Panel on Secure Mobile Computing at HotMobile2006


Published on

Some thoughts on privacy and security in the context of mobile computing. Presented at HotMobile 2006.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Prototyping and Building panel Privacy effects often play out across widely distributed systems of users, devices, and connections. Can future systems be constructed differently in order to realize better models of privacy? Will our existing systems need to be replaced, or can they be overlayed with new functionalities? How can large-scale systems that are yet to be built be evaluated through smaller-scale and shorter-term prototyping? Assistant Professor at CMU HCII Human-computer interaction and systems building background
  • Panel on Secure Mobile Computing at HotMobile2006

    1. 1. Can We Achieve Secure Mobile Computing Anytime Soon? Jason I. Hong WMCSA2006 April 7 2006
    2. 2. My Position
    3. 3. No Secure Mobile Computing Soon • Lots of important info on mobile devices • Usability issues • Cultural issues • Economic issues
    4. 4. Lots of important info on mobile devices This was just March 2006
    5. 5. Lots of important info on mobile devices • More and more devices out there • More and more valuable data and services on devices – M-Commerce with mobile phones – Browser history and passwords – Unlock doors to home – Paris Hilton photos!!!! • Observation: More and more incentives for theft – Steal and resell on EBay – Steal and punch through corporate firewalls – Mobile spyware (tracks location, already starting)
    6. 6. Usability Issues • ~20% of WiFi access points returned – People couldn’t figure out how to make it work • My guess: ~80% of unsecured WiFi access points – When you are mobile, risk of eavesdroppers – Computer security too hard to understand, too hard to setup
    7. 7. Usability Issues • Phishing really really works – Exact numbers hard to find, but LOTS of people fall for them • Semantic gap between us and everyday users – SSL, certificates, encryption, man-in-the-middle attacks – But simple phishing is stunningly effective • Observation: need security models that are invisible (managed by others) or extremely easy to understand “Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead
    8. 8. Cultural Issues • Browser Cookies – Originally meant for maintaining state – Now a pervasive means for tracking people online – Embedded in every browser, hard to change • Observation: Security hard issue to wrap brain around – Hard to assess risk of low-probability event in future – Adds to cost of development for uncertain benefit – Thus, often done as an afterthought (ie too late)
    9. 9. Economic Issues
    10. 10. Economic Issues • Estimated cost of phishing in US is ~$5 billion • Solutions already exist – Two-factor authentication – Email authentication • But: – Non-computer scams ~$200 billion – Estimated cost of implementation > $5 billion • Observation: Many solutions are out there, but: – Need to align needs of various parties (politics) – Need incentives (cost-benefit, law) • Observation: Scammers getting more sophisticated – Market for scammers (setup + steal, mules, bookkeeping) – “Build it, and scammers will also come”
    11. 11. No Secure Mobile Computing Soon • Lots of important info on mobile devices • Usability issues • Cultural issues • Economic issues IEEE Computer, Dec 2005 “Minimizing Security Risks in Ubicomp Systems” Invisible Computing Column
    12. 12. Cultural Issues 1 • Algorithm for handling important societal issues in the United States Wait for disaster to Happen If (disaster == true) { willSomeonePleaseThinkOfTheChildren() legislate() || overreact() } Repeat • Observation: Slow and suboptimal