Device-Based Isolation for Securing Cryptographic Keys

In this work, we describe an eective device-based isolation approach for achieving data security. Device-based isolation leverages the proliferation of personal computing devices to provide strong run-time guarantees for the condentiality of secrets. To demonstrate our isolation approach, we show its use in protecting the secrecy of highly sensitive data that is crucial to security operations, such as cryptographic keys used for decrypting ciphertext or signing digital signatures. Private key is usually encrypted when not used, however, when being used, the plaintext key is loaded into the memory of the host for access. In our threat model, the host may be compromised by attackers, and thus the condentiality of the host memory cannot be preserved. We present a novel and practical solution and its prototype called DataGuard to protect the secrecy of the highly sensitive data through the storage isolation and secure tunneling enabled by a mobile handheld device. DataGuard can be deployed for the key protection of individuals or organizations

The system architecture of the Pocket Companion

In the Moby Dick project we design the architecture of a so-called Pocket Companion. It is a small personal portable computer with wireless communication facilities for every day use. The typical use of the Pocket Companion induces a number of requirements concerning security, performance, energy consumption, communication and size. We have shown that these requirements are interrelated and can only be met optimal with one single architecture. The Pocket Companion architecture consists of a central switch with a security module surrounded by several modules. The Pocket Companion is a personal machine. Communication, and particularly wireless communication, is essential for the system to support electronic transactions. Such a system requires a good security infrastructure not only for safeguarding personal data, but also to allow safe (financial) transactions. The integration of a security module in the Pocket Companion architecture provides the basis for a secure environment.\ud Because battery life is limited and battery weight is an important factor for the size and the weight of the Pocket Companion, energy consumption plays a crucial role in the architecture. An important theme of the architecture is: enough performance for minimal energy consumption

Design and development of Taeneb City Guide - from paper maps and guidebooks to electronic guides

This paper reports the design, development and feedback from the initial trial of the Taeneb City Guide project developing tourist information software on Personal Digital Assistant (PDA) handheld computers. Based on the users' requirements for electronic tourists guides already published in the literature, the paper focuses on the three main technology features of the systems, which would give the advantage over the existing paper publication: query-able dynamic map interface, dynamic information content and community review systems and users' forum. The paper also reports the results of an initial trial of a City Guide for Glasgow conducted as part of the EMAC 03 conference

Light database encryption design utilizing multicore processors for mobile devices

The confidentiality of data stored in embedded and handheld devices has become an urgent necessity more than ever before. Encryption of sensitive data is a well-known technique to preserve their confidentiality, however it comes with certain costs that can heavily impact the device processing resources. Utilizing multicore processors, which are equipped with current embedded devices, has brought a new era to enhance data confidentiality while maintaining suitable device performance. Encrypting the complete storage area, also known as Full Disk Encryption (FDE) can still be challenging, especially with newly emerging massive storage systems. Alternatively, since the most user sensitive data are residing inside persisting databases, it will be more efficient to focus on securing SQLite databases, through encryption, where SQLite is the most common RDBMS in handheld and embedded systems. This paper addresses the problem of ensuring data protection in embedded and mobile devices while maintaining suitable device performance by mitigating the impact of encryption. We presented here a proposed design for a parallel database encryption system, called SQLite-XTS. The proposed system encrypts data stored in databases transparently on-the-fly without the need for any user intervention. To maintain a proper device performance, the system takes advantage of the commodity multicore processors available with most embedded and mobile devices

Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

Securing Interactive Sessions Using Mobile Device through Visual Channel and Visual Inspection

Communication channel established from a display to a device's camera is known as visual channel, and it is helpful in securing key exchange protocol. In this paper, we study how visual channel can be exploited by a network terminal and mobile device to jointly verify information in an interactive session, and how such information can be jointly presented in a user-friendly manner, taking into account that the mobile device can only capture and display a small region, and the user may only want to authenticate selective regions-of-interests. Motivated by applications in Kiosk computing and multi-factor authentication, we consider three security models: (1) the mobile device is trusted, (2) at most one of the terminal or the mobile device is dishonest, and (3) both the terminal and device are dishonest but they do not collude or communicate. We give two protocols and investigate them under the abovementioned models. We point out a form of replay attack that renders some other straightforward implementations cumbersome to use. To enhance user-friendliness, we propose a solution using visual cues embedded into the 2D barcodes and incorporate the framework of "augmented reality" for easy verifications through visual inspection. We give a proof-of-concept implementation to show that our scheme is feasible in practice.Comment: 16 pages, 10 figure

Market leadership through technology – Backward compatibility in the U.S. Handheld Video Game Industry

The introduction of a new product generation forces incumbents in network industries to rebuild their installed base to maintain an advantage over potential entrants. We study if backward compatibility moderates this process of rebuilding an installed base. Using a structural model of the U.S. market for handheld game consoles, we show that backward compatibility lets incumbents transfer network effects from the old generation to the new to some extent but that it also reduces supply of new software. We examine the tradeoff between technological progress and backward compatibility and find that backward compatibility matters less if there is a large technological leap between two generations. We subsequently use our results to assess the role of backward compatibility as a strategy to sustain market leadership