1 / 26

Internet Security and Authentication Issues

Internet Security and Authentication Issues. (for a Machine with a Fruit on the Front) Rodney Thayer. Topics. What’s the question? Security Applications Platform Dreams Security Considerations. What’s the Question?. Security and Authentication. Features required for applications

cheche
Download Presentation

Internet Security and Authentication Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security and Authentication Issues (for a Machine with a Fruit on the Front) Rodney Thayer

  2. Topics • What’s the question? • Security Applications • Platform Dreams • Security Considerations Security/Auth for Mac's

  3. What’s the Question? Security/Auth for Mac's

  4. Security and Authentication • Features required for applications • Features required for users • No bone-implant computing devices, yet • Opportunites for Mac applications • Real world requirements Security/Auth for Mac's

  5. Security Applications Security/Auth for Mac's

  6. Applications • Secure Web path • VPN Client • Secure Email • Secure client applications (e.g. router manager) • Credit Cards • Payment technologies • Identification schemes Security/Auth for Mac's

  7. Why Security or Authentication? • Money • Intellectual Property • Regulation • Privacy • Insurance • Property Protection Security/Auth for Mac's

  8. What’s Mac Specific? • Opportunity to exploit capabilities • Application set (e.g. multimedia) • Platform design opportunities • Other platforms suck, Macs could suck less Security/Auth for Mac's

  9. Secure Web Applications • Browsers, Java applications, Custom applications • Bulk encryption of data link • Authentication of end entities • Browser protocols using legacy SSL or TLS or beyond • light performance load Security/Auth for Mac's

  10. VPN Applications • Remote access to work group network • Road Warriors • Telecommuting • Wireless Networks • IPsec/SSH/Other Tunnels • Authentication and Bulk encryption • light to heavy performance load Security/Auth for Mac's

  11. Secure Email • Signed and/or Encrypted email among users and entities • Various standards, some even work ;-) • We wish we had authentication • authentication and limited bulk encryption • light to medium load Security/Auth for Mac's

  12. Media Applications • Post-Napster post-Superbowl audio/video • Payment applications • If encrypting, high performance load • Heavy performance load Security/Auth for Mac's

  13. Secure Client/Server • Applications that are security-aware • Network Management • Hard core commerce applications • all sorts of performance requirements Security/Auth for Mac's

  14. Platform Dreams Security/Auth for Mac's

  15. What do you want to encrypt today? • Any data I have • At any speed • Securely • Easily, from any application • Standards-based • Provided by vendor(?) Security/Auth for Mac's

  16. User Requirements • Zero extra blobs to carry • Practically interface to single package • No extra power requirements • No cost increase • Common interface • No extra steps (e.g. mouse wiggling) Security/Auth for Mac's

  17. Application Requirements • Access to authentication protocols • Access to encryption protocols • Token capabilities (key rings) • Hardware encryption capability • Secure memory • Two-factor capability (fingerprint, retinal, etc. Security/Auth for Mac's

  18. Crypto Requirements • Public key cryptography (RSA, EC, DSA) • Large keys -- 1024/2048/etc. • Symmentric Ciphers (3DES, AES) • Hardware tokens • Zeroization capability • Physical/Electrical security Security/Auth for Mac's

  19. What about the Mac? • Opportunities to design in features • Token access • Hardware crypto • Entropy Generation • Biometric devices • Suck Less Security/Auth for Mac's

  20. Security Considerations Security/Auth for Mac's

  21. Issues • Crypto Issues • Non-crypto issues • Human factors • Packaging Security/Auth for Mac's

  22. Crypto Issues • Parameters: key size, etc. • Design choices of algorithms -- licensing, embedded software issues • Installed base intertia • Human error Security/Auth for Mac's

  23. Non-crypto issues • Many security failures are not the crypto • Protocol implementation issues • User Interface issues • New implementations->bugs • Additional hardware and software needed Security/Auth for Mac's

  24. Human factors • Trouble getting people to do extra work • Entropy generation is hard • pass phrases can be forgotten • stigma issues • fear issues Security/Auth for Mac's

  25. Threat Issues • Fancy screens -- information leakage • Fancy plastic -- case hacking • Risk of using hardware tokens • Misuse of hardware acceleration • Wide use -- better target Security/Auth for Mac's

  26. Rodney Thayer rodney@tillerman.to Presentation is at: http://www.pkiclue.com/presentations Security/Auth for Mac's

More Related