manoj seminar
TRANSCRIPT
-
8/3/2019 Manoj Seminar
1/22
Zero-Interaction
Authentication
Manoj P Deshpande
Computer science,
RV College of Engineering
-
8/3/2019 Manoj Seminar
2/22
1/1/2012 2
Background
/Motivation
Protection against data exposure
requires encryption.
Encryption requires a password.
Password cannot be stored on the mobile
device because it may be lost or stolen.
Frequently prompting the user for thepassword is annoying.
-
8/3/2019 Manoj Seminar
3/22
1/1/2012 3
Zero-Interaction Auth. (ZIA)
Avoid continuously prompting the user
by having the user wear an
authentication token.
Infrequently: the user authenticates with
the token.
Frequently: the token authenticates withthe laptop through a short-range wireless
link.
-
8/3/2019 Manoj Seminar
4/22
1/1/2012 4
Basic Idea
Token must be worn by user in order
to decrypt file on laptop.
Token must be integrated into
something small like the IBM Linux
watch to minimize the chance of
loosing it.
-
8/3/2019 Manoj Seminar
5/22
1/1/2012 5
Goal
Take an existing cryptographic file
system and improve it by eliminating
usability burdens while minimizing the
file system performance hit.
-
8/3/2019 Manoj Seminar
6/22
1/1/2012 6
Design The token is not powerful enough to
constantly encrypt/decrypt each file. Thus,
add another encryption layer.
-
8/3/2019 Manoj Seminar
7/22
1/1/2012 7
Requirements
1. Token must not decrypt someone
elses key.
2. Token cannot send users decrypted
key in plain text over wireless link to
laptop.
Wireless link must be secure
-
8/3/2019 Manoj Seminar
8/22
1/1/2012 8
Token Authentication System PIN activates token
Bind prevent token from
responding to another
laptop Authentication/Session
keys establish secure
wireless channel
Poll ensure token is stillpresent
Secure Laptop encrypt
cached objects for safety
-
8/3/2019 Manoj Seminar
9/22
1/1/2012 9
Threats
1. Attacker gaining physical possession
of laptop
Use another system to analyze laptop
Analyze physical memory of running
laptop
2. Exploitation of wireless link Eavesdropping/replay, modification,
message insertion
-
8/3/2019 Manoj Seminar
10/22
1/1/2012 10
Assumptions
Users are part of administration domain
with at least one trusted key management
authority.
System must still be usable when laptop is
disconnected from rest of the network.
Token and laptop OS = trusted computingbase.
Trusted users are notcompromised.
-
8/3/2019 Manoj Seminar
11/22
1/1/2012 11
What ZIA does notdo:
Does not allow a remote user to gain
access to his/her files
Does not prevent an attacker from
jamming the wireless link by flooding
the airwaves.
-
8/3/2019 Manoj Seminar
12/22
1/1/2012 12
Key-Encrypting
Keys
All files are encrypted using symmetric
key Ke by the laptop.
File system stores Ke encrypted using
key-encrypting key Kk, denotedKk(Ke).
Only tokens know Kk
Kk is never divulged.
Tokens can decrypt Kk(Ke).
-
8/3/2019 Manoj Seminar
13/22
1/1/2012 13
Key-Encrypting
Keys (Cont.)
Kkis assigned by local administrativeauthority.
Holds these keys in escrow, used if token is
lost. To allow for users to share laptops, Ke can
be encrypted using:
Ku
a user key or
Kga group key
Exact semantics are file system-dependent.
-
8/3/2019 Manoj Seminar
14/22
1/1/2012 14
Group
Key Complexities
If a user (R) is thrown out of a group
The groups key (Kg) must be changed to Kg
Since Rmay still have decrypted file systemkeys, all files encrypted using Kgmust beencrypted with a new Ke.
Kg must be supplied by administrative
authority in secure environment. This is done incrementally to allow users with
Kg to continue functioning.
-
8/3/2019 Manoj Seminar
15/22
1/1/2012 15
Token/Laptop Interaction
Establish a session key using
Station-to-Station Protocol
(PKI + Diffie Hellman)
Administrative domain certifies the
public keys.
Messages include:
Nonce to prevent replay attack
MAC to ensure data integrity
-
8/3/2019 Manoj Seminar
16/22
1/1/2012 16
File keys
Assigned on a per-directory basis.
Allows amortization of key acquisition cost
under principle of locality (e.g., overlap keyacquisition with physical disk I/O).
People tend to store (and work with) related
files together. Implemented using a file in each directory
containing Ku(Ke) and Kg(Ke).
-
8/3/2019 Manoj Seminar
17/22
1/1/2012 17
Efficiency Issues
Cache decrypted file keys on laptop.
Look in cache prior to asking token to
decrypt the encrypted file key.
Caching and pre-fetching minimizes
laptop/token interaction, but laptop muststill poll for the presence of the token
every second.
-
8/3/2019 Manoj Seminar
18/22
1/1/2012 18
When the token is gone
Flush all cached keys.
Encrypt all decrypted files in cache.
Re-fetch file keys when user returns.
Wireless link is not reliable. To
account for this, laptop tries to contact
token 3 times before flushing keys.
-
8/3/2019 Manoj Seminar
19/22
1/1/2012 19
When a laptop is stolen
Attacker may gain the private key oflaptop, allowing him/her to impersonate a
legitimate laptop. Must remove binding between token and
stolen laptop.
This can be done through a simple interface
on the token.
A stolen laptop that is later recoveredcannot be used b/c it may contain trojans.
-
8/3/2019 Manoj Seminar
20/22
1/1/2012 20
Implementation Evaluation
Setup:
Laptop: IBM Thinkpad 750 (366MHz PIII)
Token: iPAQ 3650 w/32MB RAM
Connected via 802.11b in 1Mb/s ad hoc
mode
128-bit keys iPAQ is more powerful than present-
day watches, but in time watches will
catch up.
-
8/3/2019 Manoj Seminar
21/22
1/1/2012 21
Disconnection and Reconnection
As expected, time varies linearly with page size. User has to wait approx.
6s after arriving at laptop b/f being able to use it.
-
8/3/2019 Manoj Seminar
22/22
1/1/2012 22
Conclusion ZIA solves the problem of repeatedly asking
the user for the password by having the user
wear a token. Since the token is not easily lost (w/ respect
to a laptop), it can safely store userspassword for a long period of time.
Token behaves as proxy for user when thelaptop needs to have one of its encryptionkeys decrypted.