1 / 15

Usable Security for Smartphones

Usable Security for Smartphones. Cynthia Kuo Senior Researcher October 26, 2010. Many Development Platforms. Worldwide Smartphone Sales to End Users by Operating System in 2Q10. Coming soon… Windows Phone 7 MeeGo (Maemo + Moblin) BlackBerry Tablet OS.

curry
Download Presentation

Usable Security for Smartphones

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Usable Security for Smartphones Cynthia KuoSenior ResearcherOctober 26, 2010

  2. Many Development Platforms Worldwide Smartphone Sales to End Users by Operating System in 2Q10 Coming soon… Windows Phone 7 MeeGo (Maemo + Moblin) BlackBerry Tablet OS http://www.gartner.com/it/page.jsp?id=1421013

  3. A Few Usable Security Topics in Smartphones • Better application permissions models • Using smartphones for authentication • Better models for website authentication • Phone-friendly CAPTCHAs • Lost or stolen devices / data backup and restoration

  4. Application Permissions: Threat Model PC • Many users share the same machine • Protect usersfrom one another • Implement access control on users’ data • Smartphone • One user, one device • Users may install malicious applications • Protectprocesses from one another • Implement access control on resources • Protect business model Company Confidential

  5. Application Permissions: Symbian • Symbian signed • Application has passed certain tests and is signed against a certificate • Signed installation package contains a list of the application’s capabilities Company Confidential 5 Company Confidential

  6. Application Permissions: Symbian • Self-signed • Has no capabilities • User can grant capabilities • Blanket • Installation time • One-shot • When the requiring action takes place

  7. Application Permissions: BlackBerry • Resource grant during installation and first start • Configurable through menu • May also be configured by administrator through BlackBerry Enterprise Server • Application installation • Application permissions • Data that application can access Company Confidential

  8. Application Permissions: iPhone • Codesigning used for certifying applications that pass app store requirements • All apps need to be signed by Apple's private key(s) to run on (non-jailbroken) iPhone • Password demonstrates user’s intent to install • No options or requests for resource access Company Confidential

  9. Application Permissions: Android • Applications are self-signed • Used for continuity (package updates) and integrity • Android’s blanket grant during installation • 112 Google-defined permissions • Developers can define their own permissions to expose APIs to other applications Content from David Barrera Company Confidential

  10. Using Smartphones for Authentication [ Coming up next! ]

  11. Better Model for Authenticating Websites

  12. Better CAPTCHAs? Alex Smolen, Becky Hurwitz, Dhawal Mujumdar, UC Berkeley i213 Spring 2010 Project

  13. Lost or Stolen Devices / Data Backup and Restoration • When your phone is your primary device, what happens when you lose it? Company Confidential

  14. Summary: A Few Usable Security Topics • Better application permissions models • Using smartphones for authentication • Better models for website authentication • Phone-friendly CAPTCHAs • Lost or stolen devices / data backup and restoration

  15. Thank You cynthia.kuo@nokia.com

More Related