Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.

Slides:



Advertisements
Similar presentations
The impact of IT Around the world By Eddie Cole. The positive social impacts of IT Social networking sites are huge now, bringing in hundreds of millions.
Advertisements

Designing an Authentication System Kerberos; mans best three-headed friend?
POSSIBLE THREATS TO DATA
1 Security in Wireless Protocols Bluetooth, , ZigBee.
Chapter 1  Introduction 1 Chapter 1: Introduction.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
FIT3105 Smart card based authentication and identity management Lecture 4.
Introduction to ubiquitous security Kevin Wang. Scenario Take photos Ask position Position voice Time More information.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Internet Security Passwords.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Security and Privacy in Ubiquitous Computing. Agenda Project issues? Project issues? Ubicomp quick overview Ubicomp quick overview Privacy and security.
Do you know how to keep yourself safe?
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chapter 13 Network Security. Contents Definition of information security Role of network security Vulnerabilities, threats and controls Network security.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.
BUSINESS B1 Information Security.
How can you protect yourself from online identity theft?
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Identity Theft What is Identity Theft?  Identity theft is a serious crime. Identity theft happens when someone uses information about you without your.
@Yuan Xue CS 285 Network Security Fall 2008.
SECURITY ENGINEERING 2 April 2013 William W. McMillan.
STAY SAFE!! Don’t fall for the same old tricks !!.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
 Introduction to Computing  Computer Programming  Terrorisom.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Topic 5: Basic Security.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Chap1: Is there a Security Problem in Computing?.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Embedded system security
Android and IOS Permissions Why are they here and what do they want from me?
Secure Quick Reliable Login ● SQRL pronounced “squirrel”. ● Acronym confusion – QR no longer stands for “Quick Response” two-dimensional bar codes. Optional.
Challenge/Response Authentication
Done by… Hanoof Al-Khaldi Information Assurance
Port Knocking Benjamin DiYanni.
SSL Certificates for Secure Websites
Challenge/Response Authentication
Security Shmuel Wimer prepared and instructed by
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Erica Burch Jesse Forrest
Mohammad Alauthman Computer Security Mohammad Alauthman
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Frank Stajano Presented by Patrick Davis 1

 Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life  Pervasive Computing  Invisible / Disappearing Computing  Sentient Computing  Ambient Intelligence  Calm computing ◦ Different things to different people  Security ◦ A virus broke my toaster and now my freezer won’t work! 2

 Security is Risk Management  Defender thinks about ◦ I have gold in my house - Asset ◦ Someone can steal my gold - Threats ◦ I leave the front door unlocked - Vulnerabilities ◦ A thief can walk into the front door - Attacks ◦ It costs a lot of money to replace the gold -Risks ◦ Get a few dogs – Safeguards ◦ Release the hounds - Countermeasure 3

 Not a complete list but traditionally… ◦ Confidentiality ◦ Integrity ◦ Availability  To mitigate these risks ◦ Authentication  Identification  Verification ◦ Authorization 4

 Mobile Phone ◦ What do you lose if some one steals the device  Cost of the device  Information On the device  Availability of the device  Your Identification (if the phone is used as a credit card) ◦ What if the phone is hacked. (How do you know it isn’t)  Information on the phone is compromised  Components on the phone are compromised  Microphone  Your current location  Your current soundings 5

 How important does it seem to be?  How important is it?  Think like the enemy… 6

 What happens when you record every aspect of your life. ◦ What if I wore one?  What kind of things would you be ok with sharing  How much do you want protect these ◦ From your own memory loss ◦ From hackers  How close are we to this already 7

 Phones are sending location back almost 24 hours a day  One of the ways to get maintain privacy is to make each location marker anonymous  Another way is to have the interested parties broad cast their services and the users pickup or disregard those services as needed  The author disregards the situation where the location of any user (anonymous or not) is a security risk 8

 Basically barcodes that can remotely identify themselves  Can be powered by the request to read the tag  Economics of scale should bring down the price of RFIDs  Can be used as machine vision where as the vision is basically viewed as positions of the RFIDs  Are limited in processing ability meaning cryptology is limited 9

 Some Safe Guards are ◦ Killing the Tag ◦ Hash-based access control ◦ Randomized Access Control ◦ Silent tree walking ◦ Blocker-tag ◦ Anti-Counterfeiting using PUFs ◦ Distance bounding protocols ◦ Multi-Factor Access Control in e-passports 10

 In UbiComp the server authenticates the client and if it is allowed does the requested actions.  A couple principles in authentication ◦ Big Stick ◦ Resurrecting Duckling ◦ Multi Channel Protocols 11

 The mother duck is the master and the duckling is the slave  Based on a set of four principles ◦ Two State principle ◦ Imprinting Principle ◦ Death Principle ◦ Assassination Principle 12

 Data Origin Authenticity  DiffieHellman key exchange  Man in the middle attack  Have two channels ◦ A high capacity Channel for “long” messages ◦ A low capacity Channel for Data-Origin authentication 13

 Do you really like entering your password for every site?  Why do we have single sign on or Identity Management (Face book sign on)  How do we get around password ◦ Tokens ◦ Biometrics 14

 Security is only to prevent dishonest people from performing bad Actions  This often gets in the way of honest user’s activities  Tax on the honest 15

 We must view though someone else's eyes ◦ The attacker ◦ The user  Quote: ◦ Security cannot depend upon the user’s ability to read a message from the computer and act in an informed and sensible manner […] a machine must be secure out of the factory if given to a user who cannot read ◦ Meaning the security glove must fit the user comfortably but still stop the attacker 16

 Systems are sold on the basis of features.  Customers really only care about security in terms of particular scenarios  Security features cost money to implement clients see security as an extra or just another feature that they never see.  Again how important is privacy… ◦ Client must have a bad experience with security in order to see the importance of good security 17

18 QUESTIONS?