Solving Enterprise Security Problem With Hardware Software Hybrid Solution

8/6/2019 Solving Enterprise Security Problem With Hardware Software Hybrid Solution

1/7

ECOM 6031 Project Part 1 Information

Solving Enterprise Security Problem withHardware/Software Hybrid Solution

Dr Lucas Hui

(CYC307, 28592190, [email protected])

1

on en

Motivation

Hardware Platforms

Example systems

2

o va on

addresses execution environment

e.g. ar ware or so ware Hardware environment provides

better security

In articular: ke stora e

Higher costs

ore cu t to ep oy Therefore

3

o va on

Combining Hardware and Software

Design easy-to-deploy hardware (e.g.mobile phone)

Aim to derive formal proof withSystem assumptions (Hardware) and

Cryptographic assumptions (Software)

cryptographic/security techniques

4


2/7

Hardware Platform 1:

Mobile Phone

IMEI : International Mobile Equipment

SIM card: unique phone number toreceive message (in particular SMS)

Alternative communication channel(GSM/3G Vs Internet)

,external mini-SD card, etc.

5

Hardware Platform 2:

JavaCard

A smart card design

A convenient token form

Tamper-resistant device

sma program ava ar e can eloaded to the card to execute

JavaCard is like a micro-computer

No dis la /in ut/clock A lot of cryptographic functions are

6

o e p one Mobile-Aided Encrypted Web File

Mobile-Aided Encrypted USB/PC FileSystem

SMS-Aided Authentication System

Javacard Encrypted Web File System using

JavaCard

ncryp e e ys em us ngJavaCard

-Communication System (JSCS) 7

Mobile-Aided Encr ted Web FileSystem

ncrypte es are store on e

When PC is connected to a Mobile

PC is able to decrypt and display filesfrom Web after ettin a ke fromMobile

Files cannot be decrypted on Client-

Demo is available

8


3/7

Mobile-Aided Encr ted Web File S stem(Unsuccessful Decryption)

9

Mobile-Aided Encrypted Web File System(Successful Decryption)

10

Mobile-AidedEncrypted Web

(Full system of the demo)

1. eys store nserver, sent via

2. Mobile and PC

connecte v aUSB or Bluetooth

11

-File System

1. SMSKeyManagement

.

3. UsingGPS onlydecryptfilesathome,officeor

selectedplaces

12


4/7

SMS-AidedAuthentication

1. Mutualu en ca on

2. Against Man-in-e- e ac

3. With formal Proof

13

xamp es o avacar app cat on 1

ncryp e e e ys em us ng ava ar 1. Fordataprotection

2. UseJavaCard(akindofCryptoSmartcard)ashardwaretoken

3. Reauthentication &authentication

4. DoubleEncryption(SessionKeyandProgramKey)

5. DelegationofAccessRightincaseofLostCard (EnforceSecurityPolicy)

Internet

14

xamp es o avacar app ca on

Encrypted PC File System using JavaCard1. Use JavaCardas Hardware Token

. owever, avacar can prov e more cryp ograp ccomputation than a fixed token.

15

xamp es o avacar app ca on

JavaCard-based SecretCommunication System

*messages over theInternet in plaintext

1. UseJavaCard ashardwaretoken

2. Amessagingsystem:Chatroom modeandPrivatemode3. BrowserbasedwithJavaapplet

4. ProvideCommunicationLoggingfacilities16


5/7

- emons ra on

Flow:1. ent goes on ne

2. Client sends a secret message to allother online users

3. Client sends a secret messa e tosome online users

. 5. Check the server-side clients

17

- emons ra on

1. Client goes online

18

- emons ra on

1. Client goes online (contd)

19

- emons ra on

2. Client sends a secret message to allother online users

a or eave t an a so

means send to all other

online users

20


6/7

- emons ra on

2. Client sends a secret message to allother online users contd

21

- emons ra on

3. Client sends a secret message tosome online users

22

- emons ra on

3. Client sends a secret message tosome online users contd

23

- emons ra on

4. Client goes offline

24


7/7

- emons ra on

5. ec e server-s e c en s

communication recordsNote that all theen/decryption is done

by the connectedJavacard

25

26

Documents

Solving Enterprise Security Problem With Hardware Software Hybrid Solution