Embed Size (px)
Citation preview
with Monica Lam, David Mazieres, John Mitchell, and many students.
Security for Mobile Devices
NSF Site Visit, June 2010
POMI2020
POMI Research Agenda
Applications
Data & Computing SubstratePrPl, Junction and Concierge
Radio technology
Econom
icsCinder: Energy aware, secure OS
secure apps
UI
HW Platform
Network SubstrateSoftware Defined Network & OpenFlow
Handheld
Infrastructure
platformsecurity
secureapps
POMI mobile security work
• Snap2Pass and Snap2Pay [DSBL’10]
• A password manager for mobile devices [BBBB’09]
• Android security: ASLR on Android [BB’10]
• Unlocking phones using cheap tokens [BB’10]
• Preventing tap-Jacking attacks on mobile web sites [RBB’10]
Joint work with Arvind Narayanan, Narendran Thiagarajan, and Mugdha Lakhani
Location services without big brother
Location-based social networking
Finally taking off?
Proximity Alerts
Detect when friends are nearby (e.g. Loopt)• Today: 24/7 user tracking by server
Our privacy goals:• When not nearby, friends don’t see your location• Server never sees your location
Building block for more complex functionality
Proximity alerts: applications
Granularity must be user-configurable
How we arrived at this problem
• POMI barrier #1: reliance on big brother• PrPl effort: social networks with privacy
• Many discussions with PrPl participants:• Can we make location-based services private?• Similarly, can we do private targeted advertising? (NDSS’10)
• Other results from the interaction:• QR codes for better user authentication [DSBL’10]
• Unlocking a phone using cheap tokens [BB’10]
Reducing proximity test to equality test
Equality testing
Space of possible locations is small! (32 bits)
Method 1: protocol based on public-key encryption (Lipmaa)
• Heavy computation: impractical for proximity of all friends
x y=?
Requires shared secret keys between pairs of friends
Our approach
An efficient protocol with server participation
Trust assumption: server does not collude with your friends
x y
r ( x – y )
Total traffic: 24 bytes, easy computation
?? ??
no one knows r
Problem: online brute-force attack
If only there were a way to verify that a user really is where they claim to be…
Solution: location tags (for small granularity)
Properties of location tags
Location tag = vector + matching functioni.e., space-time fingerprint
Unpredictability cannot produce matching tag unless nearby
Reproducibility two devices at same place & time produce matching
tags (not necessarily identical)
Location tags using WiFi packets
Discard packets like TCP that may originate outside local network• DHCP, ARP, Samba etc. are local• 15 packets/sec on CS/EE VLAN
Two different devices see about 90% of packets in common
Comparing location tags: privately test if intersection > 90%
Android implementation
Android implementation
Android implementation
Future work
Many location privacy questions:
• Private location based advertising
• Private location based search
• Private location statistics
