1 / 18

Dan Boneh dabo@cs.stanford.edu with Monica Lam, David Mazieres , John Mitchell, and many students.

POMI 2020. Security for Mobile Devices. Dan Boneh dabo@cs.stanford.edu with Monica Lam, David Mazieres , John Mitchell, and many students. . NSF Site Visit, June 2010. POMI Research Agenda. Infrastructure. Applications. Handheld. Data & Computing Substrate

pakuna
Download Presentation

Dan Boneh dabo@cs.stanford.edu with Monica Lam, David Mazieres , John Mitchell, and many students.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. POMI 2020 Security for Mobile Devices Dan Boneh dabo@cs.stanford.edu with Monica Lam, David Mazieres, John Mitchell, and many students. NSF Site Visit, June 2010

  2. POMI Research Agenda Infrastructure Applications Handheld Data & Computing Substrate PrPl, Junction and Concierge UI secure apps Economics Network Substrate Software Defined Network & OpenFlow Cinder: Energy aware, secure OS HW Platform Radio technology

  3. POMI mobile security work secure apps • Snap2Pass and Snap2Pay [DSBL’10] • A password manager for mobile devices [BBBB’09] • Android security: ASLR on Android [BB’10] • Unlocking phones using cheap tokens [BB’10] • Preventing tap-Jacking attacks onmobile web sites [RBB’10] platformsecurity

  4. Location services without big brother Joint work with Arvind Narayanan, NarendranThiagarajan, and MugdhaLakhani

  5. Location-based social networking • Finally taking off?

  6. Proximity Alerts Detect when friends are nearby (e.g. Loopt) • Today: 24/7 user tracking by server Our privacy goals: • When not nearby, friends don’t see your location • Server never sees your location Building block for more complex functionality

  7. Proximity alerts: applications Granularity must be user-configurable

  8. How we arrived at this problem • POMI barrier #1: reliance on big brother • PrPl effort: social networks with privacy • Many discussions with PrPl participants: • Can we make location-based services private? • Similarly, can we do private targeted advertising? (NDSS’10) • Other results from the interaction: • QR codes for better user authentication [DSBL’10] • Unlocking a phone using cheap tokens [BB’10]

  9. Reducing proximity test to equality test

  10. Equality testing Space of possible locations is small! (32 bits) Method 1: protocol based on public-key encryption (Lipmaa) • Heavy computation: impractical for proximity of all friends ? x = y Requires shared secret keys between pairs of friends

  11. Our approach An efficient protocol with server participation Trust assumption: server does not collude with your friends y x ?? r ( x – y ) ?? no one knows r Total traffic: 24 bytes, easy computation

  12. Problem: online brute-force attack If only there were a way to verify that a user really is where they claim to be… Solution: location tags (for small granularity)

  13. Properties of location tags Location tag = vector + matching function i.e., space-time fingerprint Unpredictability cannot produce matching tag unless nearby Reproducibility two devices at same place & time produce matching tags (not necessarily identical)

  14. Location tags using WiFi packets Discard packets like TCP that may originate outside local network • DHCP, ARP, Samba etc. are local • 15 packets/sec on CS/EE VLAN Two different devices see about 90% of packets in common Comparing location tags: privately test if intersection > 90%

  15. Android implementation

  16. Android implementation

  17. Android implementation

  18. Future work Many location privacy questions: • Private location based advertising • Private location based search • Private location statistics

More Related