dynamic locations secure mobile services discovery and dynamic group membership
Download
Skip this Video
Download Presentation
Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership

Loading in 2 Seconds...

play fullscreen
1 / 23

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership - PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership. Ryan Lackey <[email protected]> www.metacolo.com. Who?. Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership' - riona


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
dynamic locations secure mobile services discovery and dynamic group membership

Dynamic Locations:Secure Mobile Services Discovery and Dynamic Group Membership

Ryan Lackey

<[email protected]>

www.metacolo.com

Ryan Lackey http://www.metacolo.com/

slide2
Who?
  • Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash
  • Ultimate goal: anonymous secure infrastructure from end to end: clients, servers, networks, pro
  • Founded HavenCo/ran 2000-2002
  • metacolo: offshore colo in 9 markets, related projects, including secure mobile systems

Ryan Lackey http://www.metacolo.com/

introduction
Introduction
  • Lots of work has been done to network fixed equipment, and to secure fixed network connections, but most mobile apps are just slightly modified versions of fixed applications
  • Most mobile networked systems have simplified security models; some link security but little application specific security end to end
  • Fundamentally new kinds of applications are possible with secure mobile systems

Ryan Lackey http://www.metacolo.com/

fundamental constraints
Fundamental Constraints
  • Power and bandwidth limited
  • Many nodes in continual motion and appear/disappear rapidly
  • Much infrastructure is closed and long cycles to upgrade and deploy
  • UI complicated by devices and use cases (user attention not dedicated)

Ryan Lackey http://www.metacolo.com/

platform
Platform
  • HP/Compaq iPaq running Linux
  • Laptops running Linux and FreeBSD
  • 802.11b and 1xRTT IP-based communications
  • Open systems for easy development, python for rapid development

Ryan Lackey http://www.metacolo.com/

applications of interest
Applications of Interest
  • “Matchmaking” – letting parties meet with similar interests meet up
  • Secure messaging (communications and message-based low-overhead protocols, including payment systems)
  • Secure streams (VoIP, VPN)

Ryan Lackey http://www.metacolo.com/

matchmaking
“Matchmaking”
  • Demo app is letting people define a set of interests, then announce to the world, without risk of being “interrogated” by third parties
  • Useful for service discovery too – announce that you’re running certain services to others in the set, but not to the public (RIAA, MPAA, Government, etc)
  • Attestations, with optional protection from traffic analysis as well

Ryan Lackey http://www.metacolo.com/

secure short messages
Secure short messages
  • Text messaging
  • Much easier technically than streams
  • Store/forward possibility
  • Also useful for many protocols, either in two way or polled mode

Ryan Lackey http://www.metacolo.com/

streams
Streams
  • Voice over IP is key market – encrypted cellphone using low-bandwidth channel (1xRTT or HSCSD GSM) and anonymization of calls

Ryan Lackey http://www.metacolo.com/

interaction models
Interaction models
  • True peer to peer
  • “Security proxy” or user selected/operated operational server
  • Centralized client-server operated by application developers
  • Centralized client-server operated by communications providers

Ryan Lackey http://www.metacolo.com/

existing p2p systems
Existing p2p systems
  • Generally designed for high bandwidth media sharing with minimal anonymity layered over existing IP networks
  • Not really designed for interactive communication

Ryan Lackey http://www.metacolo.com/

existing mobile client server systems
Existing mobile client-server systems
  • Designed with link encryption to the wireless hub, or to the server
  • Closed development environment controlled by mobile companies
  • Hard for users and application developers to really trust the security model

Ryan Lackey http://www.metacolo.com/

early mobile p2p systems
Early mobile p2p systems
  • “lovegety” – a system to use RF to share information about membership in certain groups
  • Subject to “trawling”, direction finding attacks, and “corraling” small numbers of users to identify

Ryan Lackey http://www.metacolo.com/

security implications
Security Implications
  • Confidentiality, Integrity, Authentication solvable through traditional systems
  • Traffic analysis is the hard problem
  • Complete undetectability of special traffic
  • Of course, reliability, availability, etc. are still major concerns, and special mobile constraints

Ryan Lackey http://www.metacolo.com/

policy implications
Policy Implications
  • Centralized systems vulnerable to technical or legal attack
  • Who to trust – communications provider, applications provider?
  • Trust is essential to enabling certain applications

Ryan Lackey http://www.metacolo.com/

central mediation
Central Mediation
  • Servers trusted by some party to take all communications and retransmit
  • Defeats firewalls/proxies/NAT as well as provides protection from traffic analysis
  • Persistence; can buffer communications for users with intermittent connectivity

Ryan Lackey http://www.metacolo.com/

true peer to peer cryptographic systems
True Peer to Peer Cryptographic Systems
  • Computationally intensive on client
  • Bandwidth intensive; may only be able to send single bits!
  • Generally can put user into a “collusion set” but unless set is large, elimination can identify user

Ryan Lackey http://www.metacolo.com/

covert channels for mobile use
Covert channels for mobile use
  • Masking using pre-recorded traffic
  • Sniffing and simulating
  • MITM
  • “Design for MITM” – Dining Cryptographer’s Networks, etc.

Ryan Lackey http://www.metacolo.com/

dining cryptographer s network
Dining Cryptographer’s Network

Due to David Chaum, described at

http://cypherpunks.venona.com/date/1992/12/msg00107.html

Multiple parties can communicate without revealing to one another which is initiating the communications

Ryan Lackey http://www.metacolo.com/

anonymizing remailers as model
Anonymizing remailers as model
  • Store and forward messaging with latency added
  • Complicated due to node unreliability
  • Send out multiple messages; tradeoff of bandwidth waste vs. latency vs. reliability

Ryan Lackey http://www.metacolo.com/

current solution
Current solution
  • Communications with a trusted server using fixed-rate messaging (tuned for bandwidth)
  • Inter-server communications, allowing users to select “security proxy servers” to act on their behalf, optionally running servers themselves

Ryan Lackey http://www.metacolo.com/

conclusions
Conclusions
  • Mobile-specific (more properly, dynamic) security is a very hard problem
  • Key is finding applications which fit currently available technology – message based, with secure service discovery

Ryan Lackey http://www.metacolo.com/

future work
Future work
  • Develop an application developer’s toolkit with service discovery on top of secure message-passing and streams systems
  • “Killer apps” of VoIP and mobile payment – good stream based systems

Ryan Lackey http://www.metacolo.com/

ad