Dan Boneh dabo@cs.stanford.edu with Monica Lam, David Mazieres, John Mitchell, and many students....

Dan Bonehdabo@cs.stanford.edu

with Monica Lam, David Mazieres, John Mitchell, and many students.

Security for Mobile Devices

NSF Site Visit, June 2010

POMI2020

POMI Research Agenda

Applications

Data & Computing SubstratePrPl, Junction and Concierge

Radio technology

Econom

icsCinder: Energy aware, secure OS

secure apps

UI

HW Platform

Network SubstrateSoftware Defined Network & OpenFlow

Handheld

Infrastructure

platformsecurity

secureapps

POMI mobile security work

• Snap2Pass and Snap2Pay [DSBL’10]

• A password manager for mobile devices [BBBB’09]

• Android security: ASLR on Android [BB’10]

• Unlocking phones using cheap tokens [BB’10]

• Preventing tap-Jacking attacks on mobile web sites [RBB’10]

Joint work with Arvind Narayanan, Narendran Thiagarajan, and Mugdha Lakhani

Location services without big brother

Location-based social networking

Finally taking off?

Proximity Alerts

Detect when friends are nearby (e.g. Loopt)• Today: 24/7 user tracking by server

Our privacy goals:• When not nearby, friends don’t see your location• Server never sees your location

Building block for more complex functionality

Proximity alerts: applications

Granularity must be user-configurable

How we arrived at this problem

• POMI barrier #1: reliance on big brother• PrPl effort: social networks with privacy

• Many discussions with PrPl participants:• Can we make location-based services private?• Similarly, can we do private targeted advertising? (NDSS’10)

• Other results from the interaction:• QR codes for better user authentication [DSBL’10]

• Unlocking a phone using cheap tokens [BB’10]

Reducing proximity test to equality test

Equality testing

Space of possible locations is small! (32 bits)

Method 1: protocol based on public-key encryption (Lipmaa)

• Heavy computation: impractical for proximity of all friends

x y=?

Requires shared secret keys between pairs of friends

Our approach

An efficient protocol with server participation

Trust assumption: server does not collude with your friends

x y

r ( x – y )

Total traffic: 24 bytes, easy computation

?? ??

no one knows r

Problem: online brute-force attack

If only there were a way to verify that a user really is where they claim to be…

Solution: location tags (for small granularity)

Properties of location tags

Location tag = vector + matching functioni.e., space-time fingerprint

Unpredictability cannot produce matching tag unless nearby

Reproducibility two devices at same place & time produce matching

tags (not necessarily identical)

Location tags using WiFi packets

Discard packets like TCP that may originate outside local network• DHCP, ARP, Samba etc. are local• 15 packets/sec on CS/EE VLAN

Two different devices see about 90% of packets in common

Comparing location tags: privately test if intersection > 90%

Android implementation

Android implementation

Android implementation

Future work

Many location privacy questions:

• Private location based advertising

• Private location based search

• Private location statistics