Dynamic locations secure mobile services discovery and dynamic group membership
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on
  • Presentation posted in: General

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership. Ryan Lackey <[email protected]> www.metacolo.com. Who?. Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash

Download Presentation

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Dynamic locations secure mobile services discovery and dynamic group membership

Dynamic Locations:Secure Mobile Services Discovery and Dynamic Group Membership

Ryan Lackey

<[email protected]>

www.metacolo.com

Ryan Lackey http://www.metacolo.com/


Dynamic locations secure mobile services discovery and dynamic group membership

Who?

  • Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash

  • Ultimate goal: anonymous secure infrastructure from end to end: clients, servers, networks, pro

  • Founded HavenCo/ran 2000-2002

  • metacolo: offshore colo in 9 markets, related projects, including secure mobile systems

Ryan Lackey http://www.metacolo.com/


Introduction

Introduction

  • Lots of work has been done to network fixed equipment, and to secure fixed network connections, but most mobile apps are just slightly modified versions of fixed applications

  • Most mobile networked systems have simplified security models; some link security but little application specific security end to end

  • Fundamentally new kinds of applications are possible with secure mobile systems

Ryan Lackey http://www.metacolo.com/


Fundamental constraints

Fundamental Constraints

  • Power and bandwidth limited

  • Many nodes in continual motion and appear/disappear rapidly

  • Much infrastructure is closed and long cycles to upgrade and deploy

  • UI complicated by devices and use cases (user attention not dedicated)

Ryan Lackey http://www.metacolo.com/


Platform

Platform

  • HP/Compaq iPaq running Linux

  • Laptops running Linux and FreeBSD

  • 802.11b and 1xRTT IP-based communications

  • Open systems for easy development, python for rapid development

Ryan Lackey http://www.metacolo.com/


Applications of interest

Applications of Interest

  • “Matchmaking” – letting parties meet with similar interests meet up

  • Secure messaging (communications and message-based low-overhead protocols, including payment systems)

  • Secure streams (VoIP, VPN)

Ryan Lackey http://www.metacolo.com/


Matchmaking

“Matchmaking”

  • Demo app is letting people define a set of interests, then announce to the world, without risk of being “interrogated” by third parties

  • Useful for service discovery too – announce that you’re running certain services to others in the set, but not to the public (RIAA, MPAA, Government, etc)

  • Attestations, with optional protection from traffic analysis as well

Ryan Lackey http://www.metacolo.com/


Secure short messages

Secure short messages

  • Text messaging

  • Much easier technically than streams

  • Store/forward possibility

  • Also useful for many protocols, either in two way or polled mode

Ryan Lackey http://www.metacolo.com/


Streams

Streams

  • Voice over IP is key market – encrypted cellphone using low-bandwidth channel (1xRTT or HSCSD GSM) and anonymization of calls

Ryan Lackey http://www.metacolo.com/


Interaction models

Interaction models

  • True peer to peer

  • “Security proxy” or user selected/operated operational server

  • Centralized client-server operated by application developers

  • Centralized client-server operated by communications providers

Ryan Lackey http://www.metacolo.com/


Existing p2p systems

Existing p2p systems

  • Generally designed for high bandwidth media sharing with minimal anonymity layered over existing IP networks

  • Not really designed for interactive communication

Ryan Lackey http://www.metacolo.com/


Existing mobile client server systems

Existing mobile client-server systems

  • Designed with link encryption to the wireless hub, or to the server

  • Closed development environment controlled by mobile companies

  • Hard for users and application developers to really trust the security model

Ryan Lackey http://www.metacolo.com/


Early mobile p2p systems

Early mobile p2p systems

  • “lovegety” – a system to use RF to share information about membership in certain groups

  • Subject to “trawling”, direction finding attacks, and “corraling” small numbers of users to identify

Ryan Lackey http://www.metacolo.com/


Security implications

Security Implications

  • Confidentiality, Integrity, Authentication solvable through traditional systems

  • Traffic analysis is the hard problem

  • Complete undetectability of special traffic

  • Of course, reliability, availability, etc. are still major concerns, and special mobile constraints

Ryan Lackey http://www.metacolo.com/


Policy implications

Policy Implications

  • Centralized systems vulnerable to technical or legal attack

  • Who to trust – communications provider, applications provider?

  • Trust is essential to enabling certain applications

Ryan Lackey http://www.metacolo.com/


Central mediation

Central Mediation

  • Servers trusted by some party to take all communications and retransmit

  • Defeats firewalls/proxies/NAT as well as provides protection from traffic analysis

  • Persistence; can buffer communications for users with intermittent connectivity

Ryan Lackey http://www.metacolo.com/


True peer to peer cryptographic systems

True Peer to Peer Cryptographic Systems

  • Computationally intensive on client

  • Bandwidth intensive; may only be able to send single bits!

  • Generally can put user into a “collusion set” but unless set is large, elimination can identify user

Ryan Lackey http://www.metacolo.com/


Covert channels for mobile use

Covert channels for mobile use

  • Masking using pre-recorded traffic

  • Sniffing and simulating

  • MITM

  • “Design for MITM” – Dining Cryptographer’s Networks, etc.

Ryan Lackey http://www.metacolo.com/


Dining cryptographer s network

Dining Cryptographer’s Network

Due to David Chaum, described at

http://cypherpunks.venona.com/date/1992/12/msg00107.html

Multiple parties can communicate without revealing to one another which is initiating the communications

Ryan Lackey http://www.metacolo.com/


Anonymizing remailers as model

Anonymizing remailers as model

  • Store and forward messaging with latency added

  • Complicated due to node unreliability

  • Send out multiple messages; tradeoff of bandwidth waste vs. latency vs. reliability

Ryan Lackey http://www.metacolo.com/


Current solution

Current solution

  • Communications with a trusted server using fixed-rate messaging (tuned for bandwidth)

  • Inter-server communications, allowing users to select “security proxy servers” to act on their behalf, optionally running servers themselves

Ryan Lackey http://www.metacolo.com/


Conclusions

Conclusions

  • Mobile-specific (more properly, dynamic) security is a very hard problem

  • Key is finding applications which fit currently available technology – message based, with secure service discovery

Ryan Lackey http://www.metacolo.com/


Future work

Future work

  • Develop an application developer’s toolkit with service discovery on top of secure message-passing and streams systems

  • “Killer apps” of VoIP and mobile payment – good stream based systems

Ryan Lackey http://www.metacolo.com/


  • Login