Personal PKI for the Smart Device Era

  • John Lyle
  • Andrew Paverd
  • Justin King-Lacroix
  • Andrea Atzeni
  • Habib Virji
  • Ivan Flechais
  • Shamal Faily
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7868)

Abstract

As people use an increasing number of smart devices for their everyday computing, it is surprising that these powerful, internet-enabled devices are rarely connected together to create personal networks. The webinos project is an attempt to make this possible so that resources can easily be shared between devices, regardless of the operating system or network they are using. However, increased connectivity raises a number of security and privacy issues, and in this paper we introduce a public key infrastructure designed to be suitable for personal computing across multiple devices. We recognize the need for our PKI to work on both mobile and home networks, use existing online user identities and take into consideration the different interaction styles found on smart devices in different form factors. We propose a set of principles for personal key infrastructures, describe our implementation and outline how it mitigates common threats and issues.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Kinkelin, H., Holz, R., Niedermayer, H., Mittelberger, S., Carle, G.: On Using TPM for Secure Identities in Future Home Networks. Future Internet 3(1), 1–13 (2011)CrossRefGoogle Scholar
  2. 2.
    Müller, A., Kinkelin, H., Ghai, S.K., Carle, G.: An assisted device registration and service access system for future home networks. In: 2nd IFIP Wireless Days, pp. 1–5. IEEE (December 2009)Google Scholar
  3. 3.
    Mitchell, C.J., Schaffelhofer, R.: Chapter 3 - The Personal PKI. In: Security for Mobility. Institution of Engineering and Technology, pp. 35–61 (2004)Google Scholar
  4. 4.
    SHAMAN Project: Deliverable 13, work package 3 (November 2002), http://www.isrc.rhul.ac.uk/shaman/docs/d13a3v1.pdf
  5. 5.
    Niemegeers, I., Heemstra de Groot, S.: From Personal Area Networks to Personal Networks: A User Oriented Approach. Wireless Personal Communications 22, 175–186 (2002)CrossRefGoogle Scholar
  6. 6.
    Jehangir, A., Heemstra de Groot, S.M.: Securing Personal Network Clusters. In: Proceedings of the Third International Conference on Security and Privacy in Communication Networks, SecureComm, pp. 320–329 (2007)Google Scholar
  7. 7.
    Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: Detecting Privacy Leaks in iOS Applications. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, NDSS. The Internet Society (February 2011)Google Scholar
  8. 8.
    Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM conference on Computer and Communications Security, CCS 2011, pp. 639–652. ACM (2011)Google Scholar
  9. 9.
    UPnP Forum: UPnP Device Protection Service. Technical report, UPnP Forum (2011)Google Scholar
  10. 10.
    Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of pgp 5.0. In: Proceedings of the 8th USENIX Security Symposium, SSYM 1999, p. 14. USENIX Association, Berkeley (1999)Google Scholar
  11. 11.
    International Telecommunication Union: ITU-T Recommendation X.1112 — Device certificate profile for the home network. Technical report, ITU (2007)Google Scholar
  12. 12.
    Baugher, M., Lortz, V.: Home-Network Threats and Access Controls. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 217–230. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Ford, B., Strauss, J., Lesniewski-Laas, C., Rhea, S., Kaashoek, F., Morris, R.: Persistent Personal Names for Globally Connected Mobile Devices. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI 2006, pp. 233–248. USENIX Association, Berkeley (2006)Google Scholar
  14. 14.
    Kubota, A., Miyake, Y.: Autonomous DNSSEC: Secured Pseudo DNS Domains for Personal Networks. In: 2010 IEEE GLOBECOM Workshops (GC Wkshps), pp. 1576–1580 (December 2010)Google Scholar
  15. 15.
    International Telecommunication Union: ITU-T Recommendation X.1111 — Framework of security technologies for home network. Technical report, ITU (2007)Google Scholar
  16. 16.
    International Telecommunication Union: ITU-T Recommendation X.1121 — Framework of security technologies for mobile end-to-end data communications. Technical report, ITU (2004)Google Scholar
  17. 17.
    The webinos consortium: User expectations of security and privacy phase 2 (September 2011), http://webinos.org/blog/2011/11/01/webinos-repot-user-expectations-of-security-and-privacy-phase-2/
  18. 18.
    Chia, P.H., Yamamoto, Y., Asokan, N.: Is this App Safe? A Large Scale Study on Application Permissions and Risk Signals. In: Proceedings of WWW 2012: The World Wide Web Conference (April 2012)Google Scholar
  19. 19.
    Lyle, J., Faily, S., Fléchais, I., Paul, A., Göker, A., Myrhaug, H., Desruelle, H., Martin, A.: On the design and development of webinos: A distributed mobile application middleware. In: Göschka, K.M., Haridi, S. (eds.) DAIS 2012. LNCS, vol. 7272, pp. 140–147. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  20. 20.
    Balfanz, D., Durfee, G., Smetters, D.: Making the Impossible Easy: Usable PKI. In: Security and Usability: Designing Secure Systems that People Can Use, pp. 319–334. O’Reilly, Sebastopol (2005)Google Scholar
  21. 21.
    Jones, P.E., Salgueiro, G., Smarr, J.: WebFinger: IETF Network Working Group Internet Draft (May 2012), http://tools.ietf.org/html/draft-jones-appsawg-webfinger-04
  22. 22.
    OASIS: Extensible resource descriptor (xrd) version 1.0 (November 2010), http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html
  23. 23.
    Saxena, N., Ekberg, J.E., Kostiainen, K., Asokan, N.: Secure device pairing based on a visual channel. In: IEEE Symposium on Security and Privacy, 6 p.–313 (May 2006)Google Scholar
  24. 24.
    Nguyen, L.H., Roscoe, A.W.: Authenticating ad hoc networks by comparison of short digests. Information and Computation (an International Journal) 206(2-4), 250–271 (2008)MathSciNetMATHCrossRefGoogle Scholar
  25. 25.
    Kainda, R., Flechais, I., Roscoe, A.W.: Secure and usable out-of-band channels for ad hoc mobile device interactions. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 308–315. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: Using the Secure Remote Password (SRP) Protocol for TLS Authentication. RFC 5054 (Informational) (November 2007)Google Scholar
  27. 27.
    Eastlake 3rd, D.: Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066 (Proposed Standard) (January 2011)Google Scholar
  28. 28.
    Lyle, J., Monteleone, S., Faily, S., Patti, D., Ricciato, F.: Cross-platform access control for mobile web applications. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems & Networks. IEEE (July 2012)Google Scholar
  29. 29.
    Coker, G., Guttman, J.D., Loscocco, P., Sheehy, J., Sniffen, B.T.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  30. 30.
    Levy, H.M.: Capability-Based Computer Systems. Butterworth-Heinemann, Newton (1984)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • John Lyle
    • 1
  • Andrew Paverd
    • 1
  • Justin King-Lacroix
    • 1
  • Andrea Atzeni
    • 2
  • Habib Virji
    • 3
  • Ivan Flechais
    • 1
  • Shamal Faily
    • 1
  1. 1.Department of Computer ScienceUniversity of OxfordUK
  2. 2.Dip. di Automatica e InformaticaPolitecnico di TorinoTorinoItaly
  3. 3.Samsung Electronics Research InstituteAshfordUK

Personalised recommendations