Upload
nora-briggs
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Challenges in Security and Privacy
Urs Hengartner Cryptography, Security, and Privacy (CrySP) Research GroupDavid R. Cheriton School of Computer ScienceUniversity of Waterloo
Urs Hengartner 2Challenges in Security and Privacy
Overview
Part I – Some Research Challenges
Part II – Location Privacy
Urs Hengartner 3Challenges in Security and Privacy
Part I
Sample Research Challenges:PhishingUsability
Seamless Device AuthenticationRFID
Vehicular Ad-Hoc Networks
Urs Hengartner 4Challenges in Security and Privacy
Phishing
Internet users enter confidential personal information at fraudulent websites Email with fake link
How to protect Internet users against these attacks?
Urs Hengartner 5Challenges in Security and Privacy
Toolbars
Display more information about website Examine webpage for suspicious signs Compare webpage to blacklist
Challenges: Users tend to ignore toolbars Retroactive Which ones actually work?
Urs Hengartner 6Challenges in Security and Privacy
Password Management Tools (Transparently) make password depend on
website (and secret) Remember sites and passwords, force user to go
through tool Keep password away from browser
E.g., cellphone, run browser in virtual machine
Challenges: Usability Mobile users Maybe changes at server required
Urs Hengartner 7Challenges in Security and Privacy
Web Wallet [Wu et al.]
Urs Hengartner 8Challenges in Security and Privacy
Industrial Solutions - SiteKey User enters ID (not password!) Site tries to recognize user’s computer based on
cookie, IP address,… Challenge question if failure
Display user-specific image User is expected to abort if wrong/no image
User enters password
Challenges: Usability What if many images/servers? Security/privacy of challenge question
Urs Hengartner 9Challenges in Security and Privacy
Remove Site-Authentication Image [Schechter et al.]
SAI Maintanance [sic] Notice:[bank name] is currently upgrading our award winning SAI feature. Please contact customer service if your SAI does not reappear within the next 24 hours.
Urs Hengartner 10Challenges in Security and Privacy
Other Phishing-Related Challenges
Evaluation of existing tools
New tools/approaches
Confidential data other than passwords
Urs Hengartner 11Challenges in Security and Privacy
Part I
Sample Research Challenges:PhishingUsability
Seamless Device AuthenticationRFID
Vehicular Ad-Hoc Networks
Urs Hengartner 12Challenges in Security and Privacy
Usability
© Lorrie Cranor
Urs Hengartner 13Challenges in Security and Privacy
Usability
Urs Hengartner 14Challenges in Security and Privacy
Usability Other problem cases:
Privacy settings in social networking sites (E.g., Facebook, MySpace)
Wireless routers
Good case: Skype
Urs Hengartner 15Challenges in Security and Privacy
Challenges for Security Interfaces Security is secondary goal
User might not know about security issues, work around them, or give up
Appropriate feedback Good feedback for security management is
difficult
Mistakes can be costly Once a secret has been left unprotected, it
could have been read by an attacker
Urs Hengartner 16Challenges in Security and Privacy
Part I
Sample Research Challenges:PhishingUsability
Seamless Device AuthenticationRFID
Vehicular Ad-Hoc Networks
Urs Hengartner 17Challenges in Security and Privacy
Seamless Device Authentication Portable devices in ad-hoc environments
No centralized administrator for devices
Secure communication between devices requires that devices authenticate each other E.g., other device’s public key Avoids man-in-the-middle attack
How can devices authenticate each other with minimal user intervention? Insecure, high-bandwidth channel Authenticated, low-bandwidth channel
Urs Hengartner 18Challenges in Security and Privacy
Example Channels Insecure, high-bandwidth channels
Internet wireless link (e.g., Bluetooth, WiFi)
Authenticated, low-bandwidth channels SMS messages visual channel (display and camera) audio channel (loudspeaker and microphone) physical contact infrared humans
Urs Hengartner 19Challenges in Security and Privacy
Seeing-Is Believing [McCune et al.]
Urs Hengartner 20Challenges in Security and Privacy
LoKey [Nicholson et al.]
Kb=(ga mod n)bKa=(gb mod n)a
Ka = Kb
secret known only to Alice and Bob(Diffie Hellman)
a b
SHA-256(Ka) == SHA-256(Kb) ?
hash
Urs Hengartner 21Challenges in Security and Privacy
Challenges for Seamless Device Authentication
Other authenticated channels?
What kind of authenticated channels involving humans?
Urs Hengartner 22Challenges in Security and Privacy
Part I
Sample Research Challenges:PhishingUsability
Seamless Device AuthenticationRFID
Vehicular Ad-Hoc Networks
Urs Hengartner 23Challenges in Security and Privacy
RFID Tags
Barcodes of the future
Sticker containing microchip and antenna
Gains power from wireless signal received from tag reader
Tag-reader communication with range of up to half a meter
Tag returns its unique number and static data
Urs Hengartner 24Challenges in Security and Privacy
Wigmodel #4456
(cheap polyester)
Das Kapital and Communist-
party handbook
1500 Eurosin wallet
Serial numbers:597387,389473
…30 items of lingerie
Replacement hipmedical part #459382
The RFID Privacy Problem
Mr. Jones in 2015
© Ari Juels
Urs Hengartner 25Challenges in Security and Privacy
RFID Other uses for RFID technology
Libraries, passports, banknotes, pets, humans
Security is difficult for RFID tags Very limited computing capabilities
No cryptography Limited amount of memory
Urs Hengartner 26Challenges in Security and Privacy
Approaches Kill tag during checkout
IBM’s Clipped Tag
YA-TRAP [Tsudik] Assumptions:
Reader shares a secret with each tag Reader has database with entry
<hash(secret, time), secret> for each tag Reader -> Tag : time Tag -> Reader: hash(secret, time) Reader looks up hash in database to get secret Issue: time must only increase
Urs Hengartner 27Challenges in Security and Privacy
Part I
Sample Research Challenges:PhishingUsability
Seamless Device AuthenticationRFID
Vehicular Ad-Hoc Networks
Urs Hengartner 28Challenges in Security and Privacy
Vehicular Ad-Hoc Networks Vehicles communicating with each other
and roadside infrastructure using WiFi
Traffic optimization, payment services, location-based services, infotainment
Safety-related applications Collision avoidance, cooperative driving Can prevent life-endangering accidents Security is mandatory
Urs Hengartner 29Challenges in Security and Privacy
Security/Privacy Concerns In Vehicular Ad-Hoc Networks Legitimacy of messages
Fake senders or fake content Privacy of messages
Except for legal authorities Timely delivery of messages
Good news Lots of computing power, storage
Urs Hengartner 30Challenges in Security and Privacy
Part II
Location Privacy
Urs Hengartner 31Challenges in Security and Privacy
Location-Based Services (LBS) Offered by many cellphone providers
Bell Mobility’s Seek & Find service for locating friends & family
Other examples: Interesting places nearby Traffic conditions Personal navigator Nearby-friends locator
Urs Hengartner 32Challenges in Security and Privacy
Location Information is Sensitive Can reveal information about your activities,
political views,… Of interest to burglars
Access control to limit the number of people that can access your location information Requires trusted computing base
Privacy-enhancing technologies to reduce trusted computing base Protects against break-ins, configuration errors,…
Urs Hengartner 33Challenges in Security and Privacy
Sample Research
Louis, Lester and Pierre: Three Protocols for Location Privacy
Ge Zhong, Ian Goldberg and Urs HengartnerPET 2007
http://www.cs.uwaterloo.ca/~uhengart/pet07.pdf
Urs Hengartner 34Challenges in Security and Privacy
LBS and Privacy Goal: Minimize amount of personal
information that LBS learns Typical architecture
Location Broker
LBS
LBS
Alice and herlocation
Bob and hislocation
?
?
Urs Hengartner 35Challenges in Security and Privacy
Privacy Axes
Personal information revealed to LBS
Locationinformation
fine
coarse
none
true pseudonym anonymous
User identity
Urs Hengartner 36Challenges in Security and Privacy
Location k-Anonymity [Gruteser and Grunwald]
Personal information revealed to LBS
Locationinformation
fine
coarse
none
true pseudonym anonymous
User identity
Spatial k-anonymity
Temporal k-anonymity
Urs Hengartner 37Challenges in Security and Privacy
Location k-Anonymity Naïve approach: Reveal your fine-grained location,
but not your true identity Location might leak your true identity (e.g., home) Might become trackable
Spatial k-anonymity Cloak location such that at least k-1 other people
are at same location Temporal k-anonymity
Ensure that at least k-1 other people are at location within a timeframe
Might affect quality/type of LBS
Urs Hengartner 38Challenges in Security and Privacy
Non-Inference [Ravi et al.]
Personal information revealed to LBS
Locationinformation
fine
coarse
none
true pseudonym anonymous
User identity
Non-inference
Urs Hengartner 39Challenges in Security and Privacy
Non-Inference LBS migrates its code to the location
broker
Location broker runs code and returns result to LBS
Broker ensures that result does not leak fine-grained location information to LBS Based on information flow control
Urs Hengartner 40Challenges in Security and Privacy
Mix Zones [Beresford and Stajano] / Swing & Swap [Li et al.]
Personal information revealed to LBS
Locationinformation
fine
coarse
none
true pseudonym anonymous
User identity
Mix Zones Swing & Swap
Urs Hengartner 41Challenges in Security and Privacy
Pseudonyms Some LBS cannot be accessed anonymously, but
do not require true identity, either Tracking service in amusement park
Use pseudonym Internal identifier determined by broker
Avoid long-term usage of a pseudonym Change pseudonyms frequently
Ensure unlinkability between old and new pseudonym
Urs Hengartner 42Challenges in Security and Privacy
Mix Zones / Swing & Swap Guarantee unlinkability
Mix zone Spatial region not covered by LBS Change pseudonym only if at least k-1 other people
in same mix zone
Swing & swap Silent period Couple pseudonym change with speed/direction
change Exchange pseudonym with nearby people (maybe)
Urs Hengartner 43Challenges in Security and Privacy
Quality of Service [Cheung et al.]
Personal information revealed to LBS
Locationinformation
fine
coarse
none
true pseudonym anonymous
User identity
Quality ofService
Urs Hengartner 44Challenges in Security and Privacy
Quality of Service
Cloaking introduces uncertainty about somebody’s location
Use probability to formally express quality of service achievable with cloaking
Urs Hengartner 45Challenges in Security and Privacy
User Identity Re-Visited [Pang et al.]
Each WiFi card has static address, makes a laptop trackable
Change address from time to time (pseudonym) E.g., when connecting to new access point Might not be sufficient
Other factors that can make a user trackable Characteristics of WiFi card
Packet timings, configuration information in packet headers
Set of websites contacted by user Laptop might broadcast identifiers of access points
to which it connected in the past
Urs Hengartner 46Challenges in Security and Privacy
Location Privacy Challenges
Location privacy for services that require true identity
Feasibility/Practicality of proposed approaches
What kind of LBS do approaches support?
How to get rid of centralized location broker?
Urs Hengartner 47Challenges in Security and Privacy
Value of Location Privacy [Danezis et al.]
Experiment based on some deception Asked students whether they wanted to
participate in study tracking them for 28 days
How much money in exchange? “Winners”: n people with lowest biddings,
will be paid money requested by lowest non-chosen bidder
Min: 0; Med: 10; Mean: 27.4; Max: 400 (British pounds)
Urs Hengartner 48Challenges in Security and Privacy
More Research Challenges See website of my course about hot topics
in computer and communications security http://www.cs.uwaterloo.ca/~uhengart
Teaching -> CS 854 Will be re-taught in Winter 2007,
undergrads can take grad courses
To learn about computer security and privacy, take CS 489 in Winter 2008