Security Management for Mobile Peer-to-Peer Systems

Transcription

1 Security Management for Mobile Peer-to-Peer Systems Christian Rohner Communications Research Group

2 Contents Introduction Security for Networked Devices - Motivation Project Outline Preliminary Results Project Administration: Questions

3 Mobile Peer-to-Peer Systems Variety of specialized devices Devices offer their functionality as services Spontaneous interaction Challenges - many devices, from big to small - no central services - individual users

4 Security for Mobile Peer-to-Peer Systems Personal and private information Limited resources Open and unknown environment Goal: Control access to information and resources - Access control - Encryption if necessary - Privacy (including meta-data such as location, etc.) Security Mechanisms are available, but...

5 Background - Building Secure Links Using trust A B trust Initially required channels: O(n 2 ) Not all relations are needed Initially required channels: O(n) > Trusting an entity to send only authenticated information > Trusted entity must be available

6 Background - Authorization A B A B policy policy On-line authorization server: Involved in every interaction Get credentials in advance (e.g., Kerberos) Server must be available

7 Challenge - Administration user admin Administrative domain shifts to the user Security protocols are complex to configure

8 Project Vision - Self Configuration Build security relations to simplify self configuration of other protocols. Federations - Intuitive bootstrapping - Include weak devices - Security and trust relations between devices - Sandbox for other protocols Mobility - Dynamic join/split/leave of federations

9 Project Outline Security Bootstrapping Key generation, authentication, distribution Build security and trust relations User A User B User C Security Proxy Support for weak devices Virtual services Secure Groups Efficient group notation Recognition of groups Agreement

10 Activities Security Bootstrapping Ownership model Security Policy Definition Language Delegation Novel pairing mechanisms (sense the key, drag&drop) Security Proxy Prototype Implementation Virtual Services: Concept Authentication protocols: Mathematical analysis Authentication protocols: Implementation on mobile phone Secure Groups

11 Authentication Protocols Protocol Messages Claimant Verifier SSH (Diffie-Hellman + pswd) Fiat-Shamir (1 round) Kerberos Modified Needham-Schroeder number of cycles in 1000

12 Fiat-Shamir - Implementation A B s, v = s 2 mod n, n v, n r R [1, n[ x = r 2 mod n e R [0, 1] y = rs e mod n y 2 =? xv e Execution on a mobile phone: Rounds 1 5 ( ) 5 (in one Round) Time 14s 50s 18s Calculations: a few Milliseconds GPRS req-resp: 4.5s Is computational complexity an issue??? n rounds correspond to a security margin of 2 -n

13 Security Bootstrapping - Outline Security bootstrapping for networked devices: - No pre-defined relations no secure links, no trust relations, unknown devices - No central service no administrator, no trusted third party Ownership Model - Federate devices owned by the same user Security Policy - Introduce other devices - Assign rights to relations User A User B User C

14 Related Work and Motivation Resurrecting Duckling Policy Model [SA99, Sta00] - Secure Transient Association Exchange of shared secret during physical contact Back into initial state - Default policy: Master can access all services Policy update is a service master-slave peer-to-peer Shortcomings: - Pair wise associations - Get authentic credentials to describe peer devices - Lifecycle (e.g., delegation) - Exception handling (e.g., loss of device)

15 Ownership Model Random key is the identity of the device Pairing: Password-authenticated key-exchange > Generate certificate - results in certificate chains towards one of the user s devices - recognize siblings > Default policy siblings optimization, revocation loss of a device, delegation

16 Drag&Drop Key Exchange This approach is also suitable for small devices that don t have display or keyboard. A SM drag visual code AddrA B drop visual code AddrB hello Visual Codes: Can be used as an authentic channel Visual codes can be used as authentic channel: PKA PKA, AddrA Fiat-Shamir authentication protocol for proving knowledge of secret key We use the visual codes for representing the bluetooth addresses of the devices. For the future the public keys could be coded. We have transformed an insecure channel between the devices A and B in an authentic channel, A B, by using the visual channels A SM and cure Drag&Drop Key Exchange tian Rohner, Henrik Andersson, Ioana Ungurean B SM, and the channel SM which we make authentic by askin confirm that he trusts SM. B*->SM not relevant. SM*->B: checking that mess on dialogue (?), Trust cannot generate authenticit it allows to combine two atuthentic channels into hange is how f key material r. The be intuitive or a nonvolve as little the user. Department of Information Technology, Box 337, SE-7 g&drop key o the other. le for small lay or d as authentic Legen PK - p Addr A - the B - the SM- se keys A drag visual code AddrA SM B drop visual code AddrB hello PKA PKA, AddrA Legend: PK - public key Addr - bluetooth address A - the device that owns the PK B - the device that will get the PK SM- security manager, transports the