Security in a Pervasive Computing Environment

1. Security in a Pervasive Computing Environment Mike Chen CS Division, UC Berkeley mikechen@cs.berkeley.edu

2. Security in a Connected World • We want access anytime, anywhere • use pager to trade stock • use Pilot to open doors + buy coke • Sensitive data and control information flowing across the network. • Already have lots of security tools and standards • PGP, SSL, SET, etc. • ? How to scale down to fit small devices?

3. Authentication • Who are you? • What you have and what you know. • Device • knowledge of keys • eg. battlefield sensors w/ hardcoded keys • User • username/passwords • eg. Unix/NT accounts, online stock trading • Device + User • ownership of the device + passwords • eg. ATM cards + PIN

4. Alice Bob “Don’t fire!” “Fire!” Integrity • What I say is what you hear. • Man-in-the-middle attack • Solutions • Checksum? No! Easy to forge. • Message Digest • one-way hash function. eg. MD5 • Message Authentication Code (MAC) • key-dependent one-way hash function. eg. HMAC

5. Encryption • Keeping the conversation private. • Public keys • advantage: simple key management • disadvantage: slow (20s on WorkPad) • Shared keys • advantage: much faster (<1s on WorkPad) • disadvantage: key distribution • Lesson: • use shared keys when possible • use a hybrid/proxy design • pub keys between proxy/service and shared keys between device/proxy.

6. Shared Key Secure Sockets • secure socket layer • Java/C implementations, Open Source • 1 128-bit shared authentication key (Ka) • 4 Session Keys • one 128-bit encryption key and one 160-bit MAC key for each direction • generated using the shared key + the 2 random numbers generated by the device and the service

7. Secure Service Authentication Protocol Rand_p - generate random # - generate random # - compute MAC Rand_s + MAC(Ka, 0 + Rand_s + Rand_p) - verify MAC - compute MAC MAC(Ka, 1 + Rand_s + Rand_p) - verify MAC

8. Encrypted/MAC’d Transport • MAC • algorithm: HMAC-SHA-1 • HMAC: Keyed-Hashing for Message Authentication • MAC(key, prev. MAC + data) • prevents splicing/replay attacks • Encryption: • algorithm: Blowfish in CBC mode • 2-3 times faster than 3DES. (faster than the serial port on WorkPad!)

9. Key Management • 2 128-bit keys • Authentication Key (Ka): two-way authentication • Encryption Key (Ke): optional encrypted storage • User management • Public Key Infrastructure • Certificate Authority (CA) • Bootstrapping • Use a trusted workstation w/ certificates to setup Authentication key • PDAs fail often => re-generate Authentication Key if necessary

10. Key Service Key Management (con’t) 1. {Ka}passphrase1 => keys.pdb use HotSync/pilot-xfer to install 2. Pilot generates {Ke}passphrase2 => stores it in keys.pdb trusted 3. backup keys.pdb to workstation user w/certificate 4. Upload Ka to service via SecureRMI (auth. both the service and the client)

11. Security in the Proxy World • The Trusted Computing Base (TCB) is the smallest part of your computer/network that you need to trust for the system to be “secure” AP • The TCB now includes the proxy.

12. Untrusted Proxy • Authentication/Encryption done on device AP • Partially Trusted Proxy • Authentication done on device • Encryption done on proxy AP • Fully Trusted Proxy • Authentication/Encryption done on proxy AP Security in the Proxy World (con’t) • How you split the app will depend on how much you trust the proxy.