Top 10 Most Downloaded Games on Play Store in 2024
Mobile device security using transient authentication
1. Mobile Device Security Using
Transient Authentication
Anthony J. Nicholson, Mark D. Corner and Brian D. Noble
Apresentação por:
Paulo Martins 65929 MERC
Filipe Tavares 65898 MEIC
IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
5. Challenges & Requirements
• Tie Capabilities to Users
• Detect the presence of authorized users
• Do No Harm
• The system must not require the user’s interaction
• When the user arrives the device must restore itself before the user can even notice it was blocked
6. Challenges & Requirements
• Secure and Restore on People Time
• When the user leaves the device must secure itself before the attacker would have the change to
physically extract any information
• Ensure Explicit Consent
• The system must not be vulnerable to physical-possession attacks
• Ensure that the user’s device is indeed talking to the user’s Token
• The token is not communication with any other devices without the user’s consent
8. Related Work
• Disable keyboard and Mouse:
• Vulnerable to physical-possession attacks - Ensure explicit consent
• Biometric information:
• Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users
physically – Do No Harm
• Iris Scan – Requires the three cameras – Extra hardware
• Erasable Memory:
• Requires special hardware – Extra Hardware
11. Solution – Securing State
• Persistent Storage
• Virtual Memory
• CPU and Chipset Registers and Caches
• Peripherals
• Displays
12. Implementation
Securing File Systems
• Using ZIAfs (Zero-Interaction File
System)
• Uses in per-directory keys
Physical Memory
• Encrypts main memory in-place - Kmem
13. Implementation
Swap Space
•
Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption.
•
Never encrypt the pages of critical processes.
•
The system must ensure that the encryption keys are pinned in memory.
14. Implementation
• Video
•
Lock Mouse and Keyboard
•
Blank the frame buffer via Display Manager
• Application-Aware Mechanisms
•
Identify some key processes, that may not be able to survive the hibernation process or that handle
sensitive data
16. Evaluation
•
IBM ThinkPad x24 Notebook – Linux kernel 2.4.20
•
•
256MB RAM
•
•
1.113 GHz Intel Pentium III
30GB IDE Disk Drive – 12ms average seek time
Compaq iPAQ 3870 – Familiar Linux
•
206 MHz StromARM
•
64MB SDRAM
•
32MB Flash ROM
17. Evaluation – File System
Copy a source tree, traversing the tree and its contents and compiling it
18. Evaluation – Physical Memory
1.
Freeze execution of all running processes
2.
Encrypt in-place memory the physical memory pages of the frozen processes
3.
Overwrite freed pages and other shared kernel buffers
•
200MB Memory allocated
•
10 Runs (On average 46,740 pages)
19. Evaluation – Physical Memory
Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place