keypad
play

Keypad: Auditing Encrypted Filesystem for Theft-prone Devices - PowerPoint PPT Presentation

Jan 14, 2023 •108 likes •363 views

Keypad: Auditing Encrypted Filesystem for Theft-prone Devices Roxana Geambasu John P. John Steve Gribble Yoshi Kohno Hank Levy University of Washington The Move to Small, Powerful, Mobile Devices Small, powerful mobile devices are

  1. Keypad: Auditing Encrypted Filesystem for Theft-prone Devices Roxana Geambasu John P. John Steve Gribble Yoshi Kohno Hank Levy University of Washington

  2. The Move to Small, Powerful, Mobile Devices  Small, powerful mobile devices are replacing desktops  Mobile devices bring important advantages:  Location-based services, mobile web  Constant connectivity, data access, email Desktop Small mobile devices 2

  3. The Problem with Mobile Devices  Mobile devices are prone to theft and loss  500K laptops per year are lost in US airports [Ponemon Institute '09]  Mobile device theft/loss exposes sensitive data  SSNs, financial data, health data, trade secrets, state secrets, … 3

  4. Is Encryption Sufficient?  Encrypting files on a mobile device increases security  E.g.: BitLocker, PGP Whole Disk Encryption, TrueCrypt , …  But is encryption enough? 4

  5. Problems with Encryption  Problem 1: Encryption can and does fail  Security and usability are at odds  “Johnny can’t encrypt” [Whitten, Tygar '99]  Users set guessable passwords, reuse them [Gaw, Felten '05] , [Imperva '10]  Users leave smartcards inside laptops [Caveo '03]  Hardware attacks are possible  Cold-boot attacks [Halderman , Schoen, Heninger, et.al. '08]  TPM attacks [Anderson, Kuhn '96]  Problem 2: When encryption fails, it fails silently  User cannot know whether or not the data was compromised 5

  6. Our Goals  After a device is stolen or lost, we want to:  know whether or not the data was compromised  know exactly what data was compromised  prohibit future compromises once the user detects theft T loss T notice time audit compromises prohibit future compromises  We want strong auditing guarantees:  Even if thief turns off network (unlike Apple MobileMe, Intel AT)  Even if thief tampers with the device  Without impacting usability 6

  7. Keypad: An Auditing Encrypted File System  Provides fine-grained remote access auditing and control  Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses T loss T notice Keypad FS audit server user get file F ’s key File F access file F file F ’s key audit log 7

  8. Keypad: An Auditing Encrypted File System  Provides fine-grained remote access auditing and control  Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses T loss T notice Keypad FS audit server thief get file F ’s key File F access file F file F ’s key audit log Any compromise leaves a forensic trail on the server. 8

  9. Keypad: An Auditing Encrypted File System  Provides fine-grained remote access auditing and control  Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses T loss T notice My laptop is gone!! audit server 1. Disable keys for my laptop 2. What’s been accessed since 5pm? audit log

  10. Keypad: An Auditing Encrypted File System  Provides fine-grained remote access auditing and control  Core idea: Force remote access auditing with encryption  Encrypt each file with its own random key  Store the keys on a remote server, which logs all accesses 4:00pm: picture1.jpg auditor 4:05pm: picture2.jpg audit server 4:10pm: calendar.cal T loss : 5pm 5:05pm: ccard.txt 5:10pm: tax2011.pdf T notice : 6pm audit log Compromised files. 10

  11. Keypad’s Architecture audit server mobile device (trusted) application key requests key table audit log ( on read , write ) file operations ( read , write , ID F R F time: ID F ID F rename , ...) R F Keypad FS ID F filename table 1 E ( L F ) R F OK ID F filename E ( F ) L F 2 filename registrations (on create , rename ) e.g., /home/ccard.txt file F ’s internal header ( ID F is a long, random number) 1 file F ’s contents, encrypted with symmetric key L F 11 2

  12. Huge Practical Challenges  Challenge 1: Performance over mobile networks  Mobile networks have huge RTTs (e.g., 300ms for 3G)  Challenge 2: Disconnected data access  Disconnection is rare (WiFi, 3G, 4G), but it happens  Keypad’s design includes novel techniques to address challenges while preserving strong auditing semantics  Limited scope/granularity  Short-term key caching  IBE-based filename registrations  Localized key prefetching  Device pairing  Key preallocation  …  Key derivation 12

  13. Challenge 1: Performance Over Mobile Networks audit server mobile device application key table audit log file ops ID F R F time: ID F Keypad FS network ID F filename (e.g., 3G) E ( L F ) R F ID F table filename E ( F ) L F Optimizing key requests: 1.  Standard techniques: key caching, prefetching, preallocation , …  2 order of magnitude improvement (compilation now takes 8 min) Optimizing filename registrations: 2.  After key optimizations, 56% of the time goes to registrations!  Next: optimizing filename registrations with strong semantics 13

  14. Name Registrations: Semantics/Performance Tradeoff  Strong semantics requires up-to-date filenames on the server for any compromised file ID audit server audit log key table T loss time: ID F ID F R F T notice ID F was compromised! filename table ID F old filename ??? filename e.g.: /tmp/IRS_form.pdf instead of /home/my_taxes.pdf 14

  15. Two Options for Filename Registrations Blocking registrations Non-blocking registrations Device Audit server Audit server Device create/rename F create/rename F write F ? read F (user) 300ms! write F write F read F write F T loss T loss read F read F (thief) time time time time Good semantics Poor semantics Poor performance Good performance 15

  16. How to Have Your Cake and Eat It Too Our Idea: Device Audit server  Do non-blocking registration create/rename F  But if it fails, force the thief to write F (user) read F reveal the filename in order to write F access the file! T loss (thief) The Challenge:  How do we force the thief to read F tell us the filename? time time  Thief might lie to mislead user Good semantics  E.g., declare /tmp/download Good performance instead of /home/ccard.txt 16

  17. One Solution: Identity-based Encryption (IBE)  We develop a protocol for both efficient and secure filename registrations that relies on IBE  IBE background [Boneh, Franklin '01] :  A client can encrypt data using any string as the public key  A designated server can produce a private key for any public key  To decrypt, client must provide public key to get private key  Our protocol uses the filename as the public key 17

  18. IBE-Based Filename Registrations (Intuition)  Wrap encrypted L F with IBE using filename as the public key *  Only the audit server can compute the private IBE key ID F file header IBE_E (E ( L F )) E ( L F ) R F R F filename E ( F ) file contents L F  Thief must provide the true filename to server to obtain L F !  Lying about the filename prevents file access  For performance, we cache L F in memory for one second  Normally, user workloads will not block waiting for private key 18 * A nonce is also included in the IBE public key for security.

  19. Summary of Filename Registration Protocol  Our protocol enables both efficient (non-blocking) filename registrations and strong semantics  Idea: Force the thief to reveal the true name of a file in order to access it  We use IBE in a unique way:  It is typically used for confidentiality  We use it for auditing 19

  20. Keypad Implementation  We built the Keypad file system on Linux  We augment EncFS with auditing and remote control  The audit server runs on Google’s AppEngine  I used Keypad for several weeks with 3G emulated latencies  Overall experience was positive – Keypad absorbs most latency  We measured Keypad with many workloads and metrics  Microbenchmarks, Andrew benchmark, popular applications 20

  21. IBE’s Performance Impact Apache Compilation Time (seconds) Apache Compilation Time (seconds) 500 500 Keypad without IBE Keypad without IBE 450 450 Keypad with IBE 400 400 Baseline (EncFS) Enable Baseline (EncFS) 350 350 IBE Disable IBE 300 300 250 250 3G 3G Keypad 200 200 DSL DSL 150 150 100 100 Broadband Broadband LAN LAN WLAN WLAN 50 50 0 0 300 300 0.1 0.1 1 1 10 10 100 100 Network RTT (ms) – logscale Network RTT (ms) – logscale 21

  22. So, Is Keypad Practical? Time (seconds) Keypad Application Task Baseline (EncFS) WiFi 3G Launch 0.5 0.6 4.6 OpenOffice Word Save as 1.4 1.4 2.0 Processor Open 1.7 1.8 2.1 Launch 3.7 3.8 8.8 Firefox Save a page 0.7 0.7 1.3 Open tab 0.2 0.2 0.2 Launch 1.3 1.3 3.1 Thunderbird Read email 0.3 0.4 1.9 Quit 0.2 0.2 0.2 Launch 0.1 0.1 0.1 Evince PDF Open document 0.1 0.1 0.4 Viewer Quit 0.0 0.0 0.0 22

  23. Challenge 2: Audited Disconnected Access  Keypad’s design relies on network connectivity for auditing!  Our observation : today’s users carry multiple devices  E.g.: laptop, phone, iPad, Kindle  Paired-device Keypad extension uses one device to enable audited disconnected access on another device keys, File F filenames audit server bluetooth partial key & filename partial access log 23 tables

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AGFA mammography keypad May 2012 How does it work Mammography keypad is a user friendly

AGFA mammography keypad May 2012 How does it work Mammography keypad is a user friendly

Instructions to set up AGFA mammography keypad May 2012 How does it work Mammography keypad is a user friendly keyboard specially designed for reviewing/comparing mammography studies It has 20 keys. When you press any key on this

508 views • 12 slides
Presented by: Marco A. Gonzalez mgonzalez321@yahoo.com The spire keypad Click Button The

Presented by: Marco A. Gonzalez mgonzalez321@yahoo.com The spire keypad Click Button The

Presented by: Marco A. Gonzalez mgonzalez321@yahoo.com The spire keypad Click Button The Nav Pad Home Escape Tab Menu Control Clear or Key Backspace Shift Key Catalog Ctl + (Eq. Ed) Ctl + (Math Template) This is the home screen

516 views • 16 slides
Common Structure Control Panel - Features Graphics LCD display Touch keypad Proxy

Common Structure Control Panel - Features Graphics LCD display Touch keypad Proxy

Common Structure Control Panel - Features Graphics LCD display Touch keypad Proxy reader RFID PSTN, GSM and Ethernet communication with CMS ISM Transceiver for 2-Way communication CAN Bus interface for External

475 views • 15 slides
ELEC 3040/3050 Lab 5 Matrix Keypad Interface Using Parallel I/O Goals of this lab exercise

ELEC 3040/3050 Lab 5 Matrix Keypad Interface Using Parallel I/O Goals of this lab exercise

ELEC 3040/3050 Lab 5 Matrix Keypad Interface Using Parallel I/O Goals of this lab exercise Control a real device with the microcontroller Coordinate parallel I/O ports to control and access a device Implement interrupt-driven

532 views • 18 slides
ESBN Presentation to the IGG John Bracken 4th May 2016 Prepayment Meter Stats Keypad Meter

ESBN Presentation to the IGG John Bracken 4th May 2016 Prepayment Meter Stats Keypad Meter

ESBN Presentation to the IGG John Bracken 4th May 2016 Prepayment Meter Stats Keypad Meter Stats: Total installed up to 22 April 2016 @ 77,438 Total installed in 2016 YTD (22 Apr) @ 2,261 2 esbnetworks.ie ESB Networks I-SEM Programme

421 views • 6 slides
Carmel OConnor Prepayment Meter Stats Keypad Meter Stats Total installed up to 16 October

Carmel OConnor Prepayment Meter Stats Keypad Meter Stats Total installed up to 16 October

ESB Networks Update Carmel OConnor Prepayment Meter Stats Keypad Meter Stats Total installed up to 16 October 2015: 73,788 Total installed in 2015 up to 16 October 2015 : 10,930 Token Meter Stats Total installed up to 21 October

202 views • 8 slides
182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: TinyOS Part 2 Weekly

182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: TinyOS Part 2 Weekly

182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: TinyOS Part 2 Weekly Training Objective Already done 3.4.1 Input capture 3.6.3 SPI 3.7.2 Watchdog This week 4.2.1 UART to GLCD 4.2.2 Keypad 4.2.3 Debounced

469 views • 18 slides
182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: TinyOS Part 2 Weekly

182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: TinyOS Part 2 Weekly

182.694 Microcontroller VU Martin Perner SS 2017 Featuring Today: TinyOS Part 2 Weekly Training Objective Already done 3.4.1 Input capture 3.6.3 SPI 3.7.2 Watchdog This week 4.2.1 UART to GLCD 4.2.2 Keypad 4.2.3 Debounced

588 views • 56 slides
NHS Harrogate and Rural District CCG Welcome to Vulnerable people and mental health Improving

NHS Harrogate and Rural District CCG Welcome to Vulnerable people and mental health Improving

NHS Harrogate and Rural District CCG Welcome to Vulnerable people and mental health Improving mental wellbeing and moving towards parity of esteem Dr Rick Sweeney NHS Harrogate and Rural District CCG Instructions The buttons on the keypad

562 views • 18 slides
GAMELOFT Key Account Manager: Yeonjun Hwang, Project Manager: Costin Oprea Index Game

GAMELOFT Key Account Manager: Yeonjun Hwang, Project Manager: Costin Oprea Index Game

GAMELOFT Key Account Manager: Yeonjun Hwang, Project Manager: Costin Oprea Index Game Introduction - Lets Golf3 - Real Football(Soccer) - Asphalt 7(8) Development Experience - Integration of Keypad - Integration of show/hide

448 views • 25 slides
Antenna Controller Earth Station 11m Antenna Ancient History Vertex (now General Dynamics)

Antenna Controller Earth Station 11m Antenna Ancient History Vertex (now General Dynamics)

Radeus 8200 Series Antenna Controller Earth Station 11m Antenna Ancient History Vertex (now General Dynamics) Model 7200 Developed in the early 1990s Simple keypad/display UI January 2015 January 2015 Antenna Axes Inputs

515 views • 22 slides
SML CONCEPT 1 SML CONCEPT 1 SML CONCEPT 1 Design 1 Main features 1 Large yoke arms and yoke

SML CONCEPT 1 SML CONCEPT 1 SML CONCEPT 1 Design 1 Main features 1 Large yoke arms and yoke

SML CONCEPT 1 SML CONCEPT 1 SML CONCEPT 1 Design 1 Main features 1 Large yoke arms and yoke base 2 Deep cast aluminium pan tube base 3 Pan tube base can incorporate components as well as display and keypad 4 Separate double ended handle

509 views • 38 slides
Introducing CipherLab 8000 User Benefits SDK Software Competitive Advantages

Introducing CipherLab 8000 User Benefits SDK Software Competitive Advantages

Introducing CipherLab 8000 User Benefits SDK Software Competitive Advantages FAQ FAQ 3 CipherLab 8000 Series mobile computer Pocket-size lightweight mobile computer User-friendly keypad is laid out like a

785 views • 30 slides
BLACK NOVA PRODUCT ORDERING SKU TRAINING 2019 Internal use only Confidential content - All

BLACK NOVA PRODUCT ORDERING SKU TRAINING 2019 Internal use only Confidential content - All

BLACK NOVA PRODUCT ORDERING SKU TRAINING 2019 Internal use only Confidential content - All right reserved - Black Nova Ltd. - 2019 V.1.1 April 2019 AM Training Structure 1. What is a SKU 2. Order a keypad 3. SKU Structure

472 views • 29 slides
PRODUCT ORDERING SKU TRAINING BLACK NOVA 2019 April 2019 V.1.2 AM Confidential content -

PRODUCT ORDERING SKU TRAINING BLACK NOVA 2019 April 2019 V.1.2 AM Confidential content -

PRODUCT ORDERING SKU TRAINING BLACK NOVA 2019 April 2019 V.1.2 AM Confidential content - All right reserved - Black Nova Ltd. - 2019 Training Structure 1. What is a SKU 2. Order a keypad 3. SKU Structure TRAINING GOAL: Understand

312 views • 29 slides
A Building Block Approach to Intrusion Detection Mark J. Crosbie Hewlett-Packard Company

A Building Block Approach to Intrusion Detection Mark J. Crosbie Hewlett-Packard Company

A Building Block Approach to Intrusion Detection Mark J. Crosbie Hewlett-Packard Company mark_crosbie@hp.com Benjamin A. Kuperman CERIAS, Purdue University kuperman@cerias.purdue.edu http://www.hp.com/products/security/ids/ RAID 2001

485 views • 14 slides
Logging Por$ons courtesy Ellen Liu CSE/ISE 311: Systems

Logging Por$ons courtesy Ellen Liu CSE/ISE 311: Systems

CSE/ISE 311: Systems Administra5on Logging Por$ons courtesy Ellen Liu CSE/ISE 311: Systems Administra5on Outline Introduc$on Finding log files Syslog:

547 views • 21 slides
CYBER SECURITY AND REMOTE WORKING Maritz Cloete, CISSP, M.CIIS 18 June 2020 HOW OUR WAYS OF

CYBER SECURITY AND REMOTE WORKING Maritz Cloete, CISSP, M.CIIS 18 June 2020 HOW OUR WAYS OF

CYBER SECURITY AND REMOTE WORKING Maritz Cloete, CISSP, M.CIIS 18 June 2020 HOW OUR WAYS OF WORKING HAVE CHANGED Social distancing means working from home is the norm Substantially more reliant on IT to engage internally and externally,

884 views • 17 slides
r t r

r t r

r t r sts trs tt tt

994 views • 9 slides
We have to t st t rt tt

We have to t st t rt tt

We have to t st t rt tt r so that we can catch terrorists, drug dealers, pedophiles, and organized criminals. Some of this data is sent

906 views • 48 slides
Top 3 Tech Challenges of 2019 AEC industry report reveals which data points will make or break

Top 3 Tech Challenges of 2019 AEC industry report reveals which data points will make or break

Top 3 Tech Challenges of 2019 AEC industry report reveals which data points will make or break your business Presented by Marge Hart, VP, Product Management Sponsored by MA MARGE HA E HART VP, Product Management 20 years experience with

569 views • 30 slides
Planning and Research Peer Engagement Group October 2020 Data-Driven Justice Johnson County,

Planning and Research Peer Engagement Group October 2020 Data-Driven Justice Johnson County,

Data-Driven Ju Justice: Planning and Research Peer Engagement Group October 2020 Data-Driven Justice Johnson County, Iowa David Schwindt david-schwindt@iowa-city.org Existing Data vs New Data Housing First Study Housing First Study

620 views • 34 slides
Prioritization of Tasks integrated Rule Oriented Data System Reagan Moore {moore, sekar, mwan,

Prioritization of Tasks integrated Rule Oriented Data System Reagan Moore {moore, sekar, mwan,

Prioritization of Tasks integrated Rule Oriented Data System Reagan Moore {moore, sekar, mwan, schroeder, bzhu, ptooby, antoine, sheauc}@diceresearch.org {chienyi, marciano, michael_conway}@email.unc.edu 1 Future Development Development of

689 views • 20 slides
Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice

Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice

Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances Security depends on

1.32k views • 82 slides

More recommend