Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Security and Authentication Issues (for a Machine with a Fruit on the Front) Rodney Thayer.

Similar presentations


Presentation on theme: "Internet Security and Authentication Issues (for a Machine with a Fruit on the Front) Rodney Thayer."— Presentation transcript:

1 Internet Security and Authentication Issues (for a Machine with a Fruit on the Front) Rodney Thayer

2 Security/Auth for Mac's2 Topics What’s the question? Security Applications Platform Dreams Security Considerations

3 Security/Auth for Mac's3 What’s the Question?

4 Security/Auth for Mac's4 Security and Authentication Features required for applications Features required for users No bone-implant computing devices, yet Opportunites for Mac applications Real world requirements

5 Security/Auth for Mac's5 Security Applications

6 Security/Auth for Mac's6 Applications Secure Web path VPN Client Secure Email Secure client applications (e.g. router manager) Credit Cards Payment technologies Identification schemes

7 Security/Auth for Mac's7 Why Security or Authentication? Money Intellectual Property Regulation Privacy Insurance Property Protection

8 Security/Auth for Mac's8 What’s Mac Specific? Opportunity to exploit capabilities Application set (e.g. multimedia) Platform design opportunities Other platforms suck, Macs could suck less

9 Security/Auth for Mac's9 Secure Web Applications Browsers, Java applications, Custom applications Bulk encryption of data link Authentication of end entities Browser protocols using legacy SSL or TLS or beyond light performance load

10 Security/Auth for Mac's10 VPN Applications Remote access to work group network Road Warriors Telecommuting Wireless Networks IPsec/SSH/Other Tunnels Authentication and Bulk encryption light to heavy performance load

11 Security/Auth for Mac's11 Secure Email Signed and/or Encrypted email among users and entities Various standards, some even work ;-) We wish we had authentication authentication and limited bulk encryption light to medium load

12 Security/Auth for Mac's12 Media Applications Post-Napster post-Superbowl audio/video Payment applications If encrypting, high performance load Heavy performance load

13 Security/Auth for Mac's13 Secure Client/Server Applications that are security-aware Network Management Hard core commerce applications all sorts of performance requirements

14 Security/Auth for Mac's14 Platform Dreams

15 Security/Auth for Mac's15 What do you want to encrypt today? Any data I have At any speed Securely Easily, from any application Standards-based Provided by vendor(?)

16 Security/Auth for Mac's16 User Requirements Zero extra blobs to carry Practically interface to single package No extra power requirements No cost increase Common interface No extra steps (e.g. mouse wiggling)

17 Security/Auth for Mac's17 Application Requirements Access to authentication protocols Access to encryption protocols Token capabilities (key rings) Hardware encryption capability Secure memory Two-factor capability (fingerprint, retinal, etc.

18 Security/Auth for Mac's18 Crypto Requirements Public key cryptography (RSA, EC, DSA) Large keys -- 1024/2048/etc. Symmentric Ciphers (3DES, AES) Hardware tokens Zeroization capability Physical/Electrical security

19 Security/Auth for Mac's19 What about the Mac? Opportunities to design in features Token access Hardware crypto Entropy Generation Biometric devices Suck Less

20 Security/Auth for Mac's20 Security Considerations

21 Security/Auth for Mac's21 Issues Crypto Issues Non-crypto issues Human factors Packaging

22 Security/Auth for Mac's22 Crypto Issues Parameters: key size, etc. Design choices of algorithms -- licensing, embedded software issues Installed base intertia Human error

23 Security/Auth for Mac's23 Non-crypto issues Many security failures are not the crypto Protocol implementation issues User Interface issues New implementations->bugs Additional hardware and software needed

24 Security/Auth for Mac's24 Human factors Trouble getting people to do extra work Entropy generation is hard pass phrases can be forgotten stigma issues fear issues

25 Security/Auth for Mac's25 Threat Issues Fancy screens -- information leakage Fancy plastic -- case hacking Risk of using hardware tokens Misuse of hardware acceleration Wide use -- better target

26 Security/Auth for Mac's26 Rodney Thayer rodney@tillerman.to Presentation is at: http://www.pkiclue.com/presentations


Download ppt "Internet Security and Authentication Issues (for a Machine with a Fruit on the Front) Rodney Thayer."

Similar presentations


Ads by Google