Dynamic Locations: Secure Mobile Services Discovery

Download Report

Transcript Dynamic Locations: Secure Mobile Services Discovery

Dynamic Locations:
Secure Mobile Services Discovery and
Dynamic Group Membership
Ryan Lackey
<[email protected]>
www.metacolo.com
Ryan Lackey http://www.metacolo.com/
Who?




Interest in “cypherpunk” technologies from 1992
to present, particularly anonymized
communications, agents, and electronic cash
Ultimate goal: anonymous secure infrastructure
from end to end: clients, servers, networks, pro
Founded HavenCo/ran 2000-2002
metacolo: offshore colo in 9 markets, related
projects, including secure mobile systems
Ryan Lackey http://www.metacolo.com/
Introduction



Lots of work has been done to network fixed
equipment, and to secure fixed network
connections, but most mobile apps are just
slightly modified versions of fixed applications
Most mobile networked systems have simplified
security models; some link security but little
application specific security end to end
Fundamentally new kinds of applications are
possible with secure mobile systems
Ryan Lackey http://www.metacolo.com/
Fundamental Constraints




Power and bandwidth limited
Many nodes in continual motion and
appear/disappear rapidly
Much infrastructure is closed and long
cycles to upgrade and deploy
UI complicated by devices and use cases
(user attention not dedicated)
Ryan Lackey http://www.metacolo.com/
Platform




HP/Compaq iPaq running Linux
Laptops running Linux and FreeBSD
802.11b and 1xRTT IP-based
communications
Open systems for easy development,
python for rapid development
Ryan Lackey http://www.metacolo.com/
Applications of Interest



“Matchmaking” – letting parties meet
with similar interests meet up
Secure messaging (communications and
message-based low-overhead protocols,
including payment systems)
Secure streams (VoIP, VPN)
Ryan Lackey http://www.metacolo.com/
“Matchmaking”



Demo app is letting people define a set of
interests, then announce to the world, without
risk of being “interrogated” by third parties
Useful for service discovery too – announce that
you’re running certain services to others in the
set, but not to the public (RIAA, MPAA,
Government, etc)
Attestations, with optional protection from traffic
analysis as well
Ryan Lackey http://www.metacolo.com/
Secure short messages




Text messaging
Much easier technically than streams
Store/forward possibility
Also useful for many protocols, either in
two way or polled mode
Ryan Lackey http://www.metacolo.com/
Streams

Voice over IP is key market – encrypted
cellphone using low-bandwidth channel
(1xRTT or HSCSD GSM) and
anonymization of calls
Ryan Lackey http://www.metacolo.com/
Interaction models




True peer to peer
“Security proxy” or user
selected/operated operational server
Centralized client-server operated by
application developers
Centralized client-server operated by
communications providers
Ryan Lackey http://www.metacolo.com/
Existing p2p systems


Generally designed for high bandwidth
media sharing with minimal anonymity
layered over existing IP networks
Not really designed for interactive
communication
Ryan Lackey http://www.metacolo.com/
Existing mobile client-server
systems



Designed with link encryption to the
wireless hub, or to the server
Closed development environment
controlled by mobile companies
Hard for users and application developers
to really trust the security model
Ryan Lackey http://www.metacolo.com/
Early mobile p2p systems


“lovegety” – a system to use RF to share
information about membership in certain
groups
Subject to “trawling”, direction finding
attacks, and “corraling” small numbers of
users to identify
Ryan Lackey http://www.metacolo.com/
Security Implications




Confidentiality, Integrity, Authentication
solvable through traditional systems
Traffic analysis is the hard problem
Complete undetectability of special traffic
Of course, reliability, availability, etc. are
still major concerns, and special mobile
constraints
Ryan Lackey http://www.metacolo.com/
Policy Implications



Centralized systems vulnerable to
technical or legal attack
Who to trust – communications provider,
applications provider?
Trust is essential to enabling certain
applications
Ryan Lackey http://www.metacolo.com/
Central Mediation



Servers trusted by some party to take all
communications and retransmit
Defeats firewalls/proxies/NAT as well as
provides protection from traffic analysis
Persistence; can buffer communications
for users with intermittent connectivity
Ryan Lackey http://www.metacolo.com/
True Peer to Peer
Cryptographic Systems



Computationally intensive on client
Bandwidth intensive; may only be able to
send single bits!
Generally can put user into a “collusion
set” but unless set is large, elimination
can identify user
Ryan Lackey http://www.metacolo.com/
Covert channels for mobile
use




Masking using pre-recorded traffic
Sniffing and simulating
MITM
“Design for MITM” – Dining
Cryptographer’s Networks, etc.
Ryan Lackey http://www.metacolo.com/
Dining Cryptographer’s
Network
Due to David Chaum, described at
http://cypherpunks.venona.com/date/1992/12/msg00107.html
Multiple parties can communicate without
revealing to one another which is initiating the
communications
Ryan Lackey http://www.metacolo.com/
Anonymizing remailers as
model



Store and forward messaging with
latency added
Complicated due to node unreliability
Send out multiple messages; tradeoff of
bandwidth waste vs. latency vs. reliability
Ryan Lackey http://www.metacolo.com/
Current solution


Communications with a trusted server
using fixed-rate messaging (tuned for
bandwidth)
Inter-server communications, allowing
users to select “security proxy servers” to
act on their behalf, optionally running
servers themselves
Ryan Lackey http://www.metacolo.com/
Conclusions


Mobile-specific (more properly, dynamic)
security is a very hard problem
Key is finding applications which fit
currently available technology – message
based, with secure service discovery
Ryan Lackey http://www.metacolo.com/
Future work


Develop an application developer’s toolkit
with service discovery on top of secure
message-passing and streams systems
“Killer apps” of VoIP and mobile payment
– good stream based systems
Ryan Lackey http://www.metacolo.com/