1 / 24

Security Problems with Intermittently Connected Clients

Security Problems with Intermittently Connected Clients . Jesper M. Johansson Microsoft Corporation Matthew A. Bishop University of California, Davis. What are Intermittently Connected Clients?.

luz
Download Presentation

Security Problems with Intermittently Connected Clients

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Problems with Intermittently Connected Clients Jesper M. Johansson Microsoft Corporation Matthew A. Bishop University of California, Davis

  2. What are Intermittently Connected Clients? • An intermittently connected client (ICC) is a device that connects to the network for periods of time, after which it disconnects. Notebook and handheld computers, palmtops, PDAs, and cellular telephones are common examples of ICCs. We also include computers that are not typically designed for portability but that are intermittently connected to a network such as employee home computers connecting to the corporate network over a modem or VPN.

  3. Examples of ICCs • Notebooks – the traditional example • PDAs • Risk somewhat dependent on functionality • Palm v. Windows CE • Employee home computers • Kiosks • Conference computing center • Cellular phones

  4. Organizational Security Measures • Authentication • Passwords • Pass phrases • Smartcards • Access control • Firewalls • Virtual Private Networks (VPN)

  5. Purpose of ICCs • Use organizational information away from the organizational network • Download information and leave network • Connect into network from the outside • Enabling mobile work • Enabling world-wide connectivity

  6. Types of Information Used on ICCs • Contacts • Calendars • E-mail • Documents • Databases • Organizational credentials • Connectivity information • Phone numbers • VPN server locations

  7. Types of Security Exposure in ICCs • Hardware compromise • Data tampering • Data theft • Aggregation • Software tampering • Vectoring

  8. Hardware Compromise • Someone steals the device • Most thieves are interested in hardware, not data • Opportunistic criminals

  9. Data Tampering • Modification or destruction of data on the client • Modification may be more damaging than destruction • Modification may become vectoring • Important point: even if attacker cannot read data, it may be possible to modify or destroy it

  10. Data Theft • Extreme end of data tampering • Attacker need not destroy data in a data theft attack • May be difficult to detect • Typically perpetrated by more sophisticated attackers than hardware theft • Hence more serious than hardware theft

  11. Examples of Data Theft • RF interception • Tempest • Shoulder surfing • New TFTs inhibit viewing from angles • Browser frame domain verification • Update your browser • Apply security settings and be careful • 802.11b • Poorly implemented security algorithms • Improvements on the way in standard • Use 802.1x • Assume the network is hostile

  12. Aggregation • Combine useless data from two or more sources to make valuable information • Separation of privilege is critical • Be careful about using code names • ICCs are more susceptible to this type of attack because the lie outside the protection of the corporate network

  13. Software Tampering • The software integrity is compromised • Viruses is the most well-known form of software tampering • You have SERIOUS problems! • Many ICCs have no concept of users, privileges, and process isolation • The machine can be much more easily compromised while disconnected • Eventually, it will be reconnected…

  14. Vectoring • Using the device to attack more valuable organizational assets • Gain access to the organizational network • Elevate privileges on the organizational network • Read/modify/destroy data on the organizational network • As the devices get more powerful, the opportunities for vectoring increase • You can now run industrial strength database systems on PDAs • Many home computers can route Internet traffic via the VPN connection

  15. Networking Capabilities Increase Potential for Vectoring • VPNs are additional entry points into organization • Many ICCs have no firewalls, or the firewalls are limited • Many ICCs can be used for Internet connection sharing (ICS) • Is your VPN client using ICS? • Read your e-mail on a PDA or cell phone • Rogue modems • Peer-to-peer networking • What is the organizational network boundary? • Are your employees’ kids’ home computers clients on your network?

  16. Protecting ICCs • There is no complete answer • Better authentication • More security awareness on the ICC platforms • Authentication • Access control • Better authentication control at entry points • Smart cards for dial-in • Use war-dialers to detect rogue entry points • Control direct Internet taps

  17. Hardware Compromise Protection • Locking devices • Tracking devices • Disguise • Put a high-end notebook in a beat-up backpack, not an expensive leather attaché • Vigilance • Do not leave devices unattended • Do not send your notebook through the X-ray until you are ready to go through • Once your notebook is traveling through, do not let anyone crowd before you

  18. Conventional Protection • Traditional security controls • Access control lists • Personal firewalls • Physical security • Authentication • Industrial strength user identification in more powerful systems • Windows and Unix notebooks • Weak password protection in PDAs • Palm and Windows CE • Pass codes in cellular phones

  19. Value of Information • Consider stock quotes • The quote for MSFT stock on March 29, 2002 would be really useful to have today • On April 1, it is not all that interesting any more • Can we introduce this kind of decay on data?

  20. Data Decay • Protect data by introducing decay • “The value of information diminishes with time or use“ • Key to protecting data on ICCs is extrinsic decay • Introduced on the data by a controlling authority • SQL Server could define that when this data is downloaded to a client it can be used for n days, or read x times

  21. How Do We Operationalize Decay? • Data must be available and usable to ICC only through a well-defined channel • Channel encrypts data with a symmetric key (DEK) as it is replicated onto device • A public key is used to encrypt the DEK and the encrypted DEK and the private key (PK) are stored on the device • Data owner specifies acceptable use policy

  22. How Do We Operationalize Decay? • When user accesses data on device, the data access mechanism decrypts the DEK and checks whether data is still accessible • If data is no longer accessible, the PK is deleted • ICC must reconnect to the server to renew the lease on the data

  23. DEK Encrypted DEK PK Encrypted Data Public Key Operationalizing Data Decay

  24. Conclusion • Intermittently Connected Clients present a new and serious security problem • Mobile computing is not going away • We need to develop tools to protect our organizational assets from compromise from and through these devices • We have outlined one mechanism to afford some additional protection to data replicated onto ICCs

More Related