Presentation is loading. Please wait.

Presentation is loading. Please wait.

Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006."— Presentation transcript:

1 Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006

2 My Position

3 No Secure Mobile Computing Soon Lots of important info on mobile devices Usability issues Cultural issues Economic issues

4 Lots of important info on mobile devices This was just March 2006

5 Lots of important info on mobile devices More and more devices out there More and more valuable data and services on devices –M-Commerce with mobile phones –Browser history and passwords –Unlock doors to home –Paris Hilton photos!!!! Observation: More and more incentives for theft –Steal and resell on EBay –Steal and punch through corporate firewalls –Mobile spyware (tracks location, already starting)

6 Usability Issues ~20% of WiFi access points returned –People couldn’t figure out how to make it work My guess: ~80% of unsecured WiFi access points –When you are mobile, risk of eavesdroppers –Computer security too hard to understand, too hard to setup

7 Usability Issues Phishing really really works –Exact numbers hard to find, but LOTS of people fall for them Semantic gap between us and everyday users –SSL, certificates, encryption, man-in-the-middle attacks –But simple phishing is stunningly effective Observation: need security models that are invisible (managed by others) or extremely easy to understand “Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead

8 Cultural Issues Browser Cookies –Originally meant for maintaining state –Now a pervasive means for tracking people online –Embedded in every browser, hard to change Observation: Security hard issue to wrap brain around –Hard to assess risk of low-probability event in future –Adds to cost of development for uncertain benefit –Thus, often done as an afterthought (ie too late)

9 Economic Issues

10 Estimated cost of phishing in US is ~$5 billion Solutions already exist –Two-factor authentication –Email authentication But: –Non-computer scams ~$200 billion –Estimated cost of implementation > $5 billion Observation: Many solutions are out there, but: –Need to align needs of various parties (politics) –Need incentives (cost-benefit, law) Observation: Scammers getting more sophisticated –Market for scammers (setup + steal, mules, bookkeeping) –“Build it, and scammers will also come”

11 No Secure Mobile Computing Soon Lots of important info on mobile devices Usability issues Cultural issues Economic issues IEEE Computer, Dec 2005 “Minimizing Security Risks in Ubicomp Systems” Invisible Computing Column

12 Cultural Issues 1 Algorithm for handling important societal issues in the United States Wait for disaster to Happen If (disaster == true) { willSomeonePleaseThinkOfTheChildren() legislate() || overreact() } Repeat Observation: Slow and suboptimal

Download ppt "Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006."

Similar presentations

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU 12-2011.

EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU
Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.

Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.
Online Holiday Shopping Brings Great Deals – and Fraud This lesson is part of the iKeepCurrent TM Program, provided by iKeepSafe TM.

Online Holiday Shopping Brings Great Deals – and Fraud This lesson is part of the iKeepCurrent TM Program, provided by iKeepSafe TM.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?

Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Today you will learn about… Cryptology –Encryption and decryption –Secure vs. nonsecure websites Protecting your identity online Internet safety rules.

Today you will learn about… Cryptology –Encryption and decryption –Secure vs. nonsecure websites Protecting your identity online Internet safety rules.
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.

The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
People Technical AdvisorsAcademic AdvisorFinal Project By Prof. Shlomi Dolev Prof. Ehud Gudes Boaz Hilemsky Dr. Aryeh Kontorovich Moran Cohavi Gil Sadis.

People Technical AdvisorsAcademic AdvisorFinal Project By Prof. Shlomi Dolev Prof. Ehud Gudes Boaz Hilemsky Dr. Aryeh Kontorovich Moran Cohavi Gil Sadis.
CMU Usable Privacy and Security Laboratory A Brief History of Semantic Attacks or How Not to Get Screwed Online Serge Egelman.

CMU Usable Privacy and Security Laboratory A Brief History of Semantic Attacks or How Not to Get Screwed Online Serge Egelman.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Four Two Rants on Mobile Computing Jason I. Hong Feb 20 2007 Carnegie Mellon University Intel Ultra-Mobile Devices Workshop.

Four Two Rants on Mobile Computing Jason I. Hong Feb Carnegie Mellon University Intel Ultra-Mobile Devices Workshop.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security

PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
SSL From Your Smartphone Support for Android Smartphones www.sharetech.com.twwww.sharetech.com.tw / www.higuard.comwww.higuard.com.

SSL From Your Smartphone Support for Android Smartphones /

Similar presentations

Ads by Google