Your SlideShare is downloading. ×
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Panel on Secure Mobile Computing at HotMobile2006
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Panel on Secure Mobile Computing at HotMobile2006

74

Published on

Some thoughts on privacy and security in the context of mobile computing. Presented at HotMobile 2006.

Some thoughts on privacy and security in the context of mobile computing. Presented at HotMobile 2006.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
74
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Prototyping and Building panel Privacy effects often play out across widely distributed systems of users, devices, and connections. Can future systems be constructed differently in order to realize better models of privacy? Will our existing systems need to be replaced, or can they be overlayed with new functionalities? How can large-scale systems that are yet to be built be evaluated through smaller-scale and shorter-term prototyping? Assistant Professor at CMU HCII Human-computer interaction and systems building background
  • http://news.bbc.co.uk/1/hi/business/4838762.stm
  • http://news.bbc.co.uk/1/hi/business/4838762.stm
  • Transcript

    • 1. Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006
    • 2. My Position
    • 3. No Secure Mobile Computing Soon • Lots of important info on mobile devices • Usability issues • Cultural issues • Economic issues
    • 4. Lots of important info on mobile devices This was just March 2006
    • 5. Lots of important info on mobile devices • More and more devices out there • More and more valuable data and services on devices – M-Commerce with mobile phones – Browser history and passwords – Unlock doors to home – Paris Hilton photos!!!! • Observation: More and more incentives for theft – Steal and resell on EBay – Steal and punch through corporate firewalls – Mobile spyware (tracks location, already starting)
    • 6. Usability Issues • ~20% of WiFi access points returned – People couldn’t figure out how to make it work • My guess: ~80% of unsecured WiFi access points – When you are mobile, risk of eavesdroppers – Computer security too hard to understand, too hard to setup
    • 7. Usability Issues • Phishing really really works – Exact numbers hard to find, but LOTS of people fall for them • Semantic gap between us and everyday users – SSL, certificates, encryption, man-in-the-middle attacks – But simple phishing is stunningly effective • Observation: need security models that are invisible (managed by others) or extremely easy to understand “Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead
    • 8. Cultural Issues • Browser Cookies – Originally meant for maintaining state – Now a pervasive means for tracking people online – Embedded in every browser, hard to change • Observation: Security hard issue to wrap brain around – Hard to assess risk of low-probability event in future – Adds to cost of development for uncertain benefit – Thus, often done as an afterthought (ie too late)
    • 9. Economic Issues
    • 10. Economic Issues • Estimated cost of phishing in US is ~$5 billion • Solutions already exist – Two-factor authentication – Email authentication • But: – Non-computer scams ~$200 billion – Estimated cost of implementation > $5 billion • Observation: Many solutions are out there, but: – Need to align needs of various parties (politics) – Need incentives (cost-benefit, law) • Observation: Scammers getting more sophisticated – Market for scammers (setup + steal, mules, bookkeeping) – “Build it, and scammers will also come”
    • 11. No Secure Mobile Computing Soon • Lots of important info on mobile devices • Usability issues • Cultural issues • Economic issues IEEE Computer, Dec 2005 “Minimizing Security Risks in Ubicomp Systems” Invisible Computing Column
    • 12. Cultural Issues 1 • Algorithm for handling important societal issues in the United States Wait for disaster to Happen If (disaster == true) { willSomeonePleaseThinkOfTheChildren() legislate() || overreact() } Repeat • Observation: Slow and suboptimal

    ×