Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General...
Transcript of Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General...
![Page 1: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/1.jpg)
Stan
ford
Com
pute
r Se
curi
ty L
ab
Mobile Token-Based AuthenticationOn a Budget
Hristo Bojinov Dan BonehStanford Computer Security Lab
Saturday, April 16, 2011
![Page 2: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/2.jpg)
Talk overview
General theme: Unlocking smartphones
Part 1: About this work
‣ Compass as a receiver
‣ Microphone as a receiver
‣ Cost and power
Part 2: On-going and future work
Saturday, April 16, 2011
![Page 3: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/3.jpg)
Stan
ford
Com
pute
r Se
curi
ty L
ab
Compass
Saturday, April 16, 2011
![Page 4: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/4.jpg)
Permanent magnets
Saturday, April 16, 2011
![Page 5: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/5.jpg)
Permanent magnets (continued)
Poor resolution: distance to magnets is too great!
Saturday, April 16, 2011
![Page 6: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/6.jpg)
Magkey prototype
Saturday, April 16, 2011
![Page 7: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/7.jpg)
Magkey circuit
Saturday, April 16, 2011
![Page 8: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/8.jpg)
MagLock app
up to ~5 baud (N1)about 1 inch range
Saturday, April 16, 2011
![Page 9: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/9.jpg)
MagLock app
Saturday, April 16, 2011
![Page 10: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/10.jpg)
Stan
ford
Com
pute
r Se
curi
ty L
ab
Microphone
Saturday, April 16, 2011
![Page 11: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/11.jpg)
Mickey prototype
Saturday, April 16, 2011
![Page 12: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/12.jpg)
Mickey circuit
Magkey, minus the coil, plus:
Saturday, April 16, 2011
![Page 13: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/13.jpg)
MicLock app
up to ~100 baud (N1)about 1 foot range
Saturday, April 16, 2011
![Page 14: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/14.jpg)
MicLock app
Saturday, April 16, 2011
![Page 15: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/15.jpg)
Stan
ford
Com
pute
r Se
curi
ty L
ab
Cost and Power
Saturday, April 16, 2011
![Page 16: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/16.jpg)
Cost
Component Unit cost Magkey Mickey
Timer IC $0.20 $0.20 $0.40
Shift Register IC $0.25 $0.50 $0.50
Discrete varies $0.37 $0.38
Total (Prototype) $1.07 $1.28
PIC IC $0.38 $0.38 $0.38
Total (PIC) $0.75 $0.76
Saturday, April 16, 2011
![Page 17: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/17.jpg)
Current and longevity
Current Mode Magkey Mickey
Average 6.91mA 0.23mA
Peak 16.00mA 0.25mA
Continuous 210 hrs 6500 hrs
On-demand >5 yrs >10 yrs
Saturday, April 16, 2011
![Page 18: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/18.jpg)
Stan
ford
Com
pute
r Se
curi
ty L
ab
What’s Next?
Saturday, April 16, 2011
![Page 19: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/19.jpg)
Low-power wireless
Contactless cards (e.g. NFC)
‣ No batteries required in token
‣ Off-the-shelf tokens: today
‣ Short practical range
Bluetooth 4.0 (Low-energy)
‣ Might be more pervasive than NFC: laptops, PCs
‣ Designed for long-term, synchronous operation
‣ A decent alternative we might consider
Saturday, April 16, 2011
![Page 20: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/20.jpg)
So, what is next?
Prove token authentication viability (mobile devices)
‣ Analyze more [proprietary] technologies
‣ Influence NFC security agenda
Develop end-to-end token authentication theme
‣ Authentication on the web, multi-tenant tokens
‣ PC authentication... keychains, PAM, Windows?
Saturday, April 16, 2011
![Page 21: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/21.jpg)
Stan
ford
Com
pute
r Se
curi
ty L
ab
Conclusion
Saturday, April 16, 2011
![Page 22: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/22.jpg)
Conclusion
Massive opportunity to redo user authentication:
‣ Phones are the most versatile computers to date
★ Rapid, on-going evolution, diverse inputs
‣ Momentum to standardize light-weight wireless
‣ Threats are more abundant than ever before
Address local, mobile app, and web authentication.
Drive the security agenda into standards efforts.
Saturday, April 16, 2011
![Page 23: Mobile Token-Based Authentication - Stanford University · 4/16/2011 · Talk overview General theme: Unlocking smartphones Part 1: About this work ‣ Compass as a receiver ‣](https://reader034.fdocuments.us/reader034/viewer/2022042419/5f3678ed198f6d7f583a1415/html5/thumbnails/23.jpg)
Stan
ford
Com
pute
r Se
curi
ty L
ab
Time for Q&A.http://seclab.stanford.edu
Saturday, April 16, 2011