Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Workshop on Resilient Financial-Information Systems Sponsors: Treasury Dept. and NSF Dates: March 7 and 8, 2005 Location: Treasury Dept. Headquarters,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Workshop on Resilient Financial-Information Systems Sponsors: Treasury Dept. and NSF Dates: March 7 and 8, 2005 Location: Treasury Dept. Headquarters,"— Presentation transcript:

1 1 Workshop on Resilient Financial-Information Systems Sponsors: Treasury Dept. and NSF Dates: March 7 and 8, 2005 Location: Treasury Dept. Headquarters, Washington, DC Session Topic: Large-scale ID Theft Session Chairs: Steve Bellovin and Joan Feigenbaum

2 2 ID Theft in the Financial Industry Essentially not a new problem Large-scale authentication and authorization (A&A) systems are hard to build, deploy, and use. See two relevant NRC reports: http://books.nap.edu/html/id_questions/ http://www.nap.edu/catalog/10656.html Research is ongoing in authentication and authorization. The financial industry should consider participating in it, through academic- industrial partnerships and grants.

3 3 Some (Known) Goals and Challenges Improve the security of foundation documents. Improve the human-factors aspects of A&A systems. –Need experimental work on how users perceive trust. –Need experimental work on how and why servers accept credentials. –Need work on human-factors aspects of system administration. Provide better ways to create and manage private-public key pairs, e.g., to enable users to control client-side certificates.

4 4 Goals and challenges (2) Experiment with technology that enables large-scale, asymmetric A&A. Improve regulation and/or liability to require and/or encourage those in a position to prevent ID theft to do so. –Align contol and incentives. –Design network protocols that allow the appropriate incentives to be expressed. Insist that “ID systems” be well defined and well understood; avoid function creep.

5 5 Goals and challenges (3) Improve understanding of long-lived and infrequently used A&A information. Improve fallback A&A systems, which are currently slow and insecure. The fallback system should be at least as secure as the standard system. Narrow the security gap between computers and their users.

6 6 Goals and challenges (4) Improve information-sharing capabilities in the context of A&A. –Explore applicability of secure, multiparty protocols in the financial-industry context. –Explore extensions of current trusted- third-party models to information sharing. Are there legal and business barriers?

7 7 Goals and challenges (5) Improve human interface to and usability of security systems.

8 8 Phishing is a Problem A large part of the problem is the lack of usable bi-lateral authentication. You can’t trust your computer, and neither can the authenticator. What you see is NOT what you get. The need to test and deploy anti-phishing tools is an opportunity for academic-industrial cooperation. Need large-scale experiments with real systems to evaluate attacks and defenses.

9 9 Research program structure We need new modes of funding and doing research. Interdisciplinary and cross-sectoral. Propose projects jointly led by researchers, financial-sector professionals, and government program managers. Potential model: NSF digital-government program.

Download ppt "1 Workshop on Resilient Financial-Information Systems Sponsors: Treasury Dept. and NSF Dates: March 7 and 8, 2005 Location: Treasury Dept. Headquarters,"

Similar presentations

Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.

Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.
Network Science and Engineering (NetSE) Research Agenda: v1.0 5 th GENI Engineering Conference Seattle, WA 21 July 2009 Ellen Zegura, Georgia Tech.

Network Science and Engineering (NetSE) Research Agenda: v1.0 5 th GENI Engineering Conference Seattle, WA 21 July 2009 Ellen Zegura, Georgia Tech.
Catalyzing Transformation Undergraduate Biology Education Judith A. Verbeke, Acting Division Director Division of Biological Infrastructure Biological.

Catalyzing Transformation Undergraduate Biology Education Judith A. Verbeke, Acting Division Director Division of Biological Infrastructure Biological.
1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.

1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
GENI: Global Environment for Networking Innovations Larry Landweber Senior Advisor NSF:CISE Joint Techs Madison, WI July 17, 2006.

GENI: Global Environment for Networking Innovations Larry Landweber Senior Advisor NSF:CISE Joint Techs Madison, WI July 17, 2006.
Workshop 501 and 505 Review barriers to communication

Workshop 501 and 505 Review barriers to communication
EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.

EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.
New York State Workforce Investment Board Healthcare Workforce Development Subcommittee Planning Grant 10-284 Overview.

New York State Workforce Investment Board Healthcare Workforce Development Subcommittee Planning Grant Overview.
G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks.

G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University

1 GENI: Global Environment for Network Innovations Jennifer Rexford Princeton University
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Geneva, Switzerland, 15-16 September 2014 Introduction of ISO/IEC 29003 Identity Proofing Patrick Curry Director, British Business Federation Authority.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Overview Summary from Africa and ASEAN assistance Dr. Peter Pembleton, UNIDO.

Overview Summary from Africa and ASEAN assistance Dr. Peter Pembleton, UNIDO.
Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.

Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.
Engineering & Physical Sciences Research Council.

Engineering & Physical Sciences Research Council.
EU cooperation, EU projects and their implications Simone Fischer-Hübner Karlstad University.

EU cooperation, EU projects and their implications Simone Fischer-Hübner Karlstad University.
CNRI Handle System and its Applications

CNRI Handle System and its Applications
US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.

US NITRD LSN-MAGIC Coordinating Team – Organization and Goals Richard Carlson NGNS Program Manager, Research Division, Office of Advanced Scientific Computing.

Similar presentations

Ads by Google