UW Computer Security Research and Course Blog

Introduction

Today internet is not limited to just desktops and laptops. There has been a flurry of portable devices that can connect to internet and allow for local storage and use of software applications. As users own more than one such web-enabled devices, their data and applications get more and more distributed. Distribution of data also happens when multiple people are collaborating on some work. This need of data sharing and synchronization motivates the existence of a system which lets people manage shared data on various devices and with multiple collaborators.

Technology Overview

Live Mesh by Microsoft allows users to create a network of their web-enabled devices – mobile phones, laptops, desktops etc, and have synchronized data on all of them. It also allows users to do a remote desktop from any device to the other on this mesh and work on it. Basically the idea is that the user should be able to access his data from anywhere in world. Besides this sync-up between devices, users are also provided with a 5GB space on Microsoft’s servers which they can access anytime through internet. With this product, Microsoft is targeting the consumer market right now and has not focused on a business solution. The users are allowed to add other users to their mesh with accessibility controls to the shared folders. The added users can sync up this data on their devices and work on it. The system allows the owner to view any updates about his mesh as “news” items on the mesh bar. People can give comments about the shared data in the news section thus helping in collaboration. The authentication mechanism for the mesh is based on one’s Windows Live passport.

Stakeholders

Individuals are the biggest the stakeholders since all their shared information is at stake. The information might contain secrets about financial or personal life which should not be shared like credit card numbers, passwords, personal letters etc. Besides individuals, a lot of collaborative groups are direct stakeholders. These groups can range from a group of students collaborating on a project to a corporate team sharing company data. Hence in this case, the whole group is the stakeholder.

Assets/ security goals

The main asset is the data that is being shared between the devices, be it for individuals or for organizations. Loss of important financial details can be dangerous for both. On an individual level, illegal access to photographs or documents can reveal personal information like relationships, problems, habits etc. For the organization, confidential data can include collaborative work on certain projects, information about employees etc.

The security goals can be at three different levels – network, device and user. Data privacy depends a lot on the security of the network protocols used in the communication. This goal is mostly achieved because of the already available secure protocols. Given this big mesh of devices, device authentication mechanism is also important. Also, the device should be secure enough to block any attempts by malware or hackers to break the security and access stored data. The same device may also be used by different users in which case we need a good user authentication mechanism. Currently text passwords are used but more secure means can be thought of.

Potential adversaries/threats

A major threat relates to shared data. This may arise from personal attacks against somebody or a business rivalry. Personal attacks can be from people in your social circle who try to hack your password to corrupt your data or just know secrets about you. These people have limited sources but a big organization has access to a larger computing base and can use that to hack into another organization’s confidential data. Microsoft itself could be a potential adversary since it is controlling and has access to all the data transfer and connections between devices. The Mesh software may decide to contact the server regarding the information being passed on between devices to allow study of device interaction for further research. Another potential threat is from malwares. Given that the devices are now connected in a very intimate way, any malware which gets access to one device can possibly spread at an exponential rate through the mesh. Device theft also presents a threat since the device has the latest copy of data from all other devices. The stolen device could be used to keep on syncing the data (I did not find documentation which said that a device can be blacklisted but I guess this feature is already there). Since there is no authentication for the user to use the data locally, this can be a threat to the data privacy

Potential weaknesses

Dependence on a single password – The access to the whole device mesh for a user is controlled by his Windows Live passport. Hence loss of a single password can lead to loss of entire data on all the machines and the attacker may corrupt or destroy all the data. Given increased attacks on text-password schemes, this can be considered a big weakness.

Unencrypted data – The 5GB web space provided to users to maintain online data on Microsoft servers is protected by access control mechanisms but unencrypted. Any breach of these access controls gives the attacker access to this unprotected data of all users.

Potential defenses

Threats and weaknesses arising from a highly concentrated authenticated system can be improved by building a distributed authentication mechanism. Instead of just one Mesh password allowing access to everything, we can use an authentication on separate devices to access data synced from other machines. Having many passwords can present usability issues so the best way will be to have biometrics-based passwords like a fingerprint or retinal scan. But this will depend a lot on accuracy, robustness and feasibility of any such mechanism. To counter device theft problems, immediate blacklisting devices by users can be allowed. The online web space provided to users can be encrypted and fragmented. This will prevent any data leaks due to access control failures. It was discussed earlier that Microsoft itself could be an adversary. To prevent that data should be encrypted in a way that Microsoft does not know what the data is. It just stores and shares.

Risk evaluation

The highest probability threats are device thefts and rapid spread of malwares. The former will lead to access to all synced up data and hence asks for a higher security model. On the existing network of desktops, servers and laptops, there are already innumerable malwares. With the rapid increase in the number of portable web-enabled devices connected to each other, rapid spread is more likely. This will amplify the existing malware problems like spam, denial of service attacks etc. Thus, higher security and monitoring mechanisms are required on the devices. Given the reliance of Windows Live passport on strong cryptographic schemes, hacking the password seems less probable but it may happen by people overlooking on shoulders or use of key-loggers etc. This threat has the highest cost because the entire mesh is dependent on this. Thus the risk presented by authentication mechanism is high and needs to be made more secure. Microsoft itself acting as adversary is less probable given that the current product is oriented to consumers with whom the company is not likely to hold rivalry. Hence this risk is now but it will not be the case if organizations are involved instead of individuals. Lastly, the risk presented by consumers storing unencrypted data behind access controls on servers is not high given that the data is not highly sensitive and good access control mechanisms.

Future and bigger picture

Live Mesh is only the start. With myriads of portable devices coming up which can communicate with each other, the need to share and access data from anywhere will always exist. We can visualize a world where the data is not localized and is floating around on the internet between various servers. The access can be through portable devices like smart phones using biometric feature-based authentication. This model raises some important questions. Is the user comfortable with the idea of his data not being stored locally but maybe on a server thousands of miles away? A user study will probably help establish this. Is the system robust enough to allow for servers failing? This will involve crucial distributed computing issues. Lastly, when the users rely on third parties to store and share data for them, they will want the data to remain private from these parties. The user security model should match with the security model of the system.

Conclusion

Live Mesh is a nice system allowing for connecting all one’s devices together and accessing data on any one of them. While the current version is secure enough for individual consumers, it is still not at the level where big organizations will want to use it because of the high stakes involved. The major limitations are a centralized authentication system based on text password and storage on unencrypted data on servers. We have discussed the ways in which these can be improved. For providing a business solution, a lot of new features will have to be added for more security and collaboration and ensuring that Microsoft has no knowledge about the stored and shared data. In all, Live Mesh is a great step towards a future of unified technology at human disposal.