SlideShare uma empresa Scribd logo

Mobile device security using transient authentication

Transferir como PPTX, PDF
Paulo Martins
Paulo Martins

Presentation based on the paper: Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner, and Brian D. Noble

Tecnologia
1 de 24
Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner and Brian D. Noble Apresentação por: Paulo Martins 65929 MERC Filipe Tavares 65898 MEIC IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
Motivation
Goal Proximity Security PowerPoint 2013
Challenges • Tie Capabilities to Users • Do No Harm • Secure and Restore on People Time • Ensure Explicit Consent
Challenges & Requirements • Tie Capabilities to Users • Detect the presence of authorized users • Do No Harm • The system must not require the user’s interaction • When the user arrives the device must restore itself before the user can even notice it was blocked
Challenges & Requirements • Secure and Restore on People Time • When the user leaves the device must secure itself before the attacker would have the change to physically extract any information • Ensure Explicit Consent • The system must not be vulnerable to physical-possession attacks • Ensure that the user’s device is indeed talking to the user’s Token • The token is not communication with any other devices without the user’s consent
Challenges & Requirements • Other Requirements • Must not require extra Hardware
Related Work • Disable keyboard and Mouse: • Vulnerable to physical-possession attacks - Ensure explicit consent • Biometric information: • Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users physically – Do No Harm • Iris Scan – Requires the three cameras – Extra hardware • Erasable Memory: • Requires special hardware – Extra Hardware
Solution • Token System • Securing State • Token Authentication • Key Management and Binding
Solution – Token Authentication and Binding
Solution – Securing State • Persistent Storage • Virtual Memory • CPU and Chipset Registers and Caches • Peripherals • Displays
Implementation Securing File Systems • Using ZIAfs (Zero-Interaction File System) • Uses in per-directory keys Physical Memory • Encrypts main memory in-place - Kmem
Implementation Swap Space • Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption. • Never encrypt the pages of critical processes. • The system must ensure that the encryption keys are pinned in memory.
Implementation • Video • Lock Mouse and Keyboard • Blank the frame buffer via Display Manager • Application-Aware Mechanisms • Identify some key processes, that may not be able to survive the hibernation process or that handle sensitive data
Implementation – Example of Application
Evaluation • IBM ThinkPad x24 Notebook – Linux kernel 2.4.20 • • 256MB RAM • • 1.113 GHz Intel Pentium III 30GB IDE Disk Drive – 12ms average seek time Compaq iPAQ 3870 – Familiar Linux • 206 MHz StromARM • 64MB SDRAM • 32MB Flash ROM
Evaluation – File System Copy a source tree, traversing the tree and its contents and compiling it
Evaluation – Physical Memory 1. Freeze execution of all running processes 2. Encrypt in-place memory the physical memory pages of the frozen processes 3. Overwrite freed pages and other shared kernel buffers • 200MB Memory allocated • 10 Runs (On average 46,740 pages)
Evaluation – Physical Memory Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place
Evaluation – Swap Space
Evaluation – Microbenchmark
Evaluation – Video & AAM
Evaluation – Video & AAM
Do you have any Thank You Questions?

Recomendados

Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldCodiax
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer Greater Noida Institute Of Technology
 
Encryption
EncryptionEncryption
EncryptionNitin Parbhakar
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_roomNCC Group
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Justin Black
 
Mtslesson
MtslessonMtslesson
Mtslessongrahamwell
 

Recomendados

Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldJakub Bartoszek (Samsung Electronics) - Hardware Security in Connected World
Jakub Bartoszek (Samsung Electronics) - Hardware Security in Connected WorldCodiax
 
Senior Technology Education
Senior Technology EducationSenior Technology Education
Senior Technology EducationSummerpair77
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer Greater Noida Institute Of Technology
 
Encryption
EncryptionEncryption
EncryptionNitin Parbhakar
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_roomNCC Group
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Justin Black
 
Mtslesson
MtslessonMtslesson
Mtslessongrahamwell
 
Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware KashifKhan417
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)securitySam Bowne
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Webroot
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network Sentry Global Technologies, LLC
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
Firewall
FirewallFirewall
FirewallNikhil Dagale
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsHealth Informatics New Zealand
 
Personal security
Personal securityPersonal security
Personal securityDirectorate of Information Security | Ditjen Aptika
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryptionguest990c6c
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
Data security
Data securityData security
Data securitysbmiller87
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet SecurityCODE BLUE
 
Lecture 4
Lecture 4Lecture 4
Lecture 4Tanveer Malik
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelinesviplavsarkar
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access securityPanorama Software
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animationviplavsarkar
 
Mvp2
Mvp2Mvp2
Mvp2nolangage
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentationdikshagupta111
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 

Mais conteúdo relacionado

Mais procurados

1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)securitySam Bowne
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Webroot
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsHealth Informatics New Zealand
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryptionguest990c6c
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet SecurityCODE BLUE
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelinesviplavsarkar
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access securityPanorama Software
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animationviplavsarkar
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentationdikshagupta111
 

Mais procurados (20)

Keyloger & spyware
Keyloger & spyware Keyloger & spyware
Keyloger & spyware
 
1. Mobile Application (In)security
1. Mobile Application (In)security1. Mobile Application (In)security
1. Mobile Application (In)security
 
Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.Revolutionary Security. Ultimate Performance. Minimal Management.
Revolutionary Security. Ultimate Performance. Minimal Management.
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systems
 
Building a Hacker Resistant Network
Building a Hacker Resistant Network Building a Hacker Resistant Network
Building a Hacker Resistant Network
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
 
Firewall
FirewallFirewall
Firewall
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
 
Technical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health RecordsTechnical Vulnerabilities of Electronic Health Records
Technical Vulnerabilities of Electronic Health Records
 
Personal security
Personal securityPersonal security
Personal security
 
Why Go Beyond Encryption
Why Go Beyond EncryptionWhy Go Beyond Encryption
Why Go Beyond Encryption
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
Data security
Data securityData security
Data security
 
[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security[CB19] Hardware Wallet Security
[CB19] Hardware Wallet Security
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Tek systems it guidelines
Tek systems it guidelinesTek systems it guidelines
Tek systems it guidelines
 
Necto 16 training 18 access security
Necto 16 training 18 access securityNecto 16 training 18 access security
Necto 16 training 18 access security
 
Tek systems it guidelines - animation
Tek systems it guidelines - animationTek systems it guidelines - animation
Tek systems it guidelines - animation
 
Mvp2
Mvp2Mvp2
Mvp2
 
Osd diksha presentation
Osd diksha presentationOsd diksha presentation
Osd diksha presentation
 

Semelhante a Mobile device security using transient authentication

CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaOlajide Kuku
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore developmentgmaran23
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsRivetz
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authenticationMecklerMedia
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webST_World
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityPrecisely
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsSam Bowne
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Hai Nguyen
 

Semelhante a Mobile device security using transient authentication (20)

CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami Laiho
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthautha
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
Security by Design for Law Firms
Security by Design for Law FirmsSecurity by Design for Law Firms
Security by Design for Law Firms
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Provable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain Transactions
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authentication
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical Security
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security Operations
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 

Mobile device security using transient authentication

  • 1. Mobile Device Security Using Transient Authentication Anthony J. Nicholson, Mark D. Corner and Brian D. Noble Apresentação por: Paulo Martins 65929 MERC Filipe Tavares 65898 MEIC IEE TRANSACTIONS ON MOBILE COMPUTING, VOL.5, NO.
  • 4. Challenges • Tie Capabilities to Users • Do No Harm • Secure and Restore on People Time • Ensure Explicit Consent
  • 5. Challenges & Requirements • Tie Capabilities to Users • Detect the presence of authorized users • Do No Harm • The system must not require the user’s interaction • When the user arrives the device must restore itself before the user can even notice it was blocked
  • 6. Challenges & Requirements • Secure and Restore on People Time • When the user leaves the device must secure itself before the attacker would have the change to physically extract any information • Ensure Explicit Consent • The system must not be vulnerable to physical-possession attacks • Ensure that the user’s device is indeed talking to the user’s Token • The token is not communication with any other devices without the user’s consent
  • 7. Challenges & Requirements • Other Requirements • Must not require extra Hardware
  • 8. Related Work • Disable keyboard and Mouse: • Vulnerable to physical-possession attacks - Ensure explicit consent • Biometric information: • Fingerprint - It is intrusive, since it has a high false negatives rate and restrain users physically – Do No Harm • Iris Scan – Requires the three cameras – Extra hardware • Erasable Memory: • Requires special hardware – Extra Hardware
  • 9. Solution • Token System • Securing State • Token Authentication • Key Management and Binding
  • 10. Solution – Token Authentication and Binding
  • 11. Solution – Securing State • Persistent Storage • Virtual Memory • CPU and Chipset Registers and Caches • Peripherals • Displays
  • 12. Implementation Securing File Systems • Using ZIAfs (Zero-Interaction File System) • Uses in per-directory keys Physical Memory • Encrypts main memory in-place - Kmem
  • 13. Implementation Swap Space • Use encrypted file to store swap pages or interpose on swap I/O to perform whole-pare encryption. • Never encrypt the pages of critical processes. • The system must ensure that the encryption keys are pinned in memory.
  • 14. Implementation • Video • Lock Mouse and Keyboard • Blank the frame buffer via Display Manager • Application-Aware Mechanisms • Identify some key processes, that may not be able to survive the hibernation process or that handle sensitive data
  • 15. Implementation – Example of Application
  • 16. Evaluation • IBM ThinkPad x24 Notebook – Linux kernel 2.4.20 • • 256MB RAM • • 1.113 GHz Intel Pentium III 30GB IDE Disk Drive – 12ms average seek time Compaq iPAQ 3870 – Familiar Linux • 206 MHz StromARM • 64MB SDRAM • 32MB Flash ROM
  • 17. Evaluation – File System Copy a source tree, traversing the tree and its contents and compiling it
  • 18. Evaluation – Physical Memory 1. Freeze execution of all running processes 2. Encrypt in-place memory the physical memory pages of the frozen processes 3. Overwrite freed pages and other shared kernel buffers • 200MB Memory allocated • 10 Runs (On average 46,740 pages)
  • 19. Evaluation – Physical Memory Flush-to-Disk w/ Encryption vs Flush-to-Disk no Encryption vs Encrypt in-place
  • 24. Do you have any Thank You Questions?

Notas do Editor

  1. Mencionarquefoifeitoemconjunto com a National Security Agency e a US – National Science Foundation
  2. In Slide Show mode, click the arrow to enter the PowerPoint Getting Started Center.