ZeroInteraction Authentication零交互认证.pptVIP

Zero-Interaction Authentication April 15, 2003 Mark D.Corner, Brian D. Noble Presented by Seong Oun Hwang Introduction Motivation Identification of Problems Mobile devices (e.g. laptops) are susceptible to loss,theft and contain sensitive data. For securing data on a laptop’s disk, decryption key supplied at login time is retained by the laptop for later use, but still vulnerable. Security requires frequent re-authentication, but this limits usability and encourage users to disable security options. Idea How to provide effective file encryption without degrading both usability and performance? “Zero-Interaction Authentication” Introduction of ‘token’ carried by users For usability, infrequent re-authentication between a user and a token For performance, encryption and decryption of files are made on laptop, not on token. The token keeps key-encrypting keys, and the laptop contains file keys. Architecture of ZIA Architecture of ZIA Architecture of ZIA Design Perspectives of ZIA Trust and Threat Model Protection against attacks involving physical possession of a laptop or proximity to it Protection against exploitation of the wireless link between the laptop and token Support of data sharing within a domain No protection against a trusted but malicious user No protection for remote users Design Perspectives of ZIA Key-Encrypting Keys Administrative authority assigns a user key Ku, to each user; a group key Kg to each group; a world key Kw to each machine. Each laptop encrypts data under some symmetric key, Ke, generated at token. Ke is stored on each machine as Ku(Ke) encrypted under some key-encrypting key, Ku. If a file is accessible by members of its owning group, Kg(Ke) is also stored. Kw(Ke) would be stored for files that are world-accessible. Design Perspectives of ZIA Token Vulnerabilities Since the token is worn by a user, it is more physically secure than a laptop. In case of token loss, possible extraction of key-encrypting keys should be avoided