1 / 17

HOPE Remote Management and Security

HOPE Remote Management and Security. Team PowerDroid http://utdallas.edu/~imerchant/hope_remote 9/20/11. Agenda. Our work so far Security and Usability What’s left. So Far. Chosen a platform: Amazon Web Services Apache Tomcat JSP Requirements analysis

carrie
Download Presentation

HOPE Remote Management and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HOPE Remote Management and Security Team PowerDroid http://utdallas.edu/~imerchant/hope_remote 9/20/11

  2. Agenda • Our work so far • Security and Usability • What’s left

  3. So Far • Chosen a platform: Amazon Web Services • Apache Tomcat • JSP • Requirements analysis • Detailing functional requirements while considering nonfunctional ones. • Security and how it relates to usability is very important.

  4. Typical Security Gateway

  5. The Problem • Users forced to memorize usernames and passwords. • Good practices dictate a unique combination for each website/service.

  6. Unique Combinations • One username/password combo per site • Gmail (three) • Windows Live • Facebook • Twitter • Steam • Minecraft • Bank of America • UTD • Netflix • Various news sites • Reliant Energy • Time Warner Cable • Skype • TV Tropes • Amazon • Newegg

  7. The Problem • Users forced to memorize usernames and passwords. • Good practices dictate a unique combination for each website/service. • Password fatigue. • What about recovering lost passwords?

  8. Solutions • Password vaults like KeePass

  9. Solutions • Tools like 1Password

  10. Security is hard! • Those solutions have usability problems • Lots of menus • Have to keep updated • Unique security breaches • While hard, security is provided. • But, no security is impenetrable. • Tradeoffs!

  11. Our Goals • Provide users reasonable security. • Consider usability and end users • Very easy to use device-side authentication. • Minimal interruption of device-side service due to security issues.

  12. Our Solution • Device • Pair (or activation) codes. • Short alphanumeric one-time use strings. • Web • Standard e-mail/password authentication. • Not ideal, but perfect security is an active research topic. • Pair codes are used to register devices with a particular account. • Once registered, there are no more device-side security-related prompts.

  13. Device Registration Process • Application started for first time. • Asked to setup Remote Management now or later. • If later, give brief instruction on how to setup in the future. (“Tap Remote Management in Settings”, for example.)

  14. Device Registration Process • If now, show pair (or time-sensitive activation code) and tell user to log in on the web (or provide link). • On website, after log in (or registration), device is registered to the account by using the pair (or activation) code. • Device now never asks for login information again. Devices can be deactivated on website.

  15. Not Perfect • Reliant on username/password authentication on the web. • Users with no third-party caregiver could be confused and intimidated. • Pair codes: possible collisions. • Authorization requires use of both device and web.

  16. What’s Left • Finish detailing requirements. • Finish diagrams (class, sequence) • Explore Amazon Web Services capabilities. • Reconcile or justify tradeoffs in security and usability.

  17. Questions?

More Related