html5-img
1 / 22

Handball : Simple Security Tools for Handheld Devices

LABORATORIES. Handball : Simple Security Tools for Handheld Devices. Niklas Frykholm, Markus Jakobsson, Ari Juels. Our aim: To rethink palm security from scratch. Palm pros: Cheap Convenient Someday ubiquitous Smartcard alternative?. Palm cons: Easily stolen No tamper resistance

kirti
Télécharger la présentation

Handball : Simple Security Tools for Handheld Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LABORATORIES Handball:Simple Security Tools for Handheld Devices Niklas Frykholm, Markus Jakobsson, Ari Juels

  2. Our aim:To rethink palm security from scratch

  3. Palm pros: Cheap Convenient Someday ubiquitous Smartcard alternative? • Palm cons: • Easily stolen • No tamper resistance • Often used for sensitive data • New (sometimes clumsy) style of data entry

  4. Despite this, we want: • To prevent unauthorized access • Get good security from low entropy keys • Alert/disable in case of unauthorized access • Achieve functionality like backup in hostile environments

  5. Attackers may • Steal devices and copy them surreptitiously • Emulate copied devices completely • See all old transcripts • Do fairly serious computing (250 or so…) • Mount some on-line attack

  6. Problem with passwords on palm devices • Passwords geared toward keyboards • Palm devices use other data entry • Some studies suggest superiority of visual memory (e.g., Sheperd) • The visual approach... • Jermyn et al., Xerox PARC, Blonder, Perrig, Passfaces • Only Jermyn et al. suitable for palm devices

  7. Visual Passwords Your PIN consists of a point on an image (or multiple such) Icons help stimulate the user’s memory

  8. Visual Passwords Error-tolerance techniques allow user to come only close to point, but security remains maximal Training routine helps fix PIN in user’s memory Prototype available

  9. Some more problems with passwords • Users and passwords don’t mix well: • Either too long to be easily memorized (high entropy) • Or too short to be used effectively in naïve manner • For example, AES encryption of credit cards

  10. Credit-Card Vault • Special “non-redundant” encryption protects card and bank account numbers with just a PIN -- • Protection even against a determined hacker • Prototype available

  11. Encryption using low-entropy keys • To encrypt a list of PINS: • Select master PIN -- call it M • E[PIN1] = PIN1 M • E[PIN2] = PIN2 M , etc. • But a credit card is not so simple: • Has redundancy: Check digit • Unprotected parts may give clues to attacker

  12. Accommodate credit-card structure • Idea: Isolate essential digits • Strip away check digit • Strip away bank numbers • Encrypt remaining digits under stream cipher mod 10 • RC4(key) 10 (cc digits) • Note: Decryption with any key yields a valid-looking credit card number

  13. Credit-card vault Can we do Social Security Numbers? Names? Addresses?

  14. Infrared Palm Lock • Small key locks and unlocks PalmPilot • Strong key would be inexpensive ($2) to manufacture in quantity

  15. Infrared Palm Lock • Current prototype is “conceptual” • Static key • 20-bit entropy • Evolution: • Static key, 80-bit entropy encryption key • Rolling key, rolling encryption • Bluetooth -- interactive variant

  16. Digital Signing on the Palm • Palm is convenient platform for signing • An offline digital signing key protected with a PIN is vulnerable to attack if palm device is stolen I agree to buy 1000 shares of Enron at $100/share from Ken. • Online approaches may suffer from spotty connectivity

  17. Our aim • Distinguish attacker–generated signatures from “real” signatures • Alert authorities of any attacks • But make alarm “silent” • attacker should be unable to distinguish a good signature from a bad one • All with a low-entropy PIN!

  18. h h h h’ h’ h’ r1 r3 r2 Funkspiel schematic s1 s2 s4 s3 • si = h(si, i) • ri= h’(si, PIN) • Incorporate riinto message to be signed • Verifier can check correctness of ri

  19. ? h h h ? Why does this yield “silent” alarm? s1 s2 s4 s3 s2 h’ h’ h’ r1 r3 r2 r2 • Attacker can’t learn s2 because of one-wayness of h • Attacker can’t learn PIN because she can’t learn s2 • Attacker can’t tell whether she’s tripping alarm if she signs using s3

  20. Inserting riinto standard scheme • We use RSA-PSS (Bellare-Rogaway) • RSA-PSS supplies random padding of messages to be signed using RSA – to avoid existential forgery • Padding has some random component, some redundancy • We let ri be the random portion

  21. The Big Picture • Everybody can verify signatures using standard RSA-PSS • “Alarm center” can check PIN, too, for “silent alarm”! • “Alarm center” can, e.g., inform bank if theft suspected

  22. LABORATORIES • Prototypes available for visual passwords, credit-card vault, and IR key • Patents pending on visual passwords

More Related