Protecting applications with transient authentication

Authors:
Mark D. Corner;Brian D. Noble
Affiliations:
University of Michigan, Ann Arbor, MI;University of Michigan, Ann Arbor, MI
Venue:
Proceedings of the 1st international conference on Mobile systems, applications and services
Year:
2003

Citing 25
Cited 12

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Distance-bounding protocols

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Password authentication with insecure communication

Communications of the ACM
Using encryption for authentication in large networks of computers

Communications of the ACM
Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
Security: for ubiquitous computing

Security: for ubiquitous computing
Operating System Concepts

Operating System Concepts
Bluetooth Revealed

Bluetooth Revealed
Zero-interaction authentication

Proceedings of the 8th annual international conference on Mobile computing and networking
An Introduction to Evaluating Biometric Systems

Computer
An Iris Biometric System for Public and Personal Use

Computer
An Introduction to Evaluating Biometric Systems

Computer
Building the IBM 4758 Secure Coprocessor

Computer
Personal Secure Booting

ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks

Proceedings of the 7th International Workshop on Security Protocols
Application Design for a Smart Watch with a High Resolution Display

ISWC '00 Proceedings of the 4th IEEE International Symposium on Wearable Computers
Protecting unattended computers without software

ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
The case for transient authentication

EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Encrypting virtual memory

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Secure coprocessors in electronic commerce applications

WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
SSH: secure login connections over the internet

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Secure deletion of data from magnetic and solid-state memory

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A revocable backup system

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
How to forget a secret

STACS'99 Proceedings of the 16th annual conference on Theoretical aspects of computer science

SHAD: a human centered security architecture for partitionable, dynamic and heterogeneous distributed systems

DSM '04 Proceedings of the 1st international doctoral symposium on Middleware
Protecting file systems with transient authentication

Wireless Networks
Mobile Device Security Using Transient Authentication

IEEE Transactions on Mobile Computing
Improving mobile database access over wide-area networks without degrading consistency

Proceedings of the 5th international conference on Mobile systems, applications and services
Concord: a secure mobile data authorization framework for regulatory compliance

LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
A flexible privacy and trust based context-aware secure framework

ICOST'10 Proceedings of the Aging friendly technology for health and independence, and 8th international conference on Smart homes and health telematics
Keypad: an auditing file system for theft-prone devices

Proceedings of the sixth conference on Computer systems
Information seesaw: availability vs. security management in the UbiComp world

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Attribute-Based authentication model for dynamic mobile environments

SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Progressive authentication: deciding when to authenticate on mobile phones

Security'12 Proceedings of the 21st USENIX conference on Security symposium
CleanOS: limiting mobile data exposure with idle eviction

OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
CASA: context-aware scalable authentication

Proceedings of the Ninth Symposium on Usable Privacy and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

How does a machine know who is using it? Current systems authenticate their users infrequently, and assume the user's identity does not change. Such persistent authentication is inappropriate for mobile and ubiquitous systems, where associations between people and devices are fluid and unpredictable. We solve this problem with Transient Authentication, in which a small hardware token continuously authenticates the user's presence over a short-range, wireless link. We present the four principles underlying Transient Authentication, and describe two techniques for securing applications. Applications can be protected transparently by encrypting in-memory state when the user departs and decrypting this state when the user returns. This technique is effective, requiring just under 10 seconds to protect and restore an entire machine, but indiscriminate. Instead, applications can utilize an API for Transient Authentication, protecting only sensitive state. We describe our ports of three applications---PGP, SSH, and Mozilla---to this API. Mozilla, the most complicated application we have ported, suffers less than 4% overhead in page loads in the worst case, and in typical use can be protected in less than 250 milliseconds.