Panel on Secure Mobile Computing at HotMobile2006
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Panel on Secure Mobile Computing at HotMobile2006

on

  • 134 views

Some thoughts on privacy and security in the context of mobile computing. Presented at HotMobile 2006.

Some thoughts on privacy and security in the context of mobile computing. Presented at HotMobile 2006.

Statistics

Views

Total Views
134
Views on SlideShare
134
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Prototyping and Building panel Privacy effects often play out across widely distributed systems of users, devices, and connections. Can future systems be constructed differently in order to realize better models of privacy? Will our existing systems need to be replaced, or can they be overlayed with new functionalities? How can large-scale systems that are yet to be built be evaluated through smaller-scale and shorter-term prototyping? Assistant Professor at CMU HCII Human-computer interaction and systems building background
  • http://news.bbc.co.uk/1/hi/business/4838762.stm
  • http://news.bbc.co.uk/1/hi/business/4838762.stm

Panel on Secure Mobile Computing at HotMobile2006 Presentation Transcript

  • 1. Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006
  • 2. My Position
  • 3. No Secure Mobile Computing Soon • Lots of important info on mobile devices • Usability issues • Cultural issues • Economic issues
  • 4. Lots of important info on mobile devices This was just March 2006
  • 5. Lots of important info on mobile devices • More and more devices out there • More and more valuable data and services on devices – M-Commerce with mobile phones – Browser history and passwords – Unlock doors to home – Paris Hilton photos!!!! • Observation: More and more incentives for theft – Steal and resell on EBay – Steal and punch through corporate firewalls – Mobile spyware (tracks location, already starting)
  • 6. Usability Issues • ~20% of WiFi access points returned – People couldn’t figure out how to make it work • My guess: ~80% of unsecured WiFi access points – When you are mobile, risk of eavesdroppers – Computer security too hard to understand, too hard to setup
  • 7. Usability Issues • Phishing really really works – Exact numbers hard to find, but LOTS of people fall for them • Semantic gap between us and everyday users – SSL, certificates, encryption, man-in-the-middle attacks – But simple phishing is stunningly effective • Observation: need security models that are invisible (managed by others) or extremely easy to understand “Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead
  • 8. Cultural Issues • Browser Cookies – Originally meant for maintaining state – Now a pervasive means for tracking people online – Embedded in every browser, hard to change • Observation: Security hard issue to wrap brain around – Hard to assess risk of low-probability event in future – Adds to cost of development for uncertain benefit – Thus, often done as an afterthought (ie too late)
  • 9. Economic Issues
  • 10. Economic Issues • Estimated cost of phishing in US is ~$5 billion • Solutions already exist – Two-factor authentication – Email authentication • But: – Non-computer scams ~$200 billion – Estimated cost of implementation > $5 billion • Observation: Many solutions are out there, but: – Need to align needs of various parties (politics) – Need incentives (cost-benefit, law) • Observation: Scammers getting more sophisticated – Market for scammers (setup + steal, mules, bookkeeping) – “Build it, and scammers will also come”
  • 11. No Secure Mobile Computing Soon • Lots of important info on mobile devices • Usability issues • Cultural issues • Economic issues IEEE Computer, Dec 2005 “Minimizing Security Risks in Ubicomp Systems” Invisible Computing Column
  • 12. Cultural Issues 1 • Algorithm for handling important societal issues in the United States Wait for disaster to Happen If (disaster == true) { willSomeonePleaseThinkOfTheChildren() legislate() || overreact() } Repeat • Observation: Slow and suboptimal