1 / 19

Porscha : policy oriented secure content handling in android

Porscha : policy oriented secure content handling in android. Dhurakij Pundit University, University of Oregon, Pennsylvania State University ACSAC(2010 ). Machigar Ongtang , Kevin Butler, Patrick McDaniel. Agenda. Introduction Content on Smart Phone About Android Architecture

renate
Download Presentation

Porscha : policy oriented secure content handling in android

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Porscha : policy oriented secure content handling in android Dhurakij Pundit University, University of Oregon, Pennsylvania State UniversityACSAC(2010) MachigarOngtang, Kevin Butler, Patrick McDaniel

  2. Agenda • Introduction • Content on Smart Phone • About Android • Architecture • Evaluation • Discussion • Conclusion

  3. Introduction • Android provide few direct protections for the content placed on the phone • DRM(Digital Right Management) • Porscha: • content should only be accessible by explicitly authorized phones • content should only be accessed by provider endorsed applications • content should be subject to contextual constraints • Two phases of Porscha: • in transit • on platform

  4. Content on Smart Phone • Personal and Business Documents • Service-specific data • spy camera • Mydroid • Financial Information

  5. Content on Smart Phone • DRM Policy Requirements • Binding content to the phone • Binding content to endorsed applications • Constraining continuing use of the content

  6. About Android • Four types of components • Two groups of applications • Documents in transit & on-platform access

  7. About Android • On-platform access • Initial Document Recipients • Documents at Rest • Document Sharing

  8. Architecture • Constraints on Devices-binding to specific devices identified by the users' International Mobile Subscriber Identity (IMSI)or WAP Identify Module (WIM). • Constraints on Applications-be restricted to applications with a given code fingerprint (hash of the application image) • Constraints on Use-support not only the regulation of simple accesses, but also differentiation of simple access from read, modify and delete rights

  9. Architecture-in transit • Identity-Based Encryption (IBE):enables the senders to construct the public keys of the recipients from known identities, and contains a trusted Private Key Generator(PKG). • Encryption: inputting the message (data), public key string, and cryptosystemparameters • Decryption:inputting the ciphertext and privatekey to the decryption algorithm

  10. Architecture-in transit • sender(content source) : S • receiver(phone) : R • identity for participant s : Is • public/private key of a :Ka+/Ka- • content : m • police for m : pm • ------------------------------------------ • Delivery of SMS/MMS:

  11. Architecture-in transit • Delivery of email: • one-time 128-bitAES symmetric key : ke

  12. Architecture-on platform • Policy Enforcement on Initial Recipients

  13. Architecture-on platform • Email traffic is opaque to Android • Use the Apache Mime4j library to parse the e-mail message streams in plain RFC-882 and MIME formats

  14. Architecture-on platform • Policy Enforcement on Documents at Rest • add an extra policy field to the structureof each Content Provider record • The Porscha mediator insertsthe policy into this field

  15. Architecture-on platform • Enforcement on Indirect Receivers

  16. EVALUATION

  17. Discussion • Recipients Without Porscha • store all modifications such as decrypted emails and those with information removed, locally on the phone, and only reflect back to the IMAP server the original email • Application and Platform Trust • Alternative Application Enforcement Infrastructures • Digital Rights Management • Porscha islightweight and designed with mobile solutions in mind; bycontrast, many advanced DRM protocols are heavyweightand not transparent to applications.

  18. Conclusion • Porscha can protect SMS, MMS, Email document. • Porscha secures content delivery using identity-based encryption and mediates on-platform content handling to ensure conformance with content policy

  19. Thank you for listening

More Related