Re: Login Manager
Jeff Andros wrote: simple... display contact info(email, friend's phone number, etc) to return the phone at the login screen... This will be a pretty good reason even for quite dumb evildoers (who is not willing to return device to you on their own) to reflash device with default\empty image to get rid of this info to make device looking like their own.And location tracking will stopped by reflashing as well.The only way to avoid this scenario is to make such people to believe that device is in almost its default state without any restrictions set and is not going to act "against" them so they will leave current firmware as is and it can still silently track phone's coordinates and report them to a real owner, giving a good chances to get your device back even if those who uses your device did not planned to return it to you. I think my old(~2000 ish) WM PDA had an option to do that... people can't get into the phone itself, but they can figure out how to get ahold of you Yep, in IDEAL world filled with only good people it can work.But in REAL world lots of people will prefer not to return device to you but rather to remove stupid lock and use device on their own or sell it to someone.It is not too hard to remove lock and hence chances to get your device back are not very high and depend too much on who is a new device owner.If this is good person with fair intentions who is willing to return device, this will help.But if for example some a$$hole has just stolen your device, do you really expect (s)he will return device to you?Unlikely I guess ;).However, if phone (silently!) reports too you locations where "a$$hole" can be found, it is quite trivial to get your device back.However this tactic requires that new owner to believe that device does not restricts it's usage in any way, etc.Adding info about owner slightly increases chances that device will be reflashed to reset this info, etc.Setting a "hard" lock will cause quite high probability that device will be reflashed\unlocked to get rid of lock. -- Jeff O|||O ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
On 8/10/07, t3st3r <[EMAIL PROTECTED]> wrote: > > > I see no effective way to combine these 2 different goals.One is > prevents access to data but this will enforce bad guys to do full > reflashing.Killing your (unusable) data but getting working (usable) > phone.Another approach makes guys to believe phone is not defends itself > and not secured.While it really silently tracks evildoers. > simple... display contact info(email, friend's phone number, etc) to return the phone at the login screen... I think my old(~2000 ish) WM PDA had an option to do that... people can't get into the phone itself, but they can figure out how to get ahold of you -- Jeff O|||O ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
Shakthi Kannan wrote: Hi, This is w.r.t. having a login manager for OpenMoko. I am not sure how other PDA phones implement login access, but, in the Nokia 6210 classic, even without the SIM card, it simply allows access to the phone, organizer applications, and data. So, if the phone is lost, valuable information will be stolen, which is something end-users don't like. So far, virtually no phones protect USER data well enough.Actually, proprietary phones are doing some job at protecting their firmwares from hacking and pretty powerful protection in operator locking part, etc.And er, virtually no protection of user data.While locks, etc are encrypted and heavily checksummed\signed, user's data are stored as is.So anyone with physical access to phone can quite easily dump your private data if they' really want to.Basically this can be done by just over wires.At very most ("uncooperative" boot loader, etc), they have to use JTAG or desolder flash IC.Not a great deal for pros.So, once you lost the phone you have no reasons to feel your data too secure.They are not secure. And user's "phone code" often implemented in very lame manner - usually it is trivial to remove it or dump it's value.So, no, if you your lost phone, phonecode will rather cause it to be removed and phone never returned to you.While fair people will be effectively prevented from contacting you.So this can even work against phone owner. I can see two different approaches here. 1) You care about your data and do not care too much about phone is returned to you. The real way to protect all user data from unauthorized use in quite powerful manner is to use file system encryption.This will make all things protected.Phone book, calendar, notes and all your files.This costs though. Filesystem will be slower and due to heavy CPU use battery will exhaust faster. Everything has it's price, privacy too. If someone is willing to implement this ever, there is funny hint, just invented by me: long password is pain in the ass to type at boot time.And short password is easy to bruteforce. So, you can store long encryption key in SIM as phone number and name in SIM address book.Access to SIM is protected by short PIN which is hard to brute since you only have 3 attempts to go and SIM is pretty secure thing :).So user have to enter just short PIN but this will cause powerful encryption key to become accessible from SIM's address book.And those who do not know pin will not have access to this key since SIM cards are refusing address book access without entering proper PIN code IIRC. This can make data pretty secure.But... evil persons will just erase all this and reload "factory" flash image so they can use the phone.Good persons will be prevented from contacting you up to some degree since phone gives no access to address book.Idea with displaying your contact info on boot splash\password request screen can help though. 2) You do care about phone return and do not care too much about unauthorised data access. Then another approach can be good: phone should allow all access to all data as usually, any SIM should be OK, etc.Recommended setting is no PIN and no phonecode.But it should silently send it's coordinates to let's say, e-mail to your mailbox or SMSes to a "friendly" number(your second phone number or friend, etc).SMSes will also expose bad guy's phone number to you (your friend, etc).So, bad guys can use phone and access all your data.But it will silently track them a bit so you can return your phone easily.Actually there should be no restrictions in data access or features.Otherwise phone will be reflashed by evil people and tracking will be stopped so your chances to find your phone will become pretty low (IMEI tracking is proven to be quite ineffective since not each and every operator on the planet does this and they're cooperate poorly enough). Well this will leave all or some data accessible to bad guys.Tracking their location and new SIM's phone number in exchange. I see no effective way to combine these 2 different goals.One is prevents access to data but this will enforce bad guys to do full reflashing.Killing your (unusable) data but getting working (usable) phone.Another approach makes guys to believe phone is not defends itself and not secured.While it really silently tracks evildoers. I read this page: http://wiki.openmoko.org/wiki/My_Account I put together few points on the login manager: http://shakthimaan.com/downloads/openmoko/docs/login-manager.pdf I am not sure if I have missed any user scenarios. Thoughts/suggestions/feedback appreciated. Just replace .pdf to .odt in the above to get the OpenOffice document. If login access has already been addressed in OpenMoko, please let me know. I hope this is clarified before mass market. Thanks, Shakthi
Re: Login Manager
> > On 5 Aug 2007, at 16:11, Nkoli wrote: > >> I think your implementation is great; it's logical and clean. The >> only thing I would change is the first boot part. Most phones, if >> not all, allow security conscious users to set some kind of >> password/pin to lock their phones. It should also be an option on >> the Neo, not a requirement. >> >> Example, at first boot, user is asked whether they wish to set a >> password, Yes or No. If yes, password is set per your >> implementation and becomes a requirement each boot. If no, remind >> the user they can still set a password from and >> leave it at that. > > Passwords and pins are pretty fiddly, even tedious to enter. > > There was some research into using pictures of faces which you click > a few of to log in. Now it would be hard to get such images of faces > for our use, but I'm sure symbols or colours would do? This would be pretty cool! A hash of the symbol sequence could also be used as an encryption key, to store personal information but also the SIM's PIN, so authentication using pictures/symbols will transparently authenticate to the SIM. See also : http://csrc.nist.gov/publications/nistir/nistir-7030.pdf ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
Eric Johnson wrote: > Rod Whitby wrote: >> This is not the case. I personally have a SIM card with *no* PIN on it. >> I could set a PIN on it if I chose to, but for that card I choose not >> to. > Actually, there is always a PIN on the SIM it's just that in your case > it has been disabled -- this is standard for some operators. To > re-enable it you need to know the PIN or the PUK. Yes, you are absolutely correct. I should have said that I have a SIM card with a disabled PIN, and that I could enable it if I chose to. > Nonetheless, your point is correct that one cannot assume the PIN is > activated on first boot. > > Eric A disabled PIN on the SIM card will indeed be a common case. -- Rod ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
Rod Whitby wrote: Shakthi Kannan wrote: On 8/5/07, Giles Jones <[EMAIL PROTECTED]> wrote: Passwords and pins are pretty fiddly, even tedious to enter. AFAIK, when you buy a SIM card, you are given a 4-digit PIN number, which is the only means of authentication between the end-user and the GSM part of the phone. So, we have to live with that. This is not the case. I personally have a SIM card with *no* PIN on it. I could set a PIN on it if I chose to, but for that card I choose not to. Setting the PIN is a choice of the user. It does not have to be set. So any login scheme cannot assume that the SIM card has a PIN on first boot. Actually, there is always a PIN on the SIM it's just that in your case it has been disabled -- this is standard for some operators. To re-enable it you need to know the PIN or the PUK. Nonetheless, your point is correct that one cannot assume the PIN is activated on first boot. Eric ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
Shakthi Kannan wrote: > On 8/5/07, Giles Jones <[EMAIL PROTECTED]> wrote: >> Passwords and pins are pretty fiddly, even tedious to enter. > > AFAIK, when you buy a SIM card, you are given a 4-digit PIN number, > which is the only means of authentication between the end-user and the > GSM part of the phone. So, we have to live with that. This is not the case. I personally have a SIM card with *no* PIN on it. I could set a PIN on it if I chose to, but for that card I choose not to. Setting the PIN is a choice of the user. It does not have to be set. So any login scheme cannot assume that the SIM card has a PIN on first boot. -- Rod ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
Giles Jones wrote: On 5 Aug 2007, at 16:11, Nkoli wrote: Passwords and pins are pretty fiddly, even tedious to enter. There was some research into using pictures of faces which you click a few of to log in. Now it would be hard to get such images of faces for our use, but I'm sure symbols or colours would do? What about combination of taps on the screen? For example: "Two tap on the left top corner one tap on the right bottom corner and two more at the central bit" You have got 5 different positions on screen and as many repetitions you like for each position, that provides a lot of combinations. Miquel ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
Hello, On 8/5/07, Giles Jones <[EMAIL PROTECTED]> wrote: > SIM lock is fair enough. But phones often have a lock too, plus > keyboard/screen lock. As for the keyboard / screen lock, my thoughts / wishes are: - a keyboard lock is needed, optionally with an unlock code (otherwise it uses only the unlock keys) - a screen saver, which can display date and time, or user specified information. When a key is pressed, the screen saver dissappears, But there should be an optional confidentiality mode; when activated the screen saver requests the unlock code before removing itself. -- Regards, Torfinn Ingolfsen ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
On 5 Aug 2007, at 16:58, Shakthi Kannan wrote: Hi, Thanks for your replies. On 8/5/07, Giles Jones <[EMAIL PROTECTED]> wrote: Passwords and pins are pretty fiddly, even tedious to enter. AFAIK, when you buy a SIM card, you are given a 4-digit PIN number, which is the only means of authentication between the end-user and the GSM part of the phone. So, we have to live with that. SIM lock is fair enough. But phones often have a lock too, plus keyboard/screen lock. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
Hi, Thanks for your replies. On 8/5/07, Giles Jones <[EMAIL PROTECTED]> wrote: > Passwords and pins are pretty fiddly, even tedious to enter. AFAIK, when you buy a SIM card, you are given a 4-digit PIN number, which is the only means of authentication between the end-user and the GSM part of the phone. So, we have to live with that. After connecting to the GSM modem [1], you will get get an error for AT+CIMI (International Mobile Subscriber Identity) if you don't enter the pin details in CPIN: AT+CIMI Error You have to authenticate first (follow these step) before you can get a proper output from AT+CIMI: AT+CPIN="xyza" OK AT+CIMI Regards, SK [1] http://wiki.openmoko.org/wiki/Manually_using_GSM#Connecting_to_GSM_Modem -- Shakthi Kannan http://www.shakthimaan.com ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
On 5 Aug 2007, at 16:11, Nkoli wrote: I think your implementation is great; it's logical and clean. The only thing I would change is the first boot part. Most phones, if not all, allow security conscious users to set some kind of password/pin to lock their phones. It should also be an option on the Neo, not a requirement. Example, at first boot, user is asked whether they wish to set a password, Yes or No. If yes, password is set per your implementation and becomes a requirement each boot. If no, remind the user they can still set a password from and leave it at that. Passwords and pins are pretty fiddly, even tedious to enter. There was some research into using pictures of faces which you click a few of to log in. Now it would be hard to get such images of faces for our use, but I'm sure symbols or colours would do? ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
I think your implementation is great; it's logical and clean. The only thing I would change is the first boot part. Most phones, if not all, allow security conscious users to set some kind of password/pin to lock their phones. It should also be an option on the Neo, not a requirement. Example, at first boot, user is asked whether they wish to set a password, Yes or No. If yes, password is set per your implementation and becomes a requirement each boot. If no, remind the user they can still set a password from and leave it at that. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Login Manager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shakthi Kannan wrote: > Hi, > > This is w.r.t. having a login manager for OpenMoko. > > [ .. snip .. ] > > I read this page: > http://wiki.openmoko.org/wiki/My_Account This idea seems to be a bit too much "work" for the average Joe, but I guess that depends on the implementation. It also seems overly complex. (Perhaps I'm not understanding it properly) > I put together few points on the login manager: > http://shakthimaan.com/downloads/openmoko/docs/login-manager.pdf I really like this idea, and it seems like it's almost fully transparent! I guess the phone has a way of uniquely identifying the SIM without the PIN being correct? If so, you could just ignore any user password (and just authenticate using PIN) if the SIM is the "first-boot" SIM (but set the user-password to PIN whenever the user logs in with the "first-boot" SIM - so that you can use your PIN whenever you boot the phone without SIM). That way, you don't need a "forgotten password"-mechanism, you just use PIN & PUK - which are pre-defined mechanisms for SIMs. (To make it even simpler in use) Just my two cent. As I mentioned, I think this idea is an awesome (and simple) security-mechanism. :-) Kindest regards, Jørgen P. Tjernø. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGtd2WUMzc1WGo4zgRAiJ4AJ9ajiHf7pQAnZXP83cwhxt6StuBuQCdFPqM gFfN4/0koQUa24fIBrOJQQY= =bjAN -END PGP SIGNATURE- ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Login Manager
Hi, This is w.r.t. having a login manager for OpenMoko. I am not sure how other PDA phones implement login access, but, in the Nokia 6210 classic, even without the SIM card, it simply allows access to the phone, organizer applications, and data. So, if the phone is lost, valuable information will be stolen, which is something end-users don't like. I read this page: http://wiki.openmoko.org/wiki/My_Account I put together few points on the login manager: http://shakthimaan.com/downloads/openmoko/docs/login-manager.pdf I am not sure if I have missed any user scenarios. Thoughts/suggestions/feedback appreciated. Just replace .pdf to .odt in the above to get the OpenOffice document. If login access has already been addressed in OpenMoko, please let me know. I hope this is clarified before mass market. Thanks, Shakthi -- Shakthi Kannan http://www.shakthimaan.com ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community