1 / 15

Mobile User Location- specific Encryption (MULE): Using Your Office as Your Password

Mobile User Location- specific Encryption (MULE): Using Your Office as Your Password.

tanith
Download Presentation

Mobile User Location- specific Encryption (MULE): Using Your Office as Your Password

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile User Location-specificEncryption (MULE): Using Your Office as Your Password AhrenStuder and Adrian Perrig. 2010. Mobile user location-specific encryption (MULE): using your office as your password. InProceedings of the third ACM conference on Wireless networksecurity(WiSec '10). ACM, New York, NY, USA, 151-162 -RatnaGaikwad - SwethaVuruputur - SamyamoyAcharyaChoudhuri

  2. INTRODUCTION • Data Breaches : Stolen Laptops • Exposure of over30 million unencrypted records • Solution? Yes. Authenticate users and Encrypt sensitive data • Users choose convenience over security • GOAL : Remove user effort and achieving the same or better security • Corner & Noble’s cryptographic token • User should carry a token to allow access to any file • Within range, files are accessible. Outside, files are encrypted

  3. Encrypt only user-specified sensitive files • MULE uses location-specific information from the trusted location to automatically derive a decryption key and allows access to the sensitive files • Secondary Password • how to protect the key needed to decrypt sensitive data without requiring user or administrative effort. • automatically derive the key • Personnel at most have to keep a list of not-yet-stolen laptops

  4. Assumptions : • Sensitive Data Access Patterns • Available Hardware and Software : • TPM (trusted platform modules) • TLD (Trusted Location Device) • PKI (Public Key Infrastructure) • Outsider Thief (OT) Attacker Model • Requirements : • Easily Accessible. • Unique to a Location • Bounded Range. • Significant Entropy.

  5. OVERVIEW

  6. MULE for Home Use • Should work as soon as TLD is powered on and laptop is in trusted location. • Constrained channel would allow MULE to perform all necessary tasks to derive keys. • OT will not be able to derive keys without access to constrained channel. • Laptops should possess m ,a location specific value to interact with TLD. • Knowledge of m yields in less computational overhead to successfully acquire file decryption key. Home Key Derivaiton Consists of the following 4 steps: • Initialization :Verification of TLD performed by Laptop and random M generated and transmitted through secure channel TLD Laptop : RSA public key (N,e). Laptop verifies key from metadata stored and quits if not found. TLD Laptop: TLD generates m (length l) and sends to laptop.

  7. Input Hiding: Laptop generates a number R relatively prime to N . R is used to blind k in the following manner: b= Re k mod N Now m is used to encrypt it further before transmitting it back to the TLD via the constrained channel. c= Encryptm[b] Blinding and encryption ensures that value encrypted is different in each run of the protocol and also protects the discovery of m from c by an attacker. • TLD Calculation: The TLD decrypts the received c ,signs the value and returns to the laptop. v= Decryptm[c] S=vd mod N d is the private exponent from the RSA key generation. S TLD Laptop. • Key Recovery: The laptop retrieves the key from the received value and thus possesses a deterministic signature that it can use to decrypt the sensitive files. K= S R-1 mod N

  8. Security aspects • With the assumption that an attacker does not have access to constrained channel, designating a location trustable requires 0 effort. • Employs RSA (secure as it is). • M and R used are random. • Original message concealed by blind signatures. • Attacker cannot pose to be TLD. • 2l attempts required on an average to guess m. TLD can rate limit requests. MULE for Corporate Use OT has access to constrained channel! Can impersonate a TLD and compromise security. Maintaining company assigned laptop ID and in a white list reduces administrative overhead. The laptop secret and ID are used to generate a MAC to protect the key used. Location specific m is XORed with laptop’s secret to ensure location specificity . If laptop gets stolen ,reporting has to be done immediately.

  9. Corporate Key Derivation • Initialization: Laptop initiates TLS connection with TLD and sends its signature and certificate. The laptop verifies the signature to ensure authenticity. TLD generates m of length l and transfers it via constrained channel to the laptop. • Application :Laptop XORs m with k (long term secret value) and then passes on the result along with its ID to the TLD. • TLD Calculations: TLD XORs received x with m to recover k and verifies if the ID is in the company whitelist. If found, KIDL= MACKTLD ( IDL||k) ,Keyed hash used to derive key which the laptop would use for further decryption of files. TLD returns the calculated key value via TLS to the laptop.

  10. Security aspects • Timely update of whitelist needs to be done. • TLS authenticates the TLD so impersonation not possible. • k is 128 bits or more, so minimal chances of attacker guessing the correct k when user is still in possession of laptop. • MAC function used is very secure and rules out selective forgery based on selected key-ID pairs. • Since updating of whitelist is done on an urgent basis , relay of information from constrained channel is ruled out.

  11. Location Independent Key • Secondary password to access encrypted data outside trusted location. • When the user first installs MULE, the system generates a random KIndand takes as input from the user a secondary password. • When user accesses protected files, encrypted Kind and password is sent to TPM • TPM sends decrypted KIndif password is correct which is used to decrypt the files.

  12. Attacks on Location Independent Passwords • Brute force attack: • Without defense, 8 character password with average entropy of 24 bits guessed in average less than 1 second. • With the Infineon TPM, ≈ 34 years to discover the secondary password. • impede a user who has trouble recalling a password or accidentally mistypes a password

  13. Implementation and Evaluation of MULE • Implementation: • AES with a 128 bit key as a cipher • HKD signature generation uses 2048-bit RSA. • The MAC in CKD was implemented using HMAC with SHA1. • TLS in CKD uses ephemeral Diffie-Hellman with 2048-bit RSA authentication during setup with AES256 and SHA1 to protect communication. • Scripts to mount/unmount file systems. • Constrained Channel Configuration • Location: LED in TLD emits on-off signals to help the laptop determine its position. Laptop’s camera looks for on-on-off-off pattern for 6 bits with each bit equal to 2 frames.

  14. Laptop tells the TLD to begin transmission after determining and creating the mask , prepending 0101 as a start sequence. • Laptop records and decodes the output from the TLD, looks for the 0101 start sequence and 20bit long m. • Quits when LED transmits 1010 again. • Evaluation: • Key derivation requires almost 5 seconds -time to access file • HKD is faster than CKD since TLS in not used.

  15. Conclusion • Benefits: • MULE provides encryption of sensitive data on laptop to prevent its access by unauthorized user/thief. • It requires zero user effort and limited IT administration to protect your sensitive data. • Assumes that user will access sensitive data only in Trusted Environment like home or office. • Limitation? • Encryption in virtual trusted network? • Not supported • Other Solutions: • Remote Laptop Security(RTS) • Stolen Laptop tracking softwares. • E. g. LoJack for laptops

More Related