Many personal devices have rich set of capabilities: sensors, communication, computing power and...
-
Upload
dylan-stocke -
Category
Documents
-
view
214 -
download
1
Transcript of Many personal devices have rich set of capabilities: sensors, communication, computing power and...
![Page 1: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/1.jpg)
Authentication with Personal Devices
• Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are “personal”.
• Potentially they can aid the owners in performing authentication and securing communication.
• (User friendliness) + (Security) + ?
![Page 2: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/2.jpg)
Authentication using personal devices
Server
12345
Terminal
User
smartcard
(password, key)
password,biometric
Key, location info.
![Page 3: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/3.jpg)
I. Trust models
1. Personal device is trusted. Terminal untrusted. (Public Kiosk)2. 2-Factor Authentication.3. Personal device is honest but it can be lost. (can’t store sensitive
data).
Server
12345
Terminal
User
smartcard
(password, key)
passwordbiometric
Key, location info
![Page 4: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/4.jpg)
TPM
II. Public Kiosk
S. Garriss, R. Caceres, S. Berger, R Sailer, L. Doorn, X. Zhang. Trustworthy and Personalized Computing on Public kiosk, MobiSys’08
Server
Terminal
User
Personal device to verify that the kiosk has only loaded trustworthy software.
![Page 5: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/5.jpg)
A. Oprea, D. Balfanz, G. Durfee and K.K. Smetters, Remote Terminal Application with a Mobile Trusted Device, ACSAC’04
Server
Terminal
User
tunnel connection
![Page 6: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/6.jpg)
III. 2-factor Authentication
• Personal device as OTP token.
Server
Terminal User
12345
(password, key)
password
KeyMonetary Authority of Singapore expects banks to implement two-factor authentication at login in Internet Banking.
![Page 7: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/7.jpg)
• Using an out-of-band channel. “Mobile authentication”
Server
Terminal
User
sms (text message)
password(password, OTP)
OTP
Can be made secure, but difficult to use.
![Page 8: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/8.jpg)
Server
Internet Terminal
User
key
key
D.E. Clarke, B. Gassend, T. Kotwal, M. Burnside, M. Dijk, S. Devadas, and R.L. Rivest. The untrusted computer problem and camera-based authentication. International Conf. on Pervasive Computing, 2002
visual channel Using OCR to verify the messages and theirsignature
![Page 9: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/9.jpg)
Server
Internet Terminal
User
Image from [Sharp2006] Sharp et al,Secure Mobile Computing Via Public Terminal.
key
key
R. Sharp, J. Scott, A. Beresford, Secure Mobile Computing via Public Terminals. International Conference on Pervasive Computing, 2006
![Page 10: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/10.jpg)
Server
Internet Terminal
User
key, password
key
C. Fang, E.C.Chang, Securing Interactive Sessions Using Mobile Device through Visual Channel and Visual Inspection, ACSAC 2010.
visual channel password
Date
accoun
t
remark
amount
![Page 11: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/11.jpg)
IV. Device honest but can be lost
Server
User
smartcard
key
Key
Terminal
![Page 12: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/12.jpg)
Server
User
key, password
Key
Terminal
password
![Page 13: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/13.jpg)
Device as the “biometric” scanner
Server
User
( k )
biometric
k= H(Key, biometric)
Terminal
the biometricdata are not stored inthe server
![Page 14: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/14.jpg)
• Technical challenges in using biometric data: They are noisy. The key extracted by the cryptographic secure hash has to be consistent even under noise!
– Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, EUROCRYPT 2004.
– Linnartz, J.-P.M.G., Tuyls, P., New shielding functions to enhance privacy and prevent misuse of biometric templates. AVBPA 2003
![Page 15: Many personal devices have rich set of capabilities: sensors, communication, computing power and data storage, and they are personal. Potentially they.](https://reader036.fdocuments.in/reader036/viewer/2022081518/5518c019550346881f8b557b/html5/thumbnails/15.jpg)
V. Conclusion
• We can use the computing power of personal device to enhance security.
• Can location information help?