Dynamic locations secure mobile services discovery and dynamic group membership
Sponsored Links
This presentation is the property of its rightful owner.
1 / 23

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership. Ryan Lackey <ryan@metacolo.com> www.metacolo.com. Who?. Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash

Download Presentation

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Dynamic Locations:Secure Mobile Services Discovery and Dynamic Group Membership

Ryan Lackey



Ryan Lackey http://www.metacolo.com/


  • Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash

  • Ultimate goal: anonymous secure infrastructure from end to end: clients, servers, networks, pro

  • Founded HavenCo/ran 2000-2002

  • metacolo: offshore colo in 9 markets, related projects, including secure mobile systems

Ryan Lackey http://www.metacolo.com/


  • Lots of work has been done to network fixed equipment, and to secure fixed network connections, but most mobile apps are just slightly modified versions of fixed applications

  • Most mobile networked systems have simplified security models; some link security but little application specific security end to end

  • Fundamentally new kinds of applications are possible with secure mobile systems

Ryan Lackey http://www.metacolo.com/

Fundamental Constraints

  • Power and bandwidth limited

  • Many nodes in continual motion and appear/disappear rapidly

  • Much infrastructure is closed and long cycles to upgrade and deploy

  • UI complicated by devices and use cases (user attention not dedicated)

Ryan Lackey http://www.metacolo.com/


  • HP/Compaq iPaq running Linux

  • Laptops running Linux and FreeBSD

  • 802.11b and 1xRTT IP-based communications

  • Open systems for easy development, python for rapid development

Ryan Lackey http://www.metacolo.com/

Applications of Interest

  • “Matchmaking” – letting parties meet with similar interests meet up

  • Secure messaging (communications and message-based low-overhead protocols, including payment systems)

  • Secure streams (VoIP, VPN)

Ryan Lackey http://www.metacolo.com/


  • Demo app is letting people define a set of interests, then announce to the world, without risk of being “interrogated” by third parties

  • Useful for service discovery too – announce that you’re running certain services to others in the set, but not to the public (RIAA, MPAA, Government, etc)

  • Attestations, with optional protection from traffic analysis as well

Ryan Lackey http://www.metacolo.com/

Secure short messages

  • Text messaging

  • Much easier technically than streams

  • Store/forward possibility

  • Also useful for many protocols, either in two way or polled mode

Ryan Lackey http://www.metacolo.com/


  • Voice over IP is key market – encrypted cellphone using low-bandwidth channel (1xRTT or HSCSD GSM) and anonymization of calls

Ryan Lackey http://www.metacolo.com/

Interaction models

  • True peer to peer

  • “Security proxy” or user selected/operated operational server

  • Centralized client-server operated by application developers

  • Centralized client-server operated by communications providers

Ryan Lackey http://www.metacolo.com/

Existing p2p systems

  • Generally designed for high bandwidth media sharing with minimal anonymity layered over existing IP networks

  • Not really designed for interactive communication

Ryan Lackey http://www.metacolo.com/

Existing mobile client-server systems

  • Designed with link encryption to the wireless hub, or to the server

  • Closed development environment controlled by mobile companies

  • Hard for users and application developers to really trust the security model

Ryan Lackey http://www.metacolo.com/

Early mobile p2p systems

  • “lovegety” – a system to use RF to share information about membership in certain groups

  • Subject to “trawling”, direction finding attacks, and “corraling” small numbers of users to identify

Ryan Lackey http://www.metacolo.com/

Security Implications

  • Confidentiality, Integrity, Authentication solvable through traditional systems

  • Traffic analysis is the hard problem

  • Complete undetectability of special traffic

  • Of course, reliability, availability, etc. are still major concerns, and special mobile constraints

Ryan Lackey http://www.metacolo.com/

Policy Implications

  • Centralized systems vulnerable to technical or legal attack

  • Who to trust – communications provider, applications provider?

  • Trust is essential to enabling certain applications

Ryan Lackey http://www.metacolo.com/

Central Mediation

  • Servers trusted by some party to take all communications and retransmit

  • Defeats firewalls/proxies/NAT as well as provides protection from traffic analysis

  • Persistence; can buffer communications for users with intermittent connectivity

Ryan Lackey http://www.metacolo.com/

True Peer to Peer Cryptographic Systems

  • Computationally intensive on client

  • Bandwidth intensive; may only be able to send single bits!

  • Generally can put user into a “collusion set” but unless set is large, elimination can identify user

Ryan Lackey http://www.metacolo.com/

Covert channels for mobile use

  • Masking using pre-recorded traffic

  • Sniffing and simulating

  • MITM

  • “Design for MITM” – Dining Cryptographer’s Networks, etc.

Ryan Lackey http://www.metacolo.com/

Dining Cryptographer’s Network

Due to David Chaum, described at


Multiple parties can communicate without revealing to one another which is initiating the communications

Ryan Lackey http://www.metacolo.com/

Anonymizing remailers as model

  • Store and forward messaging with latency added

  • Complicated due to node unreliability

  • Send out multiple messages; tradeoff of bandwidth waste vs. latency vs. reliability

Ryan Lackey http://www.metacolo.com/

Current solution

  • Communications with a trusted server using fixed-rate messaging (tuned for bandwidth)

  • Inter-server communications, allowing users to select “security proxy servers” to act on their behalf, optionally running servers themselves

Ryan Lackey http://www.metacolo.com/


  • Mobile-specific (more properly, dynamic) security is a very hard problem

  • Key is finding applications which fit currently available technology – message based, with secure service discovery

Ryan Lackey http://www.metacolo.com/

Future work

  • Develop an application developer’s toolkit with service discovery on top of secure message-passing and streams systems

  • “Killer apps” of VoIP and mobile payment – good stream based systems

Ryan Lackey http://www.metacolo.com/

  • Login