Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006.

Slides:



Advertisements
Similar presentations
The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Advertisements

EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU
Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.
Online Holiday Shopping Brings Great Deals – and Fraud This lesson is part of the iKeepCurrent TM Program, provided by iKeepSafe TM.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Today you will learn about… Cryptology –Encryption and decryption –Secure vs. nonsecure websites Protecting your identity online Internet safety rules.
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
People Technical AdvisorsAcademic AdvisorFinal Project By Prof. Shlomi Dolev Prof. Ehud Gudes Boaz Hilemsky Dr. Aryeh Kontorovich Moran Cohavi Gil Sadis.
CMU Usable Privacy and Security Laboratory A Brief History of Semantic Attacks or How Not to Get Screwed Online Serge Egelman.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Four Two Rants on Mobile Computing Jason I. Hong Feb Carnegie Mellon University Intel Ultra-Mobile Devices Workshop.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
SSL From Your Smartphone Support for Android Smartphones /
BUSINESS CONTINUITY PLANNING FOR SMALL TO MEDIUM ENTERPRISES Presented and written by Jamie Whitford-Robson Corporate Business Continuity Lead.
Our Digital World Second Edition
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Secure Online USB Login System. Everything is going online Social Interactions Banking Transactions Meetings Businesses... including all sorts of crimes.
Innovative Secure Payment Solutions John QIAN Senior Manager March,
Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.
Cyber Crimes.
TITLE : E-SAFETY NAME : ABDUL HAFIQ ISKANDAR BIN ROZLAN PROGRAM : SR221 NO.STUDENT :
PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.
TOPPHONEBELGIUM.BE THE PIN CODE DATABASE. TOPPHONEBELGIUM.BE INTRODUCTION TO THE COMPANY TOP PHONE Active in telecom since 1996 Based in Antwerpen but.
IT security By Tilly Gerlack.
2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.
Cyber Security… Compiled by J. Camp Benfer Elementary Klein ISD March 2009 …or How to Keep Your Computer & Your Personal Information Safer …or How to Keep.
Internet and Social Media Security. Outline Statistics Facebook Hacking and Security Data Encryption Cell Phone Hacking.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Security in ERP Systems By Jason Rhodewalt & Marcel Gibson.
 Introduction to Computing  Computer Programming  Terrorisom.
0 1 WHAT KEEPS USERS AWAY? 2 47% 46% 43% 39% 40% 50% 45% 34% 21% 15% 20% 19% 13% 26% 20% 12% I fear that my account information will be viewed by an unauthorized.
Institute for Security Technology Studies Dartmouth College Digital Living 2010: Sensors, Privacy, and Trust David Kotz September 2005.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Activity 3 Identifying the Risks. Questions What do you do online? What sort of sites do you visit? Have you ever had a bad experience online?
IDENTITY THEFT By Deshano Dottery. FASTEST GROWING PROBLEM IN AMERICA Approximatley 15 million victims per year Approximatley 15 million victims per year.
An Online learning journal system. Staff record children's progress and activities using tablet devices and PCs. Parents can view their child’s journal.
Usable Privacy and Security and Mobile Social Services Jason Hong
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Usable Privacy and Security.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
5.6- Demonstrate how to be a responsible consumer in the 21 st century Roll Call Question: Something that you learned in this unit.
An Online learning journal system. Staff record children's progress and activities using tablet devices and PCs. Parents can view their child’s journal.
The Benefits of Using Virtual Merchant. EMV cards have been extremely popular in recent times and it’s one of the greatest technological advances in recent.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
BEL1014: E-Commerce Tutorial 3 "Online Security and Payment" Alpha Book BC100E Tutor: Mr Faras Zuhair Done by: Enkhzul Sukhbayar Melody Sarli.
What Is Tapestry? An Online learning journal system.
Ways to protect yourself against hackers
What Is Tapestry? An Online learning journal system.
Information Technology Services Education and Awareness Team
Strong Password Protocols
Check Point Connectra NGX R60
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Implementing Client Security on Windows 2000 and Windows XP Level 150
What Is Tapestry? An Online learning journal system.
Information Technology Services Education and Awareness Team
Company Name | Phone Number | Website | Address
Presentation transcript:

Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April

My Position

No Secure Mobile Computing Soon Lots of important info on mobile devices Usability issues Cultural issues Economic issues

Lots of important info on mobile devices This was just March 2006

Lots of important info on mobile devices More and more devices out there More and more valuable data and services on devices –M-Commerce with mobile phones –Browser history and passwords –Unlock doors to home –Paris Hilton photos!!!! Observation: More and more incentives for theft –Steal and resell on EBay –Steal and punch through corporate firewalls –Mobile spyware (tracks location, already starting)

Usability Issues ~20% of WiFi access points returned –People couldn’t figure out how to make it work My guess: ~80% of unsecured WiFi access points –When you are mobile, risk of eavesdroppers –Computer security too hard to understand, too hard to setup

Usability Issues Phishing really really works –Exact numbers hard to find, but LOTS of people fall for them Semantic gap between us and everyday users –SSL, certificates, encryption, man-in-the-middle attacks –But simple phishing is stunningly effective Observation: need security models that are invisible (managed by others) or extremely easy to understand “Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead

Cultural Issues Browser Cookies –Originally meant for maintaining state –Now a pervasive means for tracking people online –Embedded in every browser, hard to change Observation: Security hard issue to wrap brain around –Hard to assess risk of low-probability event in future –Adds to cost of development for uncertain benefit –Thus, often done as an afterthought (ie too late)

Economic Issues

Estimated cost of phishing in US is ~$5 billion Solutions already exist –Two-factor authentication – authentication But: –Non-computer scams ~$200 billion –Estimated cost of implementation > $5 billion Observation: Many solutions are out there, but: –Need to align needs of various parties (politics) –Need incentives (cost-benefit, law) Observation: Scammers getting more sophisticated –Market for scammers (setup + steal, mules, bookkeeping) –“Build it, and scammers will also come”

No Secure Mobile Computing Soon Lots of important info on mobile devices Usability issues Cultural issues Economic issues IEEE Computer, Dec 2005 “Minimizing Security Risks in Ubicomp Systems” Invisible Computing Column

Cultural Issues 1 Algorithm for handling important societal issues in the United States Wait for disaster to Happen If (disaster == true) { willSomeonePleaseThinkOfTheChildren() legislate() || overreact() } Repeat Observation: Slow and suboptimal

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.