Can We Achieve Secure Mobile Computing Anytime Soon? - PowerPoint PPT Presentation

About This Presentation
Title:

Can We Achieve Secure Mobile Computing Anytime Soon?

Description:

Lots of important info on mobile devices. This was just March 2006 ... Paris Hilton photos!!!! Observation: More and more incentives for theft ... – PowerPoint PPT presentation

Number of Views:117
Avg rating:3.0/5.0
Slides: 13
Provided by: jason203
Learn more at: http://www.cs.cmu.edu
Category:

less

Transcript and Presenter's Notes

Title: Can We Achieve Secure Mobile Computing Anytime Soon?


1
Can We Achieve Secure Mobile Computing Anytime
Soon?
  • Jason I. Hong
  • WMCSA2006
  • April 7 2006

2
My Position
3
No Secure Mobile Computing Soon
  • Lots of important info on mobile devices
  • Usability issues
  • Cultural issues
  • Economic issues

4
Lots of important info on mobile devices
This was just March 2006
5
Lots of important info on mobile devices
  • More and more devices out there
  • More and more valuable data and services on
    devices
  • M-Commerce with mobile phones
  • Browser history and passwords
  • Unlock doors to home
  • Paris Hilton photos!!!!
  • Observation More and more incentives for theft
  • Steal and resell on EBay
  • Steal and punch through corporate firewalls
  • Mobile spyware (tracks location, already starting)

6
Usability Issues
  • 20 of WiFi access points returned
  • People couldnt figure out how to make it work
  • My guess 80 of unsecured WiFi access points
  • When you are mobile, risk of eavesdroppers
  • Computer security too hard to understand, too
    hard to setup

7
Usability Issues
  • Phishing really really works
  • Exact numbers hard to find, but LOTS of people
    fall for them
  • Semantic gap between us and everyday users
  • SSL, certificates, encryption, man-in-the-middle
    attacks
  • But simple phishing is stunningly effective
  • Observation need security models that are
    invisible (managed by others) or extremely easy
    to understand

Civilization advances by extending the number of
operations we can perform without thinking about
them. - Alfred North Whitehead
8
Cultural Issues
  • Browser Cookies
  • Originally meant for maintaining state
  • Now a pervasive means for tracking people online
  • Embedded in every browser, hard to change
  • Observation Security hard issue to wrap brain
    around
  • Hard to assess risk of low-probability event in
    future
  • Adds to cost of development for uncertain benefit
  • Thus, often done as an afterthought (ie too late)

9
Economic Issues
10
Economic Issues
  • Estimated cost of phishing in US is 5 billion
  • Solutions already exist
  • Two-factor authentication
  • Email authentication
  • But
  • Non-computer scams 200 billion
  • Estimated cost of implementation gt 5 billion
  • Observation Many solutions are out there, but
  • Need to align needs of various parties (politics)
  • Need incentives (cost-benefit, law)
  • Observation Scammers getting more sophisticated
  • Market for scammers (setup steal, mules,
    bookkeeping)
  • Build it, and scammers will also come

11
No Secure Mobile Computing Soon
  • Lots of important info on mobile devices
  • Usability issues
  • Cultural issues
  • Economic issues

IEEE Computer, Dec 2005 Minimizing Security
Risks in Ubicomp Systems Invisible Computing
Column
12
Cultural Issues 1
  • Algorithm for handling important societal issues
    in the United States
  • Wait for disaster to Happen
  • If (disaster true)
  • willSomeonePleaseThinkOfTheChildren()
  • legislate() overreact()
  • Repeat
  • Observation Slow and suboptimal
Write a Comment
User Comments (0)
About PowerShow.com