A Private Mode for Mobile Users

1. A Private Mode for Mobile Users John Baluch and Professor Stephen Wicker • First-time activation • Remote attestation – device sends network an image of the hardware and software that is present • RET is used as the previous work utilized it • Proposed system provides protection against cloning and tampering through (not an exhaustive list): • Signal Interception • Replicated Memory • Stolen Device • Conclusion • Cellular phones are remarkably good tracking devices. They have the ability to relay the information of its user to the service provider at any time, all the time. Data such as current location, past locations, times and dialed numbers are recorded and owned by the utility. In • effect, cell phones are a surveillance technology [4] with an ever increasing importance in the social world. A new method for establishing a private overlay allows users to conceal their personal data through the use of a self-evaluating program and a Private Mode application, a method which can be implemented with ease. • References • [1] Ekberg, Jan-Erik, and MarkkuKylanpaa. Mobile Trusted Module (MTM) - an introduction. Tech. no. NRC-TR-2007-015. Nokia Research Center, 14 Nov. 2007. Web. 30 June 2010. • [2] Barkuus, Louise, and AnindDey. Location-Based Services for Mobile Telephony: a Study of Users Privacy Concerns. Tech. no. IRB-TR-03-024. Intel Research Berkely, July 2003. Web. 30 June 2010. • [3] Schmidt, Andreas U., Nicolai Kuntze, and Michael Kasper. On the Deployment of Mobile Trusted Modules. Tech. Fraunhofer Institute for Secure Information Technology SIT. Web. 25 June 2010. • [4] S. B. Wicker, Surveillance Architectures: Digital Telephony and the Question of Privacy, Communications of the ACM, to appear. • [5] Ptzmann, Andreas, Birgit Ptzmann, Matthias Schunter, and Michael Waidner. Trusting Mobile User Devices and Security Modules. Publication no. 0018-9162/97. IEEE, 1997. IEEE Xplore. IEEE. Web. • [6] S. B. Wicker and D. E. Schrader, Privacy-Aware Design Principles For Information Networks. Proceedings of the IEEE, to appear. • [7] Ghosh, Anup K., and Tara M. Swaminatha. Software Security and Privacy Risks in Mobile E-Commerce. Publication. 2nd ed. Vol. 44. ACM, 2001. Print. Communications of the ACM. • [8] Palen, Leysia, Marilyn Salzman, and Ed Youngs. Going Wireless: Behavior & Practice of New Mobile Phone Users. Publication no. 1-58113-222-0/00/0012. ACM, 26 Dec. 2000. Web. 25 June 2010. • [9] Trusted Computing Group (TCG). TCG Mobile Trusted Module Specication. Rep. TCG, 26 June 2008. Web. 30 June 2010. • Acknowledgements • We gratefully thank Professor Stephen Wicker for his support, and Jesus Noland, Nathan Karst, RadamesMererro and DaNae Grubbs for their contributions. This work was supported in part by TRUST (Team for Research in Ubiquitous Secure Technology), which receives support from the National Science Foundation (NSF award number CCF-0424422) • Introduction • Content vs. Context • Content of phone calls are protected under the Fourth Amendment (Katz v. United States (1967)) • Context of phone calls, like postal mail, has no reasonable expectation of privacy (Smith v. Maryland (1979)) • Number dialed, number of the caller, location of the caller, the time of the call and duration are considered context. • Passive/Active Surveillance • Passive surveillance (wire tapping, location data collection) • Can occur easily and at any time • Places docility in cellular users [4] • Hinders political speech and behavior [4] • Active surveillance (Context data distribution) • Sold to third parties • Causes manipulative information flows (direct marketing) • Brings user to a desired state or behavior • Goal • A private overlay which will conceal a mobile user’s private data. • Simple enough that any non-technical user can control • Sophisticated so that adversaries can not tamper, clone and illegally distribute • Anonymous to ensure the users privacy • Method • Previous Work • Trusted Platform Module (TPM) • Physical chip • Cryptographic vault • Security solution approved by TCG [9] • Requires a Public Key Infrastructure and Certification Authority (PKI) [4] • Random Equipment Tag (RET) is generated and replaces current phone number [4] • User must share RET if they wish to be contacted • Data is stored on TPM • Limitations • Requires a new phone with a TPM. • May compromise the size of smaller models • Manufacturers may need incentive to redesign certain phone models to accommodate TPM • Results • Mobile Trusted Module (MTM) • Software version • Similar to TPM, but varies in operation • Uses concept of Secure Boot [1] • MTM is installed • PKI set up • Random, anonymous product key is given Direct Marketing Third Parties • Context Data Service Provider Law Enforcement Docility Figure 1. Flow of active surveillance. Figure 2. Secure Boot operation [1]