View
214
Download
1
Category
Preview:
Citation preview
1
EM406 Mobile Data Security
Dave NeudoerfferVP of Software EngineeringiAnywhere SolutionsDave.Neudoerffer@ianywhere.com
2
Mobile Data Security
Why?Mobile computing:
• Necessitates exchanging confidential data over public networks
• Storing data on portable devices that are more easily lost or stolen
• Wireless networks
3
4
Where to Start?
What security problem are you trying to solve?How expensive is the implementation and
infrastructure?How difficult is it for users to follow security
procedures?How expensive is it to the organization to follow
the security procedures?
5
General Observations
Costs must be compared to cost and risk of security breech
No solution is perfect security is reducing risk not eliminating risk
If security is cumbersome, it will likely be circumvented
User education is important
6
Agenda
What’s the Problem?Security OverviewDiscuss each Mobile Data Security Problem
7
What’s the problem?
What security problem are you trying to solve?
• Interception of data transmission
• User authentication
• Rogue access to data on device
• Loss of device
8
Interception of Data Transmissions
Where?
• Thin client applications
• Voice
• Data synchronization
• Client/Server communications
• Messages and alerts
9
Interception of Data Transmissions
What is the Attack? • Confidentiality: we want our communications to remain
private
• Integrity: we want our communications to remain intact
• Non-repeatable: a recording of the stream should not be useful if it is resent to the server
• Authentication: we want to ensure we know who we are communicating with on the other end (no man-in-the-middle attack)
10
User Authentication
Who?• Is the client that has connected to your server an
authorized client
• What is that client allowed to do
• As a client, have you connected to the server you want
• More complicated in message systems
11
Rogue Access to Data on Device
Services on Device may respond to data requestsLaptops connected to internet
• Drive shares
• FTP server
• Any type of server (database, web server, etc.)
Not many services yet on handhelds
12
Loss of Device
How to protect against stolen data?• Data persistently stored on the device
• Hard disks
• Persistent memory
• Removable flash cards (both in device and out)
• Running applications• Always-on devices
• Data on screen
• Stored in application memory
13
Background Info on Security
Communication ArchitecturePublic Key CryptographyDigital CertificatesDigital SignaturesSymmetric Key CryptographySecurity Protocols
14
Communication Architecture
Encryption
Transport Layer
Physical Hardware
Application
Security Protocol
TCPIP
DES, RC4, RSA
SSL, TLS, WTLS
15
Public Key Cryptography
Based on pairs of large associated numbers called keysPublic key can be published
Private key is kept private
Data encrypted with one can only be decrypted with the other
examples: RSA, Diffie-Hellman, Elliptic Curve Cryptography (ECC)
16
Digital Certificates
Identity info• name, company, address
Public keyExpiry dateDigital signature(s)
• made with the private key of the certificate authority
• May have third-party signatures to confirm identity
prevent modification
17
Digital Signatures
Process:Digest of the document is produced using one way hash
• MD5, SHA-1
• Difficult to match after document modification
Digest is encrypted using the private key
Protects against document modificationKnow it came from the signer
18
PKI – Public Key Infrastructure
Certificate AuthorityIssues certificates
Certificate infrastructure for securitySystems and software based on certificate security
Certificate managementRevocation lists
Certificate distribution
19
Symmetric Key Cryptography
Same key used to encrypt and decrypt data• Much faster than public key
Stream ciphers• Cipher produces a random stream from the key that is XORed with
the plaintext
• Key should never be reused
• RC4, SEAL
Block ciphers• Cipher transforms a block of data into a seemingly unrelated block
of data of the same size
• DES, Blowfish, Twofish, Rijndael, MDSR
20
TLS/SSL Protocol
• SSL 3.0 – 1996 specification from Netscape• TLS 1.0 – 1999 specification from IETF
Not compatible with SSL, but will negotiate down
• 2 components:Complex handshake for protocol negotiations
• Algorithms negotiated• Certificates exchanged• Public key algorithm used to exchange symmetric key info
Messaging definition for data exchange• Symmetric encryption used• Each message signed to prevent alteration
21
SSL Handshake Server Authentication Mode
Client Server
Client Hello
Server Hello Server Certificate Chain
Client Key ExchangeFinished
Finished
Application Data
~40 bytes
Certicom Message
sizes
~500 bytes per cert
~80 bytes
~50 bytes
22
SSL Handshake Server Authentication Mode
• Random bytes generated on each side and exchanged• Server must encrypt clients random bytes and send back to prove
it has the private key called a challenge
• Randomness ensures session cannot be replayed against either side
• Random bytes also used to generate symmetric keys and hashing keys using fixed algorithms that both client and server know
• Symmetric key then used to encrypt application data
• Hashing key used to sign messages
23
Where are We?
What security problem are you trying to solve?
• Interception of data transmission
• User authentication
• Rogue access to data on device
• Loss of device
24
Interception of Data Transmissions
Mobile Unit Server
Web Server
App Server
Database Server
Thin Client -- Browser
Smart Client – Local Data
-Raw Data-Application control on both ends
-Screen display info-browser control
Mobile Data Arhcitectures
25
Interception of Data Transmissions
Thin client applications• Rely on browser SSL
Email• Rely on email provider
Voice• Not much protection
Messages and alerts• Rely on infrastructure provider• Broadbeam ExpressQ uses userid/password authentication and
Certicom encryption libraries
Watch for weakest link!
26
Interception of Data Transmissions
Data Synchronization
MobiLink Server
ASA Server
Database Server
UltraLite
TLS
dbmlsyncASA
Client/Server Communications
Client AppTLS
27
SQL Anywhere Communication Security
Synchronization Stream (new in 7.0)Client/Server Comm (new in 8.0)
Certicom TLS
• ECC public key (faster and smaller than RSA)
• RC4 symmetric cipher
Server certificates for server authentication
• Tools for generating and requesting certificates• See certificate white paper
http://www.sybase.com/detail/1,3693,1009621,00.html
28
SQL Anywhere Communication Security
Synchronization Stream (new in 7.0)Client/Server Comm (new in 8.0)
User authentication achieved through Userid/Password
• UltraLite userid/password
• Dbmlsync – specify userid/password on command line or prompt
• ASA userid/password
29
SQL Anywhere Communication Security
Mechanics:gencert utility
• Used to generate certificates• Can generate certificate chains
reqtool utility• Certicom's tool for generating a request for
a certificate which they will sign
Outlined in “MobiLink transport-layer security and digital certificates” white paper found at www.ianywhere.com/developer
30
SQL Anywhere Communication Security
Specify certificate for MobiLink/ASA/UltraLite
Dbmlsrv8 –x tcpip(security=certicom_tls(certificate=mobilink.crt; certificate_password=tJ1#m6+W)) …
CREATE SYNCHRONIZATION DEFINITION test SITE 'user001' TYPE tcpip ADDRESS 'host=myhost;security=certicom_tls(trusted_certificates=mobilink.crt)' …
Ulgen –r mobilink.crt
31
SQL Anywhere Communication Security
Specify certificate for ASA client/server
Dbsrv8 –ec certicom(certificate=sample.crt;certificate_password=certpwd) …
Connection string or ODBC connection parms: “uid=dba; pwd=sql; links=tcpip; encryption=certicom(trusted_certificates=sample.crt)”
32
Where are We?
What security problem are you trying to solve?
• Interception of data transmission
• User authentication
• Rogue access to data on device
• Loss of device
33
Rogue Access to Data on Device
Laptops• Hooked up to the internet
• Always-on connections are of particular concern
• Dialup also a concern
• Install personal firewall
• BlackIce, ZoneAlarm
• Be careful with any servers installed on the machine
• Eg. FTP, drive shares, device management software etc.
Handhelds • Not many server services -- device management software
34
Where are We?
What security problem are you trying to solve?
• Interception of data transmission
• User authentication
• Rogue access to data on device
• Loss of device
35
Loss of Device
Data Stored Persistently on Device• Encrypt sensitive data
• Encrypt entire file system
Always On – Running Applications• Password protected timeout on device
• Devices must lock down
• Application code to verify user has not defeated device password protection
36
SQL Anywhere Persistent Data Encryption
UltraLite and ASA data stores (new in 8.0)• Rijndael (rine doll) encryption
• Key must not be stored on device
• If you lose the key, you are toast!
37
ASA Store Encryption
• Specify key when database is created• CREATE DATABASE ‘test.db’ ENCRYPTED KEY ‘this is the password’
• Key required to start database and for utilities• dbeng8 test.db –ek “this is the password”
• Dbping -c “uid=dba; pwd=sql; dbf=edb.db; dbkey=this is the password”
• dbtran test.log –ek “this is the password”Will prompt for key using –ep switch
Key is case sensitive!
• All files encrypted:• Main database file, dbspace files, transaction log file, temporary files
38
UltraLite Store Encryption
• Uses Rijndael AES encryption algorithmULEnableStrongEncryption() called before db_init()Key= UL_STORE_PARMS used to specify key on db_init call
• First sync will create encrypted database, all calls to db_init must specify key parameter
• On Palm, ULAppLaunch is called every time the application is switched to must provide key also must provide key on synchronization for HostSync conduit
• No memory penalty if you don’t use store encryption
39
Summary
Identify the security problem you are trying to solve:
• Interception of data transmission
• User authentication
• Rogue access to data on device
• Loss of device
Design an appropriate solution taking into account risks and costs.
Identify the Weakest Link!
40
iAnywhere Solutions Highlights
• Ask the Experts - about Mobile & Wireless Solutions-Mezzanine Level Room 15B Mon./Tues. 11:30 am - 3:30 pm; Wed. 11:30 - 1:30;Thurs. 9 am - 12 noon-Exhibit Hall - Demo Center (truck) exhibit hall hours
• SIG (Special Interest Group)- Tuesday 5:30pm Mobile & Wireless SDCC, Upper level, Room 11
• Keynote - Enabling m-Business SolutionsWednesday 1:30 pm - 3:00 pm
• iAnywhere Solutions Developer Community-Excellent resource for commonly asked questions, newsgroups, bugfixes, newsletters, event listings - visit www.ianywhere.com/developer
41
The END
Recommended