1 / 9

PeerShare : A System for Secure Distribution of Sensitive Data among Social Contacts

PeerShare : A System for Secure Distribution of Sensitive Data among Social Contacts. Marcin Nagy , N. Asokan , Jörg Ott. Motivation. K ey management is difficult O nline social networks popular (provide SSO)

urian
Download Presentation

PeerShare : A System for Secure Distribution of Sensitive Data among Social Contacts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PeerShare: A System for Secure Distribution of Sensitive Data among Social Contacts Marcin Nagy, N. Asokan, JörgOtt

  2. Motivation • Key management is difficult • Online social networks popular (provide SSO) Observation: Social networks can be used for authentic public keys distribution (SocialKeys project) Concept: Securely distribute application-specific data to a specific set of social contacts

  3. Example applications • Exchanging public keys • Sharing access point keys • Detecting nearby friends (<user name, device address>) • Finding common friends (<friendship proof>) • Authenticity-only vs. authenticity+confidentiality • User-specific vs. device-specific data

  4. Requirements Threat model • Channel compromise • Unauthorized usage • Impersonation • Accessing restricted data

  5. System design PeerShare Server PeerSharemaster bindings database Social Network (SN) SN access protocol (eg. Facebook Graph API) Social Network App PeerShareprotocol (server) • SN authentication protocol(e.g. OAuth) • PeerShareprotocol SN authentication protocol Applications PeerShare API PeerSharecommunicationmodule Bindings database PeerShare Service Device

  6. Security considerations • Channel compromise • TLS • Impersonation • User: SN user authentication (e.g. OAuth + SSO) • Server: TLS + certificate “pinning” • Application: e.g. Facebook user access token validation • User access control • User specifies authorized recipients • Enforced by server and service-on-device • Application access control • Only an application that has created data can access it

  7. Minimizing trust on the PeerShare server • Trusted-hardware (HSM) • On-board Credentials • Application-specific server

  8. Sample applications Tethering App nearbyPeople Technical Report ACNS 2013 paper Technical Report ACSAC 2013 paper

  9. Questions?Thank you!

More Related