1 / 23

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership. Ryan Lackey <ryan@metacolo.com> www.metacolo.com. Who?. Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash

riona
Download Presentation

Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dynamic Locations:Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey <ryan@metacolo.com> www.metacolo.com Ryan Lackey http://www.metacolo.com/

  2. Who? • Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash • Ultimate goal: anonymous secure infrastructure from end to end: clients, servers, networks, pro • Founded HavenCo/ran 2000-2002 • metacolo: offshore colo in 9 markets, related projects, including secure mobile systems Ryan Lackey http://www.metacolo.com/

  3. Introduction • Lots of work has been done to network fixed equipment, and to secure fixed network connections, but most mobile apps are just slightly modified versions of fixed applications • Most mobile networked systems have simplified security models; some link security but little application specific security end to end • Fundamentally new kinds of applications are possible with secure mobile systems Ryan Lackey http://www.metacolo.com/

  4. Fundamental Constraints • Power and bandwidth limited • Many nodes in continual motion and appear/disappear rapidly • Much infrastructure is closed and long cycles to upgrade and deploy • UI complicated by devices and use cases (user attention not dedicated) Ryan Lackey http://www.metacolo.com/

  5. Platform • HP/Compaq iPaq running Linux • Laptops running Linux and FreeBSD • 802.11b and 1xRTT IP-based communications • Open systems for easy development, python for rapid development Ryan Lackey http://www.metacolo.com/

  6. Applications of Interest • “Matchmaking” – letting parties meet with similar interests meet up • Secure messaging (communications and message-based low-overhead protocols, including payment systems) • Secure streams (VoIP, VPN) Ryan Lackey http://www.metacolo.com/

  7. “Matchmaking” • Demo app is letting people define a set of interests, then announce to the world, without risk of being “interrogated” by third parties • Useful for service discovery too – announce that you’re running certain services to others in the set, but not to the public (RIAA, MPAA, Government, etc) • Attestations, with optional protection from traffic analysis as well Ryan Lackey http://www.metacolo.com/

  8. Secure short messages • Text messaging • Much easier technically than streams • Store/forward possibility • Also useful for many protocols, either in two way or polled mode Ryan Lackey http://www.metacolo.com/

  9. Streams • Voice over IP is key market – encrypted cellphone using low-bandwidth channel (1xRTT or HSCSD GSM) and anonymization of calls Ryan Lackey http://www.metacolo.com/

  10. Interaction models • True peer to peer • “Security proxy” or user selected/operated operational server • Centralized client-server operated by application developers • Centralized client-server operated by communications providers Ryan Lackey http://www.metacolo.com/

  11. Existing p2p systems • Generally designed for high bandwidth media sharing with minimal anonymity layered over existing IP networks • Not really designed for interactive communication Ryan Lackey http://www.metacolo.com/

  12. Existing mobile client-server systems • Designed with link encryption to the wireless hub, or to the server • Closed development environment controlled by mobile companies • Hard for users and application developers to really trust the security model Ryan Lackey http://www.metacolo.com/

  13. Early mobile p2p systems • “lovegety” – a system to use RF to share information about membership in certain groups • Subject to “trawling”, direction finding attacks, and “corraling” small numbers of users to identify Ryan Lackey http://www.metacolo.com/

  14. Security Implications • Confidentiality, Integrity, Authentication solvable through traditional systems • Traffic analysis is the hard problem • Complete undetectability of special traffic • Of course, reliability, availability, etc. are still major concerns, and special mobile constraints Ryan Lackey http://www.metacolo.com/

  15. Policy Implications • Centralized systems vulnerable to technical or legal attack • Who to trust – communications provider, applications provider? • Trust is essential to enabling certain applications Ryan Lackey http://www.metacolo.com/

  16. Central Mediation • Servers trusted by some party to take all communications and retransmit • Defeats firewalls/proxies/NAT as well as provides protection from traffic analysis • Persistence; can buffer communications for users with intermittent connectivity Ryan Lackey http://www.metacolo.com/

  17. True Peer to Peer Cryptographic Systems • Computationally intensive on client • Bandwidth intensive; may only be able to send single bits! • Generally can put user into a “collusion set” but unless set is large, elimination can identify user Ryan Lackey http://www.metacolo.com/

  18. Covert channels for mobile use • Masking using pre-recorded traffic • Sniffing and simulating • MITM • “Design for MITM” – Dining Cryptographer’s Networks, etc. Ryan Lackey http://www.metacolo.com/

  19. Dining Cryptographer’s Network Due to David Chaum, described at http://cypherpunks.venona.com/date/1992/12/msg00107.html Multiple parties can communicate without revealing to one another which is initiating the communications Ryan Lackey http://www.metacolo.com/

  20. Anonymizing remailers as model • Store and forward messaging with latency added • Complicated due to node unreliability • Send out multiple messages; tradeoff of bandwidth waste vs. latency vs. reliability Ryan Lackey http://www.metacolo.com/

  21. Current solution • Communications with a trusted server using fixed-rate messaging (tuned for bandwidth) • Inter-server communications, allowing users to select “security proxy servers” to act on their behalf, optionally running servers themselves Ryan Lackey http://www.metacolo.com/

  22. Conclusions • Mobile-specific (more properly, dynamic) security is a very hard problem • Key is finding applications which fit currently available technology – message based, with secure service discovery Ryan Lackey http://www.metacolo.com/

  23. Future work • Develop an application developer’s toolkit with service discovery on top of secure message-passing and streams systems • “Killer apps” of VoIP and mobile payment – good stream based systems Ryan Lackey http://www.metacolo.com/

More Related