Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey

Ryan Lackey http://www.metacolo.com/

Dynamic Locations:Secure Mobile Services Discovery and Dynamic Group Membership

Ryan Lackey<[email protected]>

www.metacolo.com


Who?

Interest in “cypherpunk” technologies from 1992 to present, particularly anonymized communications, agents, and electronic cash

Ultimate goal: anonymous secure infrastructure from end to end: clients, servers, networks, pro

Founded HavenCo/ran 2000-2002 metacolo: offshore colo in 9 markets, related

projects, including secure mobile systems


Introduction

Lots of work has been done to network fixed equipment, and to secure fixed network connections, but most mobile apps are just slightly modified versions of fixed applications

Most mobile networked systems have simplified security models; some link security but little application specific security end to end

Fundamentally new kinds of applications are possible with secure mobile systems


Fundamental Constraints

Power and bandwidth limited Many nodes in continual motion and

appear/disappear rapidly Much infrastructure is closed and

long cycles to upgrade and deploy UI complicated by devices and use

cases (user attention not dedicated)


Platform

HP/Compaq iPaq running Linux Laptops running Linux and FreeBSD 802.11b and 1xRTT IP-based

communications Open systems for easy

development, python for rapid development


Applications of Interest

“Matchmaking” – letting parties meet with similar interests meet up

Secure messaging (communications and message-based low-overhead protocols, including payment systems)

Secure streams (VoIP, VPN)


“Matchmaking”

Demo app is letting people define a set of interests, then announce to the world, without risk of being “interrogated” by third parties

Useful for service discovery too – announce that you’re running certain services to others in the set, but not to the public (RIAA, MPAA, Government, etc)

Attestations, with optional protection from traffic analysis as well


Secure short messages

Text messaging Much easier technically than

streams Store/forward possibility Also useful for many protocols,

either in two way or polled mode


Streams

Voice over IP is key market – encrypted cellphone using low-bandwidth channel (1xRTT or HSCSD GSM) and anonymization of calls


Interaction models

True peer to peer “Security proxy” or user

selected/operated operational server Centralized client-server operated by

application developers Centralized client-server operated by

communications providers


Existing p2p systems

Generally designed for high bandwidth media sharing with minimal anonymity layered over existing IP networks

Not really designed for interactive communication


Existing mobile client-server systems Designed with link encryption to the

wireless hub, or to the server Closed development environment

controlled by mobile companies Hard for users and application

developers to really trust the security model


Early mobile p2p systems

“lovegety” – a system to use RF to share information about membership in certain groups

Subject to “trawling”, direction finding attacks, and “corraling” small numbers of users to identify


Security Implications

Confidentiality, Integrity, Authentication solvable through traditional systems

Traffic analysis is the hard problem Complete undetectability of special

traffic Of course, reliability, availability, etc. are

still major concerns, and special mobile constraints


Policy Implications

Centralized systems vulnerable to technical or legal attack

Who to trust – communications provider, applications provider?

Trust is essential to enabling certain applications


Central Mediation

Servers trusted by some party to take all communications and retransmit

Defeats firewalls/proxies/NAT as well as provides protection from traffic analysis

Persistence; can buffer communications for users with intermittent connectivity


True Peer to Peer Cryptographic Systems Computationally intensive on client Bandwidth intensive; may only be

able to send single bits! Generally can put user into a

“collusion set” but unless set is large, elimination can identify user


Covert channels for mobile use Masking using pre-recorded traffic Sniffing and simulating MITM “Design for MITM” – Dining

Cryptographer’s Networks, etc.


Dining Cryptographer’s Network

Due to David Chaum, described at http://cypherpunks.venona.com/date/1992/12/msg00107.html

Multiple parties can communicate without revealing to one another which is initiating the communications


Anonymizing remailers as model Store and forward messaging with

latency added Complicated due to node

unreliability Send out multiple messages;

tradeoff of bandwidth waste vs. latency vs. reliability


Current solution

Communications with a trusted server using fixed-rate messaging (tuned for bandwidth)

Inter-server communications, allowing users to select “security proxy servers” to act on their behalf, optionally running servers themselves


Conclusions

Mobile-specific (more properly, dynamic) security is a very hard problem

Key is finding applications which fit currently available technology – message based, with secure service discovery


Future work

Develop an application developer’s toolkit with service discovery on top of secure message-passing and streams systems

“Killer apps” of VoIP and mobile payment – good stream based systems

Documents

Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey