Capture Resistance in Mobile Devices

Jeffrey Hui - csc586a summer03

                              

                                        

OutlineDefinitionsHow safe is your mobile device?Existing capture resistance technologiesTechnologies for early adoptersFuture Research

Your network is only as secured as your weakest link. If your mobile device is lost or stolen, it might become the weakest link due to its software setup or sensitive data.Capture resistance is technologies that protect the mobile data in a captured device.Mobile devices are computing devices that can be unplugged from the wall, e.g. notebooks, PDAs, cell phones. They have enough CPU horsepower to run network-centric software or components, e.g. VPN, workflow automation…etc.

Loss/Theft Statistics In the US, 53% more notebooks were stolen in 2001 than 2000. –

Safeware Insurance Group …208,000 notebooks with a value of nearly $640 million were

reported stolen in 2000. – InformationWeek …2,900 notebooks, 1,300 PDA’s and over 62,000 mobile phones have

been left in London’s taxi cabs in…6 months with an average of 3 phones per taxi. - TECS

A recent study conducted by the FBI found that 57% of computer crimes were linked to stolen computers that were then used to break into computer servers later on. – SC Magazine

The FBI lost 184 notebooks along with a number of weapons. At least 14 of the laptops were believed to have been stolen and one contained classified information of two closed cases. - USA Today

Mobile Data

Personal Emails, family pictures, eCash.

Doctor Patient records.

Engineer New product spec, VPN client.

Executive Private key for e-signature, earnings reports.

Researcher Research data, results.

Police Investigative data.

Capture Resistance Technologies

TrackingSelf-destruct files2+ Factor EncryptionBiometric systemsPrivate key that supports disabling

TrackingA “stealth” agent that resides in a mobile device, and periodically contacts a monitoring center by modem or IP [Cotichini & Cain].If by modem, monitoring center will record the incoming caller id. If by IP, the device’s traceroute is recorded.

Agent Technical DetailsImplemented like a virus. A sub-loader in the boot sector loads the agent before the OS. “Cloaking” techniques (rootkit) intercept OS read and write calls to prevent detection and deletion.Alternatively, agent can be implemented in BIOS or ROM extensions, e.g. Toshiba/Computrace.

Self Destruct Files• The same “stealth” technique can be used for remote delete.

• The monitoring center can send a remote “delete” command when the agent calls in from a stolen device.

• The agent will delete the data directory in the background over several hours to avoid detection.

Encryption

Self-destruct files might not work 100%.Strong encryption should be used for all sensitive data on mobile devices.

ProblemMany applications already support encryption. But few people use them as they are tedious.Automatic encryption utilities based on the login password are available but susceptible to offline dictionary attacks.Last week, new offline attack based on Oechslin broke 99.9% of alphanumeric passwords in 13.6s.

Microsoft NGSCB

2+ Factor Authentication & Encryption

What you know.What you have.What you are.

What you KnowPassword + “salt” is harder to break than even non-dictionary alphanumeric passwords.

What you haveA symmetric key stored in a separate object, e.g. smart card, RFID chip, USB memory key…

What you areBiometric systems are emerging as the third factor of authentication & encryption, e.g. fingerprints, hand geometry, iris scans, facial recognition, voice recognition, facial temperature…Potentially much harder to forge.

Issues of Biometric Systems

Current biometric systems still have non-zero FRR and FAR.Certain fingerprint patterns cause high FAR.Glasses and certain camera angles decrease accuracy of facial recognition.Matsumoto demonstrated that he could make gelatin fingers using latent fingerprints on a wine glass. He then successfully cheat 11 commercial fingerprint sensors over 80% of the times.Researchers propose fusion of 2-3 biometric systems.

FeatureExtraction

Module

MatchingModule

DecisionModule

FeatureExtraction

Module

MatchingModule

DecisionModule

Accept/Reject

Accept/Reject

Fusion MM DM Fusion DM Fusion

Accept/RejectAccept/Reject

Accept/Reject

Fusion of BiometricSystems

Fingerprint sensor

Facial recognitionsensor

ImprovementExperiments show that sum rule at the matching module (weighted average of scores from multiple modalities) gives one of the best improvements to FAR and FRR.With 50 users and 3 modalities, the FAR is 0.03% and FRR is 1.78%. [Ross & Jain]

2+ Layered Encryption

V = E(m) password + salt

V’ = E(v) external token key

V’’ = E(v’) biometric vector hash @ time

0

Private Key in Mobile Device

Electronic signature acts have been passed in many countries.Private keys will become more ubiquitous in mobile devices for digital signature, eCash, decrypting workflow documents, emails…etc.

Limitation of CRL & OCSPImagine your boss sends you a confidential document encrypted using your public key.After you retrieve the document, your PDA is stolen.Even if you request the CA to revoke the public certificate, there is no way to prevent the adversary from reading your confidential document with the captured private key.

Private Key that Supports Instantaneous DisablingSecurity Mediator (SEM) architecture using an online semi-trusted server [Boneh & Ding].Based on Mediated RSA (mRSA), a variant of RSA that splits a private key into 2 parts using threshold cryptography. mRSA transparent to RSA public key users.

CA

mRSA Key Setup

MobileDevice

SEMServer

Usercertificate

Certificate Authority

Generates key set{p, q, e, d and d_sem}

n = pqd_sem is a random number inthe interval [1, n].

Half secret key

DK = (n, d_user)

Half secret key

SK = (n, d_sem)

Public key

EK = (n, e)

modulus n is product of two large primesp & q, and e is an integer relativelyprime to n.

d = d_sem + d_user mod f(n)

User Decrypt Component SEM Component

partialDecrypt

encrypted message c

mRSA Decryption

isUserRevoked

PC_Sem

d_semPC_sem = c (mod n)

userPartialDecrypt

d_userPC_user = c (mod n)

verify

ec == (PC_sem * PC_user) (mod n)

combineDecryption

plaintext = PC_sem * PC_user

Conclusion & Future Research

Firewall makes it safe for “Networked PC in every home”. Capture resistance technology will be a must before “Networked mobile device in every pocket” becomes a reality.

Location aware security.Smart intrusion detection agent for self-destruct files.Less intrusive & more accurate biometric systems.

References1. C. Cotichini, F. Cain, “US Patent 6,300,863”, 1998.2. D. Boneh, X. Ding, G. Tsudik, C. Wong, “A Method for Fast Revocation of

Public Key Certificates and Security Capabilities”, USENIX Security Symposium 2001.

3. A. Ross, A. Jain, “Information Fusion in Biometrics”, 2002.4. L. Gong, M. Lomas, R. Needham, J. Saltzer, “Protecting Poorly Chosen

Secrets from Guessing Attacks”, IEEE Journal on Selected Areas in Communications, Vol. 11, No.5, June 1993.

5. P. MacKenzie, M. Reiter, “Networked Cryptographic Devices Resilient to Capture”, DIMACS May 2001.

Questions?