Manoj Seminar

8/3/2019 Manoj Seminar

1/22

Zero-Interaction

Authentication

Manoj P Deshpande

Computer science,

RV College of Engineering


2/22

1/1/2012 2

Background

/Motivation

Protection against data exposure

requires encryption.

Encryption requires a password.

Password cannot be stored on the mobile

device because it may be lost or stolen.

Frequently prompting the user for thepassword is annoying.


3/22

1/1/2012 3

Zero-Interaction Auth. (ZIA)

Avoid continuously prompting the user

by having the user wear an

authentication token.

Infrequently: the user authenticates with

the token.

Frequently: the token authenticates withthe laptop through a short-range wireless

link.


4/22

1/1/2012 4

Basic Idea

Token must be worn by user in order

to decrypt file on laptop.

Token must be integrated into

something small like the IBM Linux

watch to minimize the chance of

loosing it.


5/22

1/1/2012 5

Goal

Take an existing cryptographic file

system and improve it by eliminating

usability burdens while minimizing the

file system performance hit.


6/22

1/1/2012 6

Design The token is not powerful enough to

constantly encrypt/decrypt each file. Thus,

add another encryption layer.


7/22

1/1/2012 7

Requirements

1. Token must not decrypt someone

elses key.

2. Token cannot send users decrypted

key in plain text over wireless link to

laptop.

Wireless link must be secure


8/22

1/1/2012 8

Token Authentication System PIN activates token

Bind prevent token from

responding to another

laptop Authentication/Session

keys establish secure

wireless channel

Poll ensure token is stillpresent

Secure Laptop encrypt

cached objects for safety


9/22

1/1/2012 9

Threats

1. Attacker gaining physical possession

of laptop

Use another system to analyze laptop

Analyze physical memory of running

laptop

2. Exploitation of wireless link Eavesdropping/replay, modification,

message insertion


10/22

1/1/2012 10

Assumptions

Users are part of administration domain

with at least one trusted key management

authority.

System must still be usable when laptop is

disconnected from rest of the network.

Token and laptop OS = trusted computingbase.

Trusted users are notcompromised.


11/22

1/1/2012 11

What ZIA does notdo:

Does not allow a remote user to gain

access to his/her files

Does not prevent an attacker from

jamming the wireless link by flooding

the airwaves.


12/22

1/1/2012 12

Key-Encrypting

Keys

All files are encrypted using symmetric

key Ke by the laptop.

File system stores Ke encrypted using

key-encrypting key Kk, denotedKk(Ke).

Only tokens know Kk

Kk is never divulged.

Tokens can decrypt Kk(Ke).


13/22

1/1/2012 13

Key-Encrypting

Keys (Cont.)

Kkis assigned by local administrativeauthority.

Holds these keys in escrow, used if token is

lost. To allow for users to share laptops, Ke can

be encrypted using:

Ku

a user key or

Kga group key

Exact semantics are file system-dependent.


14/22

1/1/2012 14

Group

Key Complexities

If a user (R) is thrown out of a group

The groups key (Kg) must be changed to Kg

Since Rmay still have decrypted file systemkeys, all files encrypted using Kgmust beencrypted with a new Ke.

Kg must be supplied by administrative

authority in secure environment. This is done incrementally to allow users with

Kg to continue functioning.


15/22

1/1/2012 15

Token/Laptop Interaction

Establish a session key using

Station-to-Station Protocol

(PKI + Diffie Hellman)

Administrative domain certifies the

public keys.

Messages include:

Nonce to prevent replay attack

MAC to ensure data integrity


16/22

1/1/2012 16

File keys

Assigned on a per-directory basis.

Allows amortization of key acquisition cost

under principle of locality (e.g., overlap keyacquisition with physical disk I/O).

People tend to store (and work with) related

files together. Implemented using a file in each directory

containing Ku(Ke) and Kg(Ke).


17/22

1/1/2012 17

Efficiency Issues

Cache decrypted file keys on laptop.

Look in cache prior to asking token to

decrypt the encrypted file key.

Caching and pre-fetching minimizes

laptop/token interaction, but laptop muststill poll for the presence of the token

every second.


18/22

1/1/2012 18

When the token is gone

Flush all cached keys.

Encrypt all decrypted files in cache.

Re-fetch file keys when user returns.

Wireless link is not reliable. To

account for this, laptop tries to contact

token 3 times before flushing keys.


19/22

1/1/2012 19

When a laptop is stolen

Attacker may gain the private key oflaptop, allowing him/her to impersonate a

legitimate laptop. Must remove binding between token and

stolen laptop.

This can be done through a simple interface

on the token.

A stolen laptop that is later recoveredcannot be used b/c it may contain trojans.


20/22

1/1/2012 20

Implementation Evaluation

Setup:

Laptop: IBM Thinkpad 750 (366MHz PIII)

Token: iPAQ 3650 w/32MB RAM

Connected via 802.11b in 1Mb/s ad hoc

mode

128-bit keys iPAQ is more powerful than present-

day watches, but in time watches will

catch up.


21/22

1/1/2012 21

Disconnection and Reconnection

As expected, time varies linearly with page size. User has to wait approx.

6s after arriving at laptop b/f being able to use it.


22/22

1/1/2012 22

Conclusion ZIA solves the problem of repeatedly asking

the user for the password by having the user

wear a token. Since the token is not easily lost (w/ respect

to a laptop), it can safely store userspassword for a long period of time.

Token behaves as proxy for user when thelaptop needs to have one of its encryptionkeys decrypted.

Manoj Seminar

Documents

Transcript of Manoj Seminar