Authenticating Out-of-Band Communication Over Social Links

Similar documents
File Transfer Protocol (FTP) & SSH

OpenID Single Sign On and OAuth Data Access for Google Apps. Ryan Dave Primmer May 2010

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

YouServ: A Web Hosting and Content Sharing Tool for the Masses

Reverse Proxy Guide. Version 2.0 April 2016

Mobile Device Management Version 8. Last updated:

Copyright 2013, 3CX Ltd.

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

SevOne NMS Download Installation and Implementation Guide

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Device LinkUP + Desktop LP Guide RDP

Wave 4.5. Wave ViewPoint Mobile 2.0. User Guide

Offer Specifications Dell Management Services (EMS): mobilencrypt

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Dynamic VLAN assignment using RADIUS. Network Diagram

Cloudfinder for Office 365 User Guide. November 2013

WatchDox Administrator's Guide. Application Version 3.7.5

Vodafone Secure Device Manager Administration User Guide

Securing Android BYOD(Bring your Own Device) with Network Access Control(NAC) and MDM(Mobile Device Management)

Version 2.4 Release Note

Savvius Insight Initial Configuration

Google Docs Print. Administrator's Guide

If you examine a typical data exchange on the command connection between an FTP client and server, it would probably look something like this:

Creating a DUO MFA Service in AWS

My Stuff Everywhere Your Content On Any Screen

How to Migrate to MailEnable using the Migration Console

Synthesis Migration Guide

Chapter 17. Transport-Level Security

How To Synchronize With Gmail For Business On Shoretel

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

AskCody Connect Connect your Outlook or AD to AskCody s solutions seamlessly. Everything included!

Introduction to Stanford Box

Client Server Registration Protocol

Aventail Connect Client with Smart Tunneling

Cloudwork Dashboard User Manual

USER GUIDE WWPass Security for Windows Logon

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Nimble out-out-of-band authentication for EAP

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

GCM for Android Setup Guide

Lync for Mac Get Help Guide

A Standards-based Mobile Application IdM Architecture

Administering Google Apps & Chromebooks for Education

CONFIGURING FOR R9.1

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

The University of Texas Rio Grande Valley. Network Security. Create a Virtual Private. Network (VPN) Connection. Network Security How-to:

ResNet Guide. Information & Learning Services. Here to support your study and research

Integrating with IBM Tivoli TSOM

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

This document is intended to make you familiar with the ServersCheck Monitoring Appliance

Getting Started with AD/LDAP SSO

XenApp/Citrix Program Neighborhood Installation

Smart Card Authentication Client. Administrator's Guide

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

Cloud Authentication. Getting Started Guide. Version

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services

OnCommand Performance Manager 1.1

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Web Hosting Getting Started Guide

Flexible Identity Federation

DeployStudio Server Quick Install

OAuth 2.0. Weina Ma

SUMMARY. e-soft s.r.l.

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Quick DDNS Quick Start Guide

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

IP Voice UNIFI. ipad User Guide

Error and Event Log Messages

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

How to Secure a Groove Manager Web Site

ATI00484IEN. Avaya IP Office Advanced Application and Troubleshooting Workshop

Connecting and Setting Up Your Laptop Computer

Is your mainframe less secure than your file server? Malcolm Trigg Solutions Consultant 24 th February 2016

Security Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER

Cisco ASA Authentication QUICKStart Guide

D-Link DAP-1360 Repeater Mode Configuration

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: Version: 2.2

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Secure Messaging Server Console... 2

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Contents First Time Setup... 2 Setting up the Legal Vault Client (KiteDrive)... 3 Setting up the KiteDrive Outlook Plugin Using the Legal Vault

ECA IIS Instructions. January 2005

Single Sign On. SSO & ID Management for Web and Mobile Applications

Bit Chat: A Peer-to-Peer Instant Messenger

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Ad Hoc (Temporary) Accounts Instructions

PC Monitor Enterprise Server. Setup Guide

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Napster and Gnutella: a Comparison of two Popular Peer-to-Peer Protocols. Anthony J. Howe Supervisor: Dr. Mantis Cheng University of Victoria

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Using SSH Secure FTP Client INFORMATION TECHNOLOGY SERVICES California State University, Los Angeles Version 2.0 Fall 2008.

How to Setup Scan to SMB to a Microsoft Vista Workstation Using a bizhub C451/ C550

Device Log Export ENGLISH

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

The Role and uses of Peer-to-Peer in file-sharing. Computer Communication & Distributed Systems EDA 390

XIA Configuration Server

Transcription:

Authenticating Out-of-Band Communication Over Social Links Anirudh Ramachandran and Nick Feamster School of Computer Science, Georgia Tech {avr,feamster}@cc.gatech.edu

Motivating Application: Secured Web Server Alice wishes to set up a secure web service to share her photos only with her friends. She must Alice Bob 1.Distribute the URL of the service to her friends What if the server is unreachable or its IP / location changes (e.g., DHCP)? 2. Create and distribute credentials for the service to each friend Trudy Email/IM: What if she wants to add or revoke friends?

How can Online Social Networks help? Social networks store and manage a user's friends Expresses real life relationships online Security based on social relationships is exactly what many applications need Challenge: How can we leverage relationships on OSNs for securing inter app communication?

Securing a Web server using OSNs Buddies 1. Log in 2. Create friend group 3. Alice Publish service details to group Group Name:Buddies Permissions: Members Only Alice's server IP: 100.1.1.1 Alice's password: ''insecure'' Status: Online Bob 4. Get Alice's server credentials 5. Present credentials to Alice's server Alice's Server If only applications could do this automatically...

Our Contribution: Authenticatr 1. Exchange IPs 2. Open Ports 3. Set up keys Alice's application Social Networking Authenticatr Bob's Application Trust in real life Trust on OSNs Trust on the Internet Requirements for the social network The social network must be authenticated It must support basic messaging between friends

Design Overview Three components A set of applications that can use social context for authentication A set of social communication protocols An API that exports a uniform interface to all applications. Secure Webserver File Sharing Applications using Social Authentication Authenticatr API Conduct Measurement Supported Social Networks Hourglass design

Outline Motivating Application #2: P2P file sharing Authenticatr API More Applications! Ongoing and Future Work Related Work Summary Secure Webserver File Sharing Conduct Measurement Applications using Social Authentication Authenticatr API Supported Social Networks

Motivating Application #2: P2P sharing Alice wishes to securely share large files with some of her friends Send it via email or IM: file size limits; Alice must initiate each file transfer; friends cannot be added or removed Share it on a P2P network (e.g., Gnutella): No security (or Alice must password protect the files, and distribute the file names and keys to each friend) All of peer discovery, secure communication, and scalability are difficult to achieve

P2P Filesharing with Authenticatr Present credentials Log In Alice Retrieve list of friends P2P client over Authenticatr Choose files to share Wait for connections Choose friends Exchange IPs, password, etc. using social messaging Present credentials Initiate direct connection Present credentials Bob Bob's P2P client

Authenticatr API Authentication API Goal Attempt to log onto network n, returning a session handle Function Prototype session* login (network *n, credential *cred) Communication API Send an opaque message msg to friend f using session s Receive opaque message msg from friend f over session s send (session *s, friend *f, message *msg) recv (session *s, friend *f, message **msg) Utility functions Get the list of friends of user f from session s as the list l get_friends (session *s, friend *f, friend **l)

More Applications! Alice wants to conduct a network measurement from Bob's computer 1.Alice's application logs in and inspects Bob's profile to see if his application is active 2.Alice's app sends a message to Bob such as ping google.com 3.Bob's app picks up the message, conducts the experiment, and sends the result back as another message May be used for root causing network disruptions Alice's application: s = login (facebook, cred_alice); get_friends_list (s, NULL, &friend_list); send (s, friend_list[1], ping google.com ); Periodically: recv (s, friend_list[1], &meas_response); Bob's application: recv (s, friend_list[2], &meas_request); // Perform measurement send (s, friend_list[2], meas_response);

Application: Key exchange Alice and Bob want to negotiate a shared secret 1.Alice and Bob set up Diffie Hellman parameters in a set of messages over the social network of choice 2. Using D H, a key can be established in one more roundtrip

Practical Considerations Changes to host applications: mainly user input Retrieves user/pass from social network instead of prompting the user Session Multiplexing: many application instances must use one social network session Each message passed on the social network contains identifying tags (similar to an object broker)

Ongoing and Future Work Two applications: secured web service and a P2P filesharing service Two social networks: Google Talk and Facebook Challenges: Facebook does not provide a way for desktop applications to send or receive messages Using notifications as a hack Can only get unread notifications Message ordering/timestamping, locking Discussion topic: Wishlist for OSN APIs?

Related Work OpenSocial: Attempts to unify social networks for webbased applications Authenticatr unifies social networks for desktop apps; also can work across IM, mailing lists, etc. Lockr: Attempts to reuse social relationships from one DB/service on other services for access control SocialGraph: Similar goal, except it uses publicly declared relationships (no security) Authenticatr does not try to combine two social networks; provides a uniform interface for each (to apps) FriendStore, Pownce: Share files within friend networks Authenticatr extends and generalizes this idea

Summary Many desktop applications could benefit from secure communication Many, however, forsake it for usability Social networking channels offer a secure messaging path to initiate authentication Implements real world trust relationships online Authenticatr allows desktop applications to use these social channels for authentication

Thanks! Coffee, anyone?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information