Security Issues in Mobile Computing: Security Issues in Mobile Computing Graduate Student Seminar November 3, 2000 Kazuhiro Minami Joint work with Prof. David Kotz


Contents: Contents Mobile Computing Security Issues Authentication of Mobile Users Mobile Code Privacy Issues Conclusion


Prevalence of Mobile Computing: Prevalence of Mobile Computing Mobile computing is becoming increasing common place recently. Subscribers in Japan NTT DoCoMo I-mode (web phone) E-mail Chat Web Access Scheduler On-line Banking


Goals of Mobile Computing: Goals of Mobile Computing Anywhere Access Allow users to work with computer resources from almost anywhere Enhanced Availability Disconnected operation support Ubiquitous Access Integrate invisible small computers seamlessly into our everyday life


Mobile Computing Environment: Mobile Computing Environment Wired Network Switch/ Router Wireless Phone PDA Wireless WAN Desktop/Laptop modem Wireless LAN Desktop/Laptop Wired LAN (10 – 100 Mbps) Dial-up (1 – 65.6 kbps) Outdoor Home/Hotel Office The new systems infrastructure must adapt the diversified environment dynamically. (1 - 11 Mbps) (1- 9.6 kbps) Desktop/Laptop


Technical Challenges: Technical Challenges Mobile Device Base Station Network Portability - Slow CPU - Small memory/disk size - Small battery capacity Server Base Station Mobility - Address Migration - Location Dependent Information Wireless Communication - Low bandwidth (e.g., CDPD 19.2 Kbps) - High error rates - Low availability (Disconnection) Trustworthiness


Major Security Issues: Major Security Issues Mobility Portability Wireless Communication Trust Insecure Channel Mobile Code Privacy


Security Issues in Wireless Networks: Security Issues in Wireless Networks Easy to connect to a wireless link No physical constraints such as doors Eavesdropping of wireless data communications Active intrusions through the wireless medium


Major Obstacle: Major Obstacle Poor computing power and the small battery of a mobile device


Two Approaches using Cryptosystems: Two Approaches using Cryptosystems Mobile Device Base Station Network Server Secure communication over insecure channels is accomplished by encryption. Wireless link Secured Only End-to-end Security


Link-level Security Using Shared-key Cryptosystem: Link-level Security Using Shared-key Cryptosystem The mobile communication standards adopt the secret-key based protocols. Example: Group Special Mobile(GSM), DECT Faster than public-key cryptosystems Less secure than public-key cryptosystems e.g., Secret keys are stored in the centralized authentication server. Drive the researches based on public-key cryptosystem


Link-level Security Using Public-key Cryptosystem : Link-level Security Using Public-key Cryptosystem Computation of modular exponentiations are expensive Splitting-based techniques [BQ95, NJ98] Idea: Server-aided secret computation Compute modular exponentiations with the aid of a server Encryption: c = me(mod n) Decryption: m = cd(mod n) where c: ciphertext, m: cleartext, {e,n}:public key, {d,n}: private key


Splitting-based techniques: Splitting-based techniques The secret d is decomposed into several pieces, and only some of them are revealed to the server A mobile device can keep secrecy Mobile device Base Station 1. Decompose d to m-1 aixi 2. Send xi 3. Pre-calculation using xi 4. Return the pre-result 5. Post calculation to get m (decrypted message) 0


Why End-to-end Security?: Why End-to-end Security? Link-level encryption and authentication solve only part of the problem Users still need to authenticate themselves and encrypt messages in an end-to-end fashion. Authentication/Encryption is done twice Violation of End-to-end principle


End-to-end Authentication : End-to-end Authentication Kerberos is a widely used authentication server in an open environment. Porting a Kerberos client to mobile devices is hard Limited software and hardware resources OS is incompatible with the Kerberos Unix API Client Authentication Server (AS) Ticket-granting Server (TGS) Kerberos User secret keys Request a ticket for TGS Ticket for TGS Request a ticket for Service Ticket for Service Service Request Service


Indirect Authentication Using Kerberos [Fox96]: Indirect Authentication Using Kerberos [Fox96] Kerberos client-side functionality is partitioned between the client and the proxy Proxy AS TGS Kerberos Service Mobile Client DES Encryption/ Decryption Unix-specific functionality Protocol gateway


Other Research Topics: Other Research Topics Anonymity of a mobile user [MST93] Hand-over of authentication information [RDG93 , Yuliang94] Intrusion detection for wireless Ad-Hoc works [ZL00]


Why Mobile Code?: Why Mobile Code? Partitioning of application functionality is the key design issue in mobile computing Client Client/Server Model Applet Model Server C Server S Servlet Model C S Client Extended Client/Server Model Proxy Model C S C S C C S


Why Mobile Code? (continue): Why Mobile Code? (continue) The systems infrastructure needs to adapt to the changing computing environments mobile-code solution


Security Issues in Mobile Code: Security Issues in Mobile Code Malicious code Many techniques have been developed: Sandboxing (JDK1.2) Code-signing (JDK1.2) Proof-carrying code [CL98] Resource Management in a single address space J-Kernel [Hawblitzel97] JavaOS [BHL00] Malicious host


Tampering by the Malicious host: Tampering by the Malicious host Japan Airline Mobile Shopping Agent User Machine All Japan Airline New Jopon Airline $230 $230 $210 $230 $210 $250 $210 Correct Answer A simple and profitable attack would be to tamper the agent’s state.


Tampering by the Malicious host: Tampering by the Malicious host Japan Airline Mobile Shopping Agent User Machine All Japan Airline New Jopon Airline $230 $230 $210 $230 $210 $250 A simple and profitable attack would be to tamper the agent’s state. Malicious Server


Tampering by the Malicious host: Tampering by the Malicious host Japan Airline Mobile Shopping Agent User Machine All Japan Airline New Jopon Airline $230 $230 $210 $270 $280 $250 A simple and profitable attack would be to tamper the agent’s state. Malicious Server


Tampering by the Malicious host: Tampering by the Malicious host Japan Airline Mobile Shopping Agent User Machine All Japan Airline New Jopon Airline $230 $230 $210 $270 $280 $250 $250 Wrong! A simple and profitable attack would be to tamper the agent’s state. Malicious Server


Category of Attacks from Malicious Hosts : Category of Attacks from Malicious Hosts Modification Snooping Lying Dictionary Denial of Service Prevention is hard, but detection is possible except for snooping


Techniques against Modification: Techniques against Modification Audit Logs [Vigna98] Hosts keep a detailed log of agent activity. A central server check the logs for inconsistencies Based on public-key infrastructure Detection Objects [Meadows] Insert dummy data/code into state. Verify dummy data’s integrity upon return


Techniques against Snooping : Techniques against Snooping Fundamental problems: Can a mobile agent conceal the program it wants to have executed? Negotiation is impossible for agents Can a mobile agent remotely sign a document without disclosing the user’s secret key? Agents cannot bring user’s secret key


Encrypted Functions : Encrypted Functions Encrypting Polynomials and Rational Functions [Sander98, Cybenko00] Find encryption scheme E:x-andgt; y with special homomorphic properties: E(f(x,y)) = f’(E(x), E(y)) Alice Bob E(x),E(y), f’ f’’(E(x),E(y)) X,Y E(f(x,y)) f(x,y) = x + y E D X+Y


Privacy Issues: Privacy Issues Context-aware computing Applications make decisions based on user’s contexts. The system infrastructure collects information about the user. Location Time Schedule etc Great Privacy Concerns


Current Technologies for Protecting Privacy: The Internet Current Technologies for Protecting Privacy User Negotiating Agent Anonymizing Agent Pseudonym Agent Service Hide user’s identity Enforce user’s policy In terms of privacy Regulator and Self-regulatory framework


Techniques for Hiding an Identity: Techniques for Hiding an Identity Anonymizing agent Ensure that requests cannot be linked to an IP address from a user can be identified Users have to trust the agent Example: Anonymizer, Crowds, Onion Routing Pseudonym agent Manage pseudonyms to develop persistent relationships not linked to an identifiable user Example: LPWA


Negotiation agent: Negotiation agent W need to provide some identifying information for on-line transactions Determines whether user’s privacy policies are satisfied on behalf of users P3P(Privacy Preference Project) provides a rich vocabulary to express their privacy preferences. Service User agent Request for content P3P proposal PUID and agreementID content


Difficulty in Protecting Privacy: Difficulty in Protecting Privacy Conventional security techniques (ACL) cannot not restrict propagation of information. Traditional mandatory access control (MAC) requires the central authority We cannot trust the server on the other end.


Decentralized Label Model [Mayer00]: Decentralized Label Model [Mayer00] A new label model for control of information flow in systems with mutual distrust and decentralized authority It allows users to declassify information in a decentralized way Jif, an extension to Java that provides static checking of information flow using the decentralized label model.


A Simple Example: A Simple Example Spreadsheet WebTax Tax data Final Tax form Bob Preparer Database Mutually distrusting principals, Bob and Preparer must cooperate to create a final tax form. {Bob: Bob, Preparer} {Preparer: Preparer} {Bob: Bob} {Bob: Bob; Preparer: Preparer} Label: {Owner: a list of Readers}


Summary: Summary Thin mobile clients makes the authentication/encryption difficult Needs practical solutions against attack by malicious host Needs mechanism for assuring trusted servers