Content C t t

ECOM 6031 Project Part 1 Information Solving Enterprise Security Problem with Hardware/Software Hybrid Solution
Dr Lucas Hui (CYC307, 28592190, hui@cs.hku.hk)

Motivation Hardware Platforms Example systems

Motivation M ti ti
Cryptographic research seldom addresses execution environment (e.g. (e g hardware or software) Hardware environment provides better security

Motivation M ti ti (2)

Try to design systems

Combining Hardware and Software Design easy-to-deploy hardware (e.g. mobile phone) Aim to derive formal proof with System assumptions ( y p (Hardware) and ) Cryptographic assumptions (Software) Try to implement advanced cryptographic/security techniques

In particular: key s o age pa cu a ey storage

Higher costs M More difficult to deploy diffi lt t d l Therefore

3

Hardware Platform 1:

Hardware Platform 2:

Mobile Phone
IMEI : International Mobile Equipment Identity (unique ID) SIM card: unique phone number to receive message (in particular SMS) Alternative co te at e communication c a e u cat o channel (GSM/3G Vs Internet) Additional features: GPS / camera, camera external mini-SD card, etc.

JavaCard

A smart card design

A convenient token form Tamper-resistant device

A small program (J ll (Java C dl t) can b Cardlet) be loaded to the card to execute

JavaCard is like a micro-computer

No display/input/clock A lot of cryptographic functions are available on JavaCard

Example systems

Mobile Aided Mobile-Aided Encrypted Web File System

Mobile h M bil phone

Mobile-Aided Encrypted Web File System Mobile-Aided Encrypted USB/PC File System y SMS-Aided Authentication System Encrypted Web File System using JavaCard

Javacard

Encrypted PC File System using JavaCard JavaCard-based Secret Communication System (JSCS)

Encrypted fil are stored on W b E d files d Web When PC is connected to a Mobile PC is able to decrypt and display files from Web after getting a key from g g y Mobile If PC is disconnected from the Mobile Files cannot be decrypted on ClientSide Demo is available
8

Mobile-Aided Encrypted Web File System yp y (Unsuccessful Decryption)

Mobile-Aided Encrypted Web File System (Successful Decryption)

10

Mobile-Aided Encrypted Web File System

(Full system of the demo)

Mobile-Aided Mobile Aided Encrypted USB/PC File System

1. Keys stored i 1 K d in server, sent via SMS 2. Mobile and PC connected via t d i USB or Bluetooth
11

1. SMSKeyManagement 2. Integratewithopen sourcesoftwareTrueCrypt 2 Integrate with opensource software TrueCrypt 3. UsingGPS onlydecryptfilesathome,officeor selectedplaces
12

SMS-Aided Authentication System

1. Mutual Authentication A th ti ti 2. Against Man-inthe-Middle Attack th Middl Att k 3. With formal Proof

Examples of J E l f Javacard application (1) d li ti

Encrypted Web File System using JavaCard E t d W b Fil S t i J C d 1. Fordataprotection 2. UseJavaCard(akindofCryptoSmartcard)ashardwaretoken 3. Reauthentication &authentication 4. DoubleEncryption(SessionKeyandProgramKey) 5. DelegationofAccessRightincaseofLostCard (EnforceSecurityPolicy)

Internet

13

14

Examples of J E l f Javacard application (2) d li ti

Encrypted PC File System using JavaCard 1. Use JavaCard as Hardware Token 2. However, 2 However Javacard can provide more cryptographic computation than a fixed token.

Examples of J E l f Javacard application (3) d li ti

JavaCard-based Secret Communication System (JSCS)
* MSN Messenger sent messages over the Internet in plaintext form

1. 2. 3. 4.
15

UseJavaCard ashardwaretoken Amessagingsystem:Chatroom modeandPrivatemode BrowserbasedwithJavaapplet ProvideCommunicationLoggingfacilities

16

JSCS - D Demonstration t ti
Flow: 1. Cli Client goes online t li 2. Client sends a secret message to all other online users 3. Client sends a secret message to g some online users 4. Client goes offline 4 5. Check the server-side clients communication records
17

JSCS - D Demonstration t ti
1.

Client goes online

18

JSCS - D Demonstration t ti
1.

JSCS - D Demonstration t ti
2.

Client goes online (contd)

Client sends a secret message to all other online users

19

all l ll or leave it blank also bl k l means send to all other online users

20

JSCS - D Demonstration t ti
2.

JSCS - D Demonstration t ti
3.

Client sends a secret message to all other online users (contd) (cont d)

Client sends a secret message to some online users

21

22

JSCS - D Demonstration t ti
3.

JSCS - D Demonstration t ti
4.

Client sends a secret message to some online users (contd) (cont d)

Client goes offline

23

24

JSCS - D Demonstration t ti
5.

Q&A
Thank you!

Check the ser er side clients server-side communication records

Note that all the en/decryption is done y by the connected Javacard

25

26