Systems and Algorithms for Smartphones Improved Security and - - PowerPoint PPT Presentation

Systems and Algorithms for Smartphones Improved Security and Usability

—— University of Perugia Perugia, Italy, March 28, 2011 Mauro Conti

Vrije Universiteit Amsterdam Amsterdam, The Netherlands mconti@cs.vu.nl http://www.cs.vu.nl/˜mconti

1 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Outline

1

Introduction

2

CRePEdroid: Context-Related Policy Enforcement for Android

3

Transparent Smartphone User Authentication

4

Other Ongoing Research Projects

5

Ready For Take Off?

2 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Outline

1

Introduction

2

CRePEdroid: Context-Related Policy Enforcement for Android

3

Transparent Smartphone User Authentication

4

Other Ongoing Research Projects

5

Ready For Take Off?

3 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Smartphones Usage

4 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Smartphones Usage

5 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Why Android?

The Android platform: Support the application developer with low-level features Fine-grained security permissions bundling with applications Open source Very popular

6 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Android Architecture

7 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Android in a slide

Application Framework Components: Activity, Service, Content Provider, Broadcast Receiver Security: (1) Application isolation (kernel), (2) ICC Ref. Monitor provides MAC Permissions: (1) all-or-nothing, (2) once granted, no revocation or constraints Permission Levels: normal, dangerous, signature, signature or system

8 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Moving Forward

Research. What are we looking for? Original Idea...

(it seems) we all have many better if (at a point) it soves a concrete/important problem

why the state of the art does not solve the problem?

Thourough Analisys and Investigation! An example? Well... probably you need Google to search for it!

9 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Outline

1

Introduction

2

CRePEdroid: Context-Related Policy Enforcement for Android

3

Transparent Smartphone User Authentication

4

Other Ongoing Research Projects

5

Ready For Take Off?

10 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Authorization Policy

Constraints on phone functions over the phone (e.g. Bluetooth, Camera, WiFi) Constraints on access by external systems or by the user

11 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Context-Related Policy

Context defined by the status of different system variables (time, location, presence of the user, interaction from the user, etc.)

high level contexts are also possible (e.g. is the user running? is the user alone in the room?)

Policy specifying access constraints over system functions (e.g. camera, bluetooth, etc.) depending on the context Typically defined at run-time

12 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Examples

Policy examples Bluetooth communication enabled only at home or in the office Friend profile, employee profile Camera disabling in museums, Silent mode in meeting rooms Flight mode

13 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Related Work

Security enforcement at install time

Kirin 1, it does not support context-related run-time policies

Security enforcement at run time

Concept of Dynamic in Access Control 2 Saint, Secure Application Interaction 3, allows run-time application (non user) policies enforcing—e.g application A can define: (1) which apps can access A’s interfaces, (2) how, (3) select at run time if using interface of B

• r C

Apex 4 extends Android permissions with run time constraints—not system wide, no policy set at run time, no 3rd party policies, weak overhead evaluation Taintdroid 5 traces information handled by applications

1[W. Enck et al. CCS ’09] 2[V. Rao and T. Jaeger, SACMAT ’09] 3[M. Ongtang et al., ACSAC ’09] 4[M. Nauman et al., AsiaCCS ’10] 5[W. Enck et al., OSDI ’10]

14 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

CRePEdroid — Context-Related Policy Enforcement6

Context-Related policies—with a system scope Specified by

Users Trusted Third Party (i.e. Developer, Government, Employer, Device manufacturer, Network Operator, etc.)

Dynamically enforced and dynamically specified

6Mauro Conti, Vu Thien Nga Nguyen, and Bruno Crispo. CRePE: Context-Related Policy Enforcement

for Android. (ISC 2010 - Springer LNCS), to appear, Boca Raton, FL, USA, October 25 - 28, 2010. - (acceptance rate 22/134 - 16.41 %)

15 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

CRePE — Definitions

Context: defined by condition(s) on attributes. A context is active if the condition is verified Policy: How the phone acts in the context. Set of rules Rule: < resource,Allowed|Denied > (e.g. R =< CAMERA,denied >) Resource

Phone functionalities (e.g. Bluetooth, Camera, WiFi, etc.) Applications, components

16 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

CRePE — Policy Conflicts Resolution

Rules might specify conflicting behaviour Labels and MAC to regulate policy/rule priority Labels relations: L1 > L2 > L3

L1 = Government L2 = Trusted Party L3 = User

Conservative approach:

Denied > Allowed Deny as default

17 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

CRePE — Architecture

Policy Provider Policy Manager CRePE Permission Check Action Performer Context Detector User Interactor Trusted Party Interactor

18 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Policy Provider

Database to store contexts and policies Embedded inside the Android middleware

19 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Policy Manager

Manage active contexts Set of active rules Conflict resolution Update information in Policy Provider

20 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Context Detector

Time: system timer Location:

GPS: Accurate but slow, consume much energy

Easy to extend to other context sensors (i.e. movement, connectivity, etc.)

21 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

CRePE Permission Check

Hooks before Android Permission Checks CRePE Check based on the set of active rules

22 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Action Performer

When the set of active rules is updated: Stop running applications prohibited by the set of active rules Start applications Airplane Mode

23 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

User Interactor

Support operating on contexts and policies Android application Authentication by password

24 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Trusted Party Interactor

Support remote policy and context administration

SMS messages

Authentication

Trust the network carrier PKI

25 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Security Evaluation

Reduce the number of allowed accesses Not reduce security

26 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Overhead Evaluation

CRePE Permission Check Context Detector Trusted Party Interactor

27 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Overhead — Permission Check

Depend on the number of active rules Time overhead is small

28 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Overhead — Context Detector

Investigated: Time overhead when activating or deactivating contexts Depending on the current configuration Experimental configuration

2 active contexts, 10 rules each, no conflict new context with 10 rules, 5 conflicts

Result

Operation Execution Time (millisecond) Context activation 72.487± 19.743 Context deactivation 42.942± 4.536

Time overhead is small

29 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Overhead — Interaction

20 40 60 80 100 120 140 User Sms Time overhead (milliseconds) Interaction type CRePE core User interface Sms interface

30 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Overhead — Trusted Party Interactor

Operate on contexts and policies Time overhead: depend on the operation and the current configuration Experimental configurations

Scenario 1: similar to the previous experimental configuration, activate the context Scenario 2: deactivate the context Scenario 3: add a new context (not enable, not set up context detector) Scenario 4: add a new rule to an inactive policy (not update the set of active rule) Scenario 5: enable a context defined by time and location (need to set up context detector)

31 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Overhead — Trusted Party Interactor

Scenario SMS Processing (millisecond) Action Performing (millisecond) Total Time (millisecond) 1 20.610± 4.895 55.279± 4.875 75.890± 5.295 2 21.329± 3.629 42.942± 4.536 64.271± 4.971 3 23.488± 4.037 44.835± 10.447 68.323± 10.827 4 26.648± 6.777 49.533± 8.627 76.181± 12.107 5 28.900± 9.135 37.273± 6.609 66.173± 10.781

Time overhead is small Authentication and authorization increase time for SMS processing

Combining several operations in one SMS decreases the time for SMS processing per operation Ad-hoc certificate format

32 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Response Time

User Interactor: Operate on contexts and policies Response time: depend on the operation and the current configuration Experimental configurations: similar to the previous experiment Result

Scenario Response Time (millisecond) 1 116.162± 13.222 2 92.204± 13.411 3 67.880± 8.789 4 45.151± 4.276 5 38.669± 2.096

Response time is small

33 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Overhead — Energy Consumption for Context Detector

Time and location Polling for the phone’s position: energy overhead Open Issue Improved by using A-GPS and accelerometer Passive RFID tags

34 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

CRePEdroid Conclusion

CRePE

Enforce context-related policies Context detecting User and trusted parties interactions

Experiments

Feasible

35 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Future Work

Reduce energy overhead of Context Detector and addition of new context sensors

Accelerometer, NFC, camera, battery, etc. More general notion and representation of Context

Additional mechanisms for remote administration with trusted parties

Bluetooth, NFC, WiFi

Resolution for non trivial context conflicts

36 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Links

If you want more info on CRePEdroid

http://www.crepedroid.org/crepedroid.html

If you want to see a demo

http://www.crepedroid.org/demo.mp4

If you want to play with or use it (source code)

http://sourceforge.net/projects/crepedroid/

37 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Outline

1

Introduction

2

CRePEdroid: Context-Related Policy Enforcement for Android

3

Transparent Smartphone User Authentication

4

Other Ongoing Research Projects

5

Ready For Take Off?

38 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Introduction

Smartphones store private data

e.g. SMS, emails, contacts, notes, documents, log-in credentials, . . .

can leak information in other ways too

do you want anyone being able to answer your calls? are you sure about the identity of the person you communicate with?

Classic authentication (e.g. pin, password, graphical password) and locking (e.g. keypress sequence)

non transparent non secure (cameras, shoulder surfing, smudge attack, . . . )

39 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Introduction

Biometrics might increase security, but Behavioral Biometrics

(e.g. walking pattern gait, keystroke dynamics, voice recognition) take too long

Physiological Biometrics

(e.g. fingerprint, acoustic ear, and face recognition) influenced by external factors, non transparent, require additional hardware

40 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Introduction: Motivations

We propose 7 a new biometric measure to authenticate the user of a smartphone when she answers or places a call transparently with the devices already available on smartphones

Accelerometer Sensor (Sa): values of contact forces Orientation Sensor (So): values of angles in degrees

7Mauro Conti, Irina Zachia-Zlatea, and Bruno Crispo. Mind How You Answer Me! (Transparently

Authenticating the User of a Smartphone when Answering or Placing a Call). (ACM SIGSAC ASIACCS 2011), to appear, Hong Kong, March 22-24, 2011 - (acceptance rate 35/217 - 16.12 %)

41 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Intuition Assessment

• 12
• 10
• 8
• 6
• 4
• 2

2 4 6 200 400 600 800 1000 1200 1400 1600 1800 Acceleration on x-axis of the phone Time (ms) Pattern 1 Pattern 2 Pattern 3 Pattern 4 Pattern 5

User 1

• 10
• 8
• 6
• 4
• 2

2 4 200 400 600 800 1000 1200 1400 1600 1800 Acceleration on x-axis of the phone Time (ms) Pattern 1 Pattern 2 Pattern 3 Pattern 4 Pattern 5

User 2

42 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

DTW-Distance (DTW-D)

Each movement pattern is represented as a time series Result ∈ ℜ, represents a distance measure

Smaller the result, higher the similarity

Training phase

T training patterns (ti, i = 1 . . . T) Each pattern is compared with all the others The maximum distance value (maxDist) is computed and stored

Recognition phase

The new pattern is compared to each of the T training patterns, resulting in T different di similarities User is accepted iff

|{di|di < maxDist +τD,i = 1...T}| >

T 2

43 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

DTW-Similarity (DTW-S)

Each movement pattern is represented as a time series Result ∈ ℜ, represents the percentage of similarity

Higher the result, higher the similarity

Training phase

T training patterns (ti, i = 1 . . . T)

Recognition phase

The new pattern is compared to all training patterns The average avgSimilarity of the resulting di is computed User is accepted iff

(avgSimilarity ≥ τS)

44 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Boolean Combination

4 Basic Methods (applying DTW-D or DTW-S to Sa or So), each with FAR - False Alarm Rate (legal users erroneously rejected) IPR - Impostor Pass Rate (impostors erroneously accepted) AND combination: IPR ≤ min{IPRA,IPRB}; FAR ≥ max{FARA,FARB} OR combination: IPR ≥ max{IPRA,IPRB}; FAR ≤ min{FARA,FARB}

45 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Non Boolean Combination

Intuition: to leverage information on how close is the similarity to the threshold

not just 0/1 (accept/reject)

say we have two similarity, mA and mB, for two different basic methods Combining two methods:

(αmA +β mB) ≥ ˆ τ,

Combining four methods:

(αmA +β mB +γmC +δ mD) ≥ ˆ τ,

46 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Non Boolean Combination: Normalized DTW-D

r = (maxDist +τD)−∑

T i=1 di/T

(maxDist +τD)

Figure: Normalized output for DTW-D.

r > 0, if (∑

T i=1 di/T) < (maxDist +τD);

r < 0, if (∑

T i=1 di/T) > (maxDist +τD);

r = 0 if (∑

T i=1 di/T) = (maxDist +τD).

47 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Non Boolean Combination: Normalized DTW-S

r = ∑

T i=1 si/T −τS

τS

Figure: Normalized output for DTW-S.

48 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Experiments settings

500 movement patterns (10 users, 50 patterns each) Google Android Dev 1 Phone (HTC Dream) Evaluations

DTW-D with Sa; DTW-D with So; DTW-S with Sa; DTW-S with Sa Boolean and Non-Boolean combination Varying T and τ

Metrics: FAR and IPR

49 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

A Basic Method: DTW-D-So, varying T

10 20 30 40 50 2 4 6 8 10 12 14 16 18 20 Rate(%) T 1000 3000 5000 7500 10000 12500 15000 17500 20000

FAR

1 2 3 4 5 6 7 2 4 6 8 10 12 14 16 18 20 Rate(%) T 1000 3000 5000 7500 10000 12500 15000 17500 20000

IPR

50 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Basic Methods: Best Performances

20 40 60 80 100 DTW-D-Sa DTW-S-Sa DTW-D-So DTW-S-So Rate(%) Methods IPR FAR Method

τ

T IPR FAR DTW-D-Sa 6 13.1111 23.6666 DTW-S-Sa 58 20 12.8888 20.6666 DTW-D-So 20 4.4444 9.3333 DTW-S-So 14 20 32.0000 19.6666

Table: Parameters for methods comparison.

51 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Non-Boolean Combination

We were able to observe both FAR and IPR improvement, at the same time! (DTW-D-So, DTW-S-Sa, ˆ

τ=0)

20 40 60 80 100

• 0.5

0.0 0.5 1.0 Rate (%) τ IPR FAR 52 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Transparent Authentication Conclusion

A new biometric feature Good recognition rates while being transparent and suitable for mobile devices Single method: IPR ∼ 4.5% , FAR ∼ 9.5% Combined Methods: IPR ∼ 2.5% , FAR ∼ 8% Other Methods:

Gait (walking pattern): IPR ∼ FAR ∼ 7%, cons: user has to walk Keystroke Dynamics: IPR ∼ FAR ∼ 12.8%, cons: low recognition rates Acoustic Ear Recognition: IPR ∼ FAR ∼ 5%, cons: external devices

Performed specific tasks: blocks the phone if a stranger answers it; identify which of the specific authorized users is actually using the phone. With compromising transparency, it can also be used as a general authentication mechanism or even just keyboard unlocking mechanism

53 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Future Work

More thoroughly experiments More: users, patterns, devices, mobility constraints Investigate other recognition algorithms (e.g. Support Vector Machines) Investigate other combining methods Time overhead optimization Combine with other recognition methods (e.g. acoustic ear recognition) Forensics applications

54 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Yes, you can help us collecting further data!

You can install our (Android) app for collecting data by scanning this qr-code More info e instructions here: http://www.crepedroid.org/authentication.html Thanks!

55 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Outline

1

Introduction

2

CRePEdroid: Context-Related Policy Enforcement for Android

3

Transparent Smartphone User Authentication

4

Other Ongoing Research Projects

5

Ready For Take Off?

56 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Other Ongoing Research Projects

Optimizing the Smartphone User Browsing Experience Privacy in Location Based Services8 Smartphone Forensics Context Privacy in Wireless Sensor Networks9 Virtual Private Social Network10

8 Stefano Ortolani, Mauro Conti, Bruno Crispo, and Roberto Di Pietro. Events Privacy in WSNs: a New

Model and its Application. (IEEE WoWMoM 2011), to appear, Lucca, Italy, June 20-24, 2011.

9 Mauro Conti, Bruno Crispo, Roberto Di Pietro, and Luciana Marconi. Time Warp: How Time Affects

Privacy in LBSs. Threats and countermeasures. (ICICS 2010 - Springer LNCS), to appear, Barcelona, Spain, December 15-17, 2010 - (acceptance rate 31/134 - 23.13 %)

10 Mauro Conti, Arbnor Hasani, and Bruno Crispo. Virtual Private Social Networks. (ACM SIGSAC

CODASPY 2011), to appear, San Antonio, TX, USA, February 21-23, 2011 - (acceptance rate 21/69 - 30.43 %)

57 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Other Ongoing Research Projects

FaceVPSN (http://www.few.vu.nl/˜mconti/FaceVPSN.html) Setup of FaceVPSN Browsing via FaceVPSN Before using FaceVPSN After using FaceVPSN

58 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Outline

1

Introduction

2

CRePEdroid: Context-Related Policy Enforcement for Android

3

Transparent Smartphone User Authentication

4

Other Ongoing Research Projects

5

Ready For Take Off?

59 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Ready For Take Off?

Would you like to partake in the design of game-changing research and technology?

60 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Ready For Take Off?

We are willing to collaborate with you... Discussing about research problems and solutions Supervising your Master Thesis in one of the topics of interest we expect you to be: strongly motivated and committed to work (programming skills also required) supervisors: Prof. Pinotti (internal), Dr. Conti and Prof. Crispo (external) this requires you to work in our lab in Amsterdam during your thesis What about a PhD program?

61 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Ready For Take Off?

Example of MSc projects (more info here http://www.crepedroid.org.html/msc prj.html):

Context Sensors High Level Context Sensors Context Based Messaging System NFC for Items Tracing NFC for Cloud Authentication

62 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Ready For Take Off?

Example of MSc projects (more info here http://www.crepedroid.org.html/msc prj.html):

Transparent User Authentication via Movement Sensors Transparent User Authentication via Ear Shape Recognition Web caching for Mobile Users SecureBoot with ARM TrustZone

63 / 64 Systems and Algorithms for Smartphones Improved Security and Usability

Questions?

http://www.crepedroid.org mconti@cs.vu.nl http://www.cs.vu.nl/˜mconti

64 / 64 Systems and Algorithms for Smartphones Improved Security and Usability