC Workshop, May 2002

overview
Overview
  • Authentication & authorization issues in mobile computing environments
  • Existing authentication and authorization security architectures
  • Adapting existing security architectures to mobile computing environments
  • Conclusions

ISRC Workshop, May 2002

authentication authorization issues in mobile computing environment
Authentication & authorization Issues in Mobile Computing Environment
  • Two constraints presented by mobile computing environment:
    • Processing resource constraints on the mobile platform
    • Communication resource constraints in the mobile network
  • Two approach to providing A&A for mobile computing environment:
    • adapting existing security architecture or
    • design a whole new architecture

ISRC Workshop, May 2002

existing a a security architectures
Existing A&A Security Architectures
  • Kerberos
    • Developed by MIT for Project Athena
    • Provides end-to-end mutual authentication between client and server with single sign on
    • Authorization is provided by the host OS
  • SESAME
    • An extension to Kerberos with additional services
    • Provides both authentication and authorization services and delegation of access rights
    • Supports both password and public key authentication
    • Supports RBAC

ISRC Workshop, May 2002

charon indirect authentication using kerberos iv by uc at berkeley
Charon – Indirect Authentication Using Kerberos IV – by UC at Berkeley
  • Migrating Kerberos into mobile computing platform
  • Displacing complexity from client to proxy
    • Only DES encryption/decryption on the client
    • Kerberos library shifted to proxy
  • Rewrites client and libdes library to run on the Sony MagicLink PDA with a total footprint of ~45kB ( 9% of the original size of kinit)
  • No modification to KDC and server is required

ISRC Workshop, May 2002

charon architecture

Kerberos

Client

AS

TGS

Phase I: Authentication & obtaining TGT

2

Service

1

Proxy

3

4

Charon Architecture

ISRC Workshop, May 2002

slide17

Charon Architecture

Phase II: Obtaining ticket for proxy

Kerberos

Client

AS

5,9

Proxy

6

8

TGS

7

Service

ISRC Workshop, May 2002

slide18

Charon Architecture

Phase III: Accessing a Service via Proxy

Kerberos

Client

10,14

AS

Proxy

11

13

TGS

12

16

15

Service

ISRC Workshop, May 2002

charon vs standard kerberos
Charon vs Standard Kerberos
  • Inherits both the strength and shortcomings of Kerberos IV
  • Charon provides a lightweight client to accommodate the mobile computing devices with limited storage space
  • Additional protocol exchanges required to establish trust between client and proxy
  • No network performance advantage using Charon versus the unmodified Kerberos

ISRC Workshop, May 2002

adapting pkinit by a harbitter d menasce
Adapting PKINIT - By A. Harbitter & D. Menasce
  • PKINIT – Public key extension to Kerberos V initial authentication phase
  • Public key encryption requires more computational resources
  • General approaches to adapt PK based security systems:
    • Reduce the number of public/private key operations on the mobile client side
    • Choose the right public key algorithm that allows faster public/private key operation to be performed on the mobile client side (refer to next slide)
    • Use proxy to offload some processing from client

ISRC Workshop, May 2002

relative speeds of public private key operations using dsa and rsa
Relative Speeds of Public/Private Key Operations Using DSA and RSA

Refer to “Applied Cryptography”, by Bruce Schneier

ISRC Workshop, May 2002

tiny sesame by uiuc
TINY SESAME- By UIUC
  • A lightweight SESAME implemented in Java using component-based architecture
  • Supports authentication, simple encryption, integrity checks and RBAC
  • Dynamic component loading

ISRC Workshop, May 2002

slide23

User Sponsor

Client Application

User

Service

Tiny SESAME Architecture

Client Side

Security Server

AS

APA Client

PAS

KDS

GSS-API

DCL

SACM

Communication Protocol

Security Context

Application Server

APA-Client: Authentication & Privilege client.

AS: Authentication Server.

DCL: Dynamic Component Loader.

GSS: Generic Security Services.

KDS: Key Distribution Center.

PAC: Privilege Attribute Certificate.

PAS: Privilege Attribute Server.

PVF: PAC Validation Facility.

SACM: Secure Association Context Manager.

DCL

SACM

GSS-API

PVF

ISRC Workshop, May 2002

conclusions
Conclusions
  • Current A&A security architectures trust the client to protect confidential keying information
  • PDAs are becoming less personal
  • PDA are small, portable and easily subverted
  • Better security is needed for PDA

ISRC Workshop, May 2002

ad