Post on 11-May-2015
description
transcript
Christian RohnerPer Gunningberg
Uppsala Universitet, Sweden
Twitter in Disaster Mode:Security Architecture
Theus HossmannDominik Schatzmann
Franck LegendrePaolo Carta
ETH Zurich, Switzerland
2hossmann@tik.ee.ethz.ch
Source: XKCD (http://xkcd.com/723/)
3hossmann@tik.ee.ethz.ch
Source: Twitter Blog (http://blog.twitter.com/2011/06/global-pulse.html)
Network Outage in Japan
4hossmann@tik.ee.ethz.ch
Operator # inoperative BS
NTT DoCoMo 6720
KDDI 3800
Softbank 3786
Your Smart Phone, the Emergency Kit
• Temporary GSM network• Wireless mesh network• Satellite communication
• Opportunistic Communication• DTN2• Haggle• PodNet
5hossmann@tik.ee.ethz.ch
Deployment, configuration, etc.• Requires experts• > 1-2 days
✗• No expert skills required• Instantly ready✓
Goal: Enable disaster victims to tweet instantaneouslyGoal: Enable disaster victims to tweet instantaneously
6hossmann@tik.ee.ethz.ch
Twimight
• Simple yet flexible• Wide spread (200M users)
• Simple yet flexible• Wide spread (200M users)
• Wide spread • Developer friendly• Wide spread • Developer friendly
• Disaster Mode (user enabled with a simple settings check-box)
✓ Opportunistic Communication
✓Security
• Disaster Mode (user enabled with a simple settings check-box)
✓ Opportunistic Communication
✓Security
• Open source (Google Code)
• Open source (Google Code)
Opportunistic Spreading of Tweets
• Bluetooth communication• Periodic Scanning (2min ± 20sec)
• Power saving heuristic• Reduced scanning interval at battery levels < 50%• No more scanning at levels below 30%
• Epidemic spreading (flooding)• Small data volumes• FIFO buffer
• Publish tweets once connectivity is restored
7hossmann@tik.ee.ethz.ch
What about security?
• Problem: From centralized to distributed operation• Authenticity & Integrity• Confidentiality
• Goal: Achieve Twitter-equivalent security in disaster operation• Sign Tweets and Messages• Encrypt privat messages
• Our solution: The “Twimight Disaster Server”• PKI, adapted for temporarily disconnected networks
8hossmann@tik.ee.ethz.ch
Key Idea: Prepare everything before it breaks!Key Idea: Prepare everything before it breaks!! !
The Twimight Disaster Server
9hossmann@tik.ee.ethz.ch
Step 1: Server-side User Identification
• Client obtains OAuth tokens from Twitter• Client sends tokens (over HTTPS) to TDS• Server receives Twitter user ID using tokens
10hossmann@tik.ee.ethz.ch
1. Oauth 2. Send tokens
3. Get user ID
Step 2: Inter-client User Identification
• Client generates Key Pair (RSA, 2048Bit)• Client sends Public Key to TDS• Server sends certificate (signed with TDS key) to client• Client signs Tweets using its Private Key• Client attaches certificates to Tweets for verification
11hossmann@tik.ee.ethz.ch
1. Create keys
2. Send PK3. Send certificate
4. Signed Tweets
Stolen/Lost device
• Revoke key on TDS• TDS manages a revocation list (certificate’s serial number)• TDS distributes incremental list to devices
• Scalability??• Key Idea: Shored-lived certificates (days-weeks)• Transmit and store only non-outdated records
12hossmann@tik.ee.ethz.ch
Additional benefits: Direct Messages
• Private unicast messages (Direct Messages)• Adapted to disaster opertation: Encrypt Direct
Messages• TDS maintains list of followers• TDS sends followers’ keys• Client encrypts message with Public Key
(and signs with Private Key)
13hossmann@tik.ee.ethz.ch
Summary
14hossmann@tik.ee.ethz.ch
• Public release (Android Market)• Bug fixes• Awareness
• Scalability! Geo-location to the rescue..• Geographically limited flooding• Smart tweet delivery
• Contact Graph based routing for Direct Messages• Interest matching for tweets
• Geographically limited key revocation
• New Twitter features (photos, lists, etc.)
What’s next?
15hossmann@tik.ee.ethz.ch
16hossmann@tik.ee.ethz.ch
Thank You For Installing & Using Twimight
http://code.google.com/p/twimight