panel on secure mobile computing at hotmobile2006
DESCRIPTION
Some thoughts on privacy and security in the context of mobile computing. Presented at HotMobile 2006.TRANSCRIPT
![Page 1: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/1.jpg)
Can We Achieve Secure Mobile Computing Anytime Soon?
Jason I. Hong
WMCSA2006
April 7 2006
![Page 2: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/2.jpg)
My Position
![Page 3: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/3.jpg)
No Secure Mobile Computing Soon
• Lots of important info on mobile devices• Usability issues• Cultural issues• Economic issues
![Page 4: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/4.jpg)
Lots of important info on mobile devices
This was just March 2006
![Page 5: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/5.jpg)
Lots of important info on mobile devices
• More and more devices out there• More and more valuable data and services on
devices– M-Commerce with mobile phones– Browser history and passwords– Unlock doors to home– Paris Hilton photos!!!!
• Observation: More and more incentives for theft– Steal and resell on EBay– Steal and punch through corporate firewalls– Mobile spyware (tracks location, already starting)
![Page 6: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/6.jpg)
Usability Issues
• ~20% of WiFi access points returned– People couldn’t figure out how to make it work
• My guess: ~80% of unsecured WiFi access points– When you are mobile, risk of eavesdroppers
– Computer security too hard to understand, too hard to setup
![Page 7: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/7.jpg)
Usability Issues
• Phishing really really works– Exact numbers hard to find, but LOTS of people fall for them
• Semantic gap between us and everyday users– SSL, certificates, encryption, man-in-the-middle attacks
– But simple phishing is stunningly effective
• Observation: need security models that are invisible (managed by others) or extremely easy to understand
“Civilization advances by extending the number of operations we can perform without thinking about them.” - Alfred North Whitehead
![Page 8: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/8.jpg)
Cultural Issues
• Browser Cookies– Originally meant for maintaining state
– Now a pervasive means for tracking people online
– Embedded in every browser, hard to change
• Observation: Security hard issue to wrap brain around– Hard to assess risk of low-probability event in future
– Adds to cost of development for uncertain benefit
– Thus, often done as an afterthought (ie too late)
![Page 9: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/9.jpg)
Economic Issues
![Page 10: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/10.jpg)
Economic Issues
• Estimated cost of phishing in US is ~$5 billion• Solutions already exist
– Two-factor authentication– Email authentication
• But:– Non-computer scams ~$200 billion– Estimated cost of implementation > $5 billion
• Observation: Many solutions are out there, but: – Need to align needs of various parties (politics)– Need incentives (cost-benefit, law)
• Observation: Scammers getting more sophisticated– Market for scammers (setup + steal, mules, bookkeeping)– “Build it, and scammers will also come”
![Page 11: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/11.jpg)
No Secure Mobile Computing Soon
• Lots of important info on mobile devices• Usability issues• Cultural issues• Economic issues
IEEE Computer, Dec 2005“Minimizing Security Risks in Ubicomp Systems”Invisible Computing Column
![Page 12: Panel on Secure Mobile Computing at HotMobile2006](https://reader034.vdocuments.mx/reader034/viewer/2022051515/554ce4ebb4c905d1488b55a7/html5/thumbnails/12.jpg)
Cultural Issues 1
• Algorithm for handling important societal issues in the United States
Wait for disaster to Happen
If (disaster == true) {
willSomeonePleaseThinkOfTheChildren()
legislate() || overreact()
}
Repeat
• Observation: Slow and suboptimal