openkeychain an architecture for cryptography with smart
play

OpenKeychain: An Architecture for Cryptography with Smart Cards and - PowerPoint PPT Presentation

Sep 14, 2022 •420 likes •704 views

Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC

  1. Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC dispatcher cryptography applet binds to API holds secret key operations restricted to API: access control API: low-level operations selected keys Other Clients by PIN high-level crypto operations PIN/password input potentially common user interactions untrusted OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik Schürmann, Sergej Dechand, Lars Wolf, 2017-09-14

  2. Institute of Operating Systems and Computer Networks Working Title: “One Ring to Sign Them All” Dominik Schürmann, Sergej Dechand, Lars Wolf, 2017-09-14

  3. Introduction Architecture User Study Conclusion End-to-End Encryption But let’s start from the beginning... 2017-09-14 Dominik Schürmann Page 3 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  4. Introduction Architecture User Study Conclusion End-to-End Encryption But let’s start from the beginning... End-to-End Encryption on Android Messaging: Signal, WhatsApp, LINE, … Cloud Storage: SpiderOak, Boxcryptor, … Email: ? 2017-09-14 Dominik Schürmann Page 3 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  5. Introduction Architecture User Study Conclusion End-to-End Encryption But let’s start from the beginning... End-to-End Encryption on Android Messaging: Signal, WhatsApp, LINE, … Cloud Storage: SpiderOak, Boxcryptor, … Email: ? Issues Secret Key is stored on the device Android updates rolled out slowly Malware Bring Your Own Device (BYOD) Policies 2017-09-14 Dominik Schürmann Page 3 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  6. Introduction Architecture User Study Conclusion Goals Architecture for End-to-End Encryption Easy API (no knowledge of public key crypto required) Support for secret keys on external NFC tokens Include UI components 2017-09-14 Dominik Schürmann Page 4 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  7. Introduction Architecture User Study Conclusion Goals Architecture for End-to-End Encryption Easy API (no knowledge of public key crypto required) Support for secret keys on external NFC tokens Include UI components Research Goals API Design Comparison with existing APIs Try out new form factors (NFC Ring!) User study of UI components 2017-09-14 Dominik Schürmann Page 4 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  8. Introduction Architecture User Study Conclusion Existing Work Crypto API Misuse Egele et al.: “An Empirical Study of Cryptographic Misuse in Android Applications.” (ACM CCS’11) Fahl et al.: “Why Eve and Mallory Love Android: An Analysis of Android SSL (in) Security” (ACM CCS’12) Usability of Two Factor Authentication on Desktop Systems Strouble et al.: “Productivity and Usability Effects of Using a Two-Factor Security System” (SAIS’09) Lang et al. (Google): “Security Keys: Practical Cryptographic Second Factors for the Modern Web” (Financial Crypto’16) 2017-09-14 Dominik Schürmann Page 5 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  9. Introduction Architecture User Study Conclusion Existing Work Conclusion No App/Library/Architecture on Android for NFC Security Tokens for End-to-End Encryption Studies only about Authentication, not Encryption No studies on NFC Rings for Crypto 2017-09-14 Dominik Schürmann Page 6 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  10. Introduction Architecture User Study Conclusion Architecture Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC dispatcher cryptography applet binds to API holds secret key operations restricted to access control API: API: low-level operations Other Clients high-level crypto operations selected keys by PIN PIN/password input potentially common user interactions untrusted 2017-09-14 Dominik Schürmann Page 7 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  11. Introduction Architecture User Study Conclusion API Specificiation (Simple Version) Action Req. Extras Description SIGN_AND_ENCRYPT USER_IDS Encrypt to email addresses and generate signature - Decrypt and verify signature DECRYPT_VERIFY Typically, APIs only provide low level methods In our case it also provides UI components Includes secure password/PIN caching 2017-09-14 Dominik Schürmann Page 8 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  12. Introduction Architecture User Study Conclusion Demo Videos 2017-09-14 Dominik Schürmann Page 9 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  13. Introduction Architecture User Study Conclusion User Interface Engineering 2017-09-14 Dominik Schürmann Page 10 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  14. Introduction Architecture User Study Conclusion NFC Performance Table: Mean durations (w/ standard deviation) of cryptographic operations (10 experiments per operation). Operation Duration σ Signature calculation 787 . 9 ms 3.18 Decrypt session key 830 . 9 ms 55.86 Transfer existing secret key 711 . 9 ms 32.66 Generate secret key on-token a 9476 . 2 ms 2297.71 a Roughly, only every third key generation succeeded 2017-09-14 Dominik Schürmann Page 11 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  15. Introduction Architecture User Study Conclusion User Study Try new form factor in comparison to smart cards Forge the One Ring in the fires of Mount Doom. 2017-09-14 Dominik Schürmann Page 12 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  16. Introduction Architecture User Study Conclusion User Study Try new form factor in comparison to smart cards Forge the One Ring in the fires of Mount Doom. (a) IC extracted (b) Circular coil (c) 3D printed from NXP as new NFC ring prototype. J3D081. antenna. 2017-09-14 Dominik Schürmann Page 12 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  17. Introduction Architecture User Study Conclusion User Study Study 40 participants from a large company in Germany Password vs NFC card vs NFC ring 2017-09-14 Dominik Schürmann Page 13 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  18. Introduction Architecture User Study Conclusion User Study Design 1. Lab experiment observing setup time, decryption time 2. User survey for analyzing perception Within-group design No comparison with biometric features 2017-09-14 Dominik Schürmann Page 14 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  19. Introduction Architecture User Study Conclusion Performance 250 70 60 200 50 150 40 30 100 20 50 10 0 0 Ring Card Password Ring Card Password (a) Setup time. (b) Decryption time. Figure: Time measurements (in seconds, no outliers, lower is better). 2017-09-14 Dominik Schürmann Page 15 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

  20. Introduction Architecture User Study Conclusion User Perception Card 10% 60% Ring 15% 35% Password 75% 5% 100 50 0 50 100 Percentage Response 3 (Worst) 2 1 (Best) Figure: Aggregated user perception showing the ranking choices in the interview. 2017-09-14 Dominik Schürmann Page 16 of 18 OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Institute of Operating Systems and Computer Networks

Recommend

Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture

Cloud Cryptography Seny Kamara Cryptography Group Microsoft Research Outline Cloud Architecture What is cloud computing? o Cloud Ecosystem Who provides and who consumes cloud services? o Cloud Cryptography What are the security

637 views • 34 slides
SATIRE: A Software Introduction to SATIRE Architecture for Smart Software Architecture

SATIRE: A Software Introduction to SATIRE Architecture for Smart Software Architecture

Presentation Outline SATIRE: A Software Introduction to SATIRE Architecture for Smart Software Architecture Implementation AtTIRE Design Challenges Critique & Comparison Authors: Raghu Ganti, Praveen Jayachandran, Tarek

76 views • 3 slides
Smart metering architecture to enable and simulate novel services in smart grids Edoardo Patti

Smart metering architecture to enable and simulate novel services in smart grids Edoardo Patti

IEEE International Conference on Innovative Smart Grid Technologies Smart metering architecture to enable and simulate novel services in smart grids Edoardo Patti Francesco Arrigo Dept. Of Control and Computer Dept. of Energy Engineering,

1.33k views • 114 slides
FOSDEM 2019 Vincent Breitmoser 1 / 13 Intro I'm Vincent Developer of OpenKeychain OpenPGP

FOSDEM 2019 Vincent Breitmoser 1 / 13 Intro I'm Vincent Developer of OpenKeychain OpenPGP

FOSDEM 2019 Vincent Breitmoser 1 / 13 Intro I'm Vincent Developer of OpenKeychain OpenPGP support in K-9 Mail More holistic approach required 2 / 13 Overview - Goals 1. Make it easy to encrypt e-mail 2. Don't rely on infrastructure 3.

296 views • 13 slides
ECC (Part II) & Smart Contracts Sep. 16, 2019 Overview Cryptography with ECC How to

ECC (Part II) & Smart Contracts Sep. 16, 2019 Overview Cryptography with ECC How to

ECC (Part II) & Smart Contracts Sep. 16, 2019 Overview Cryptography with ECC How to send secret messages Bitcoins Stack Machine scripts Review Limitations Ethereums answer to those limitations

1.27k views • 58 slides
Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why

R. van der Gaag, D. Weller Incorporating Post-Quantum Cryptography in a microservice architecture Research Project 2 Why think about post-quantum cryptography W. Buchanan et. al concluded Gate-based quantum computers pose a significant

349 views • 18 slides
Smart Grid Architecture Demonstrations Presentation for EPIC Symposium December 1, 2016

Smart Grid Architecture Demonstrations Presentation for EPIC Symposium December 1, 2016

Smart Grid Architecture Demonstrations Presentation for EPIC Symposium December 1, 2016 Sacramento, CA Smart Grid Architecture Demonstration Gabriel Leggett Electrical Engineer P.E. Project Technical Lead SDG&E EPIC Communication

520 views • 15 slides
The Evolving Architecture of the Web Nick Sullivan Head of Cryptography CFSSL Universal SSL

The Evolving Architecture of the Web Nick Sullivan Head of Cryptography CFSSL Universal SSL

The Evolving Architecture of the Web Nick Sullivan Head of Cryptography CFSSL Universal SSL Keyless SSL Privacy Pass Geo Key Manager Recently Standards work TLS 1.3 C on peting Goals make browsing more performant private HTTP DNS

789 views • 77 slides
Hardware-based Cryptography Smart cards, YubiKeys & more Karol Babioch Security Engineer

Hardware-based Cryptography Smart cards, YubiKeys & more Karol Babioch Security Engineer

Hardware-based Cryptography Smart cards, YubiKeys & more Karol Babioch Security Engineer kbabioch@suse.de Rationale - Computers running general purpose software can be compromised hacked Offline-access, etc. -

619 views • 26 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Exelon Smart Grid Multi-Service Communications Architecture Do Doug Mc McGi Ginnis 4/ 4/5/

Exelon Smart Grid Multi-Service Communications Architecture Do Doug Mc McGi Ginnis 4/ 4/5/

Exelon Smart Grid Multi-Service Communications Architecture Do Doug Mc McGi Ginnis 4/ 4/5/ 5/13 Smart Grid (Generation 1) Grid Automation is not a new concept SCADA/AMR functions have been around for years Smart Grid is the embodiment

514 views • 28 slides
Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts Yashar Dehkan

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts Yashar Dehkan

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts Yashar Dehkan Asl Chapter I Introduction Decentralized Cryptocurrencies: Such as Bitcoin and altcoins are getting more popular Blockchain Technology: These

734 views • 26 slides
A cloud robotics architecture for an emergency management and monitoring service in a smart city

A cloud robotics architecture for an emergency management and monitoring service in a smart city

A cloud robotics architecture for an emergency management and monitoring service in a smart city environment G. Ermacora, A. Toma, B. Bona, M. Chiaberge, M. Silvagni, M. Gaspardone, R. Antonini Fly4smartcity Cloud computing + UAV (Smart) city

511 views • 14 slides
Security Architecture for the Smart Home Jacob Fahrenkrug, CTO at yetu AG

Security Architecture for the Smart Home Jacob Fahrenkrug, CTO at yetu AG

Security Architecture for the Smart Home Jacob Fahrenkrug, CTO at yetu AG jacob.fahrenkrug@yetu.com http://yetu.com twitter: @yetuAG, @jacobfahrenkrug 2 Definition of Smart Home 3 Smart Home is not home automation! 4 5 6

243 views • 23 slides
The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of OpenCard Pascal Paillier CryptoExperts Real World Crypto 2015 Jan 2015 Real World Crypto 2015 Jan 2015 What are Smart Cards? Real World

968 views • 51 slides
Smart by Design and Intelligent by Architecture for turbine blade fan and structural components

Smart by Design and Intelligent by Architecture for turbine blade fan and structural components

Smart by Design and Intelligent by Architecture for turbine blade fan and structural components systems This project has received funding from the European Unions Horizon2020 research and innovation programme under grant agreement n.

332 views • 11 slides
A SIMULATION-BASED ARCHITECTURE FOR SMART CYBER- PHYSICAL SYSTEMS THOMAS GABOR, LENZ BELZNER,

A SIMULATION-BASED ARCHITECTURE FOR SMART CYBER- PHYSICAL SYSTEMS THOMAS GABOR, LENZ BELZNER,

A SIMULATION-BASED ARCHITECTURE FOR SMART CYBER- PHYSICAL SYSTEMS THOMAS GABOR, LENZ BELZNER, MARIE KIERMEIER, MICHAEL TILL BECK, ALEXANDER NEITZ LMU MUNICH INSTITUTE FOR INFORMATICS SMART CYBER-PHYSICAL SYSTEMS E.g. autonomous factories,

349 views • 19 slides
Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M,

Karlstad University Basic Cryptography Ge Zhang What is Cryptography Cryptography Cryptosystem: 5-tuple (M, C, E, D, K) M: the set of plaintexts C: the set of ciphertexts E: M x K -> C enciphering functions D: C x K

446 views • 40 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
Technologies for the Smart Grid Smart Power Grid Technology Conference Dr. William Kao May 12,

Technologies for the Smart Grid Smart Power Grid Technology Conference Dr. William Kao May 12,

Technologies for the Smart Grid Smart Power Grid Technology Conference Dr. William Kao May 12, 2011 Agenda Smart Grid : what is it? Three important elements towards achieving SM: Architecture, Communications, Technology Five key SG

161 views • 15 slides
Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do?

PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Stefan Klbl June 20th, 2017 DTU Compute, Technical University of Denmark Symmetric Key Cryptography Introduction to Symmetric Key Cryptography What can we do? Authentication

711 views • 47 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

322 views • 11 slides
Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and

Cryptography Cryptography Concepts and Terminology Security Concepts Cryptography Concepts and Terminology Cryptography Concepts Cryptography Notation and Terminology Cryptography School of Engineering and Technology CQUniversity

453 views • 11 slides
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy

Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Lecture 4 Page 1 CS 236 Online Cryptography and Secrecy Pretty obvious Only those knowing the

303 views • 15 slides

More recommend