Internet Security and Authentication Issues (for a Machine with a Fruit on the Front) Rodney Thayer.
-
Upload
piers-baldwin -
Category
Documents
-
view
216 -
download
2
Transcript of Internet Security and Authentication Issues (for a Machine with a Fruit on the Front) Rodney Thayer.
Internet Security and Authentication Issues
(for a Machine with a Fruit on the Front)
Rodney Thayer
Security/Auth for Mac's 2
Topics
• What’s the question?
• Security Applications
• Platform Dreams
• Security Considerations
Security/Auth for Mac's 3
What’s the Question?
Security/Auth for Mac's 4
Security and Authentication
• Features required for applications
• Features required for users
• No bone-implant computing devices, yet
• Opportunites for Mac applications
• Real world requirements
Security/Auth for Mac's 5
Security Applications
Security/Auth for Mac's 6
Applications
• Secure Web path• VPN Client• Secure Email• Secure client applications (e.g. router manager)• Credit Cards• Payment technologies• Identification schemes
Security/Auth for Mac's 7
Why Security or Authentication?
• Money• Intellectual Property• Regulation• Privacy• Insurance• Property Protection
Security/Auth for Mac's 8
What’s Mac Specific?
• Opportunity to exploit capabilities
• Application set (e.g. multimedia)
• Platform design opportunities
• Other platforms suck, Macs could suck less
Security/Auth for Mac's 9
Secure Web Applications
• Browsers, Java applications, Custom applications• Bulk encryption of data link• Authentication of end entities• Browser protocols using legacy SSL or TLS or
beyond• light performance load
Security/Auth for Mac's 10
VPN Applications
• Remote access to work group network
• Road Warriors
• Telecommuting
• Wireless Networks
• IPsec/SSH/Other Tunnels
• Authentication and Bulk encryption
• light to heavy performance load
Security/Auth for Mac's 11
Secure Email
• Signed and/or Encrypted email among users and entities
• Various standards, some even work ;-)• We wish we had authentication• authentication and limited bulk encryption• light to medium load
Security/Auth for Mac's 12
Media Applications
• Post-Napster post-Superbowl audio/video• Payment applications• If encrypting, high performance load• Heavy performance load
Security/Auth for Mac's 13
Secure Client/Server
• Applications that are security-aware• Network Management• Hard core commerce applications• all sorts of performance requirements
Security/Auth for Mac's 14
Platform Dreams
Security/Auth for Mac's 15
What do you want to encrypt today?
• Any data I have
• At any speed
• Securely
• Easily, from any application
• Standards-based
• Provided by vendor(?)
Security/Auth for Mac's 16
User Requirements
• Zero extra blobs to carry
• Practically interface to single package
• No extra power requirements
• No cost increase
• Common interface
• No extra steps (e.g. mouse wiggling)
Security/Auth for Mac's 17
Application Requirements
• Access to authentication protocols
• Access to encryption protocols
• Token capabilities (key rings)
• Hardware encryption capability
• Secure memory
• Two-factor capability (fingerprint, retinal, etc.
Security/Auth for Mac's 18
Crypto Requirements
• Public key cryptography (RSA, EC, DSA)
• Large keys -- 1024/2048/etc.
• Symmentric Ciphers (3DES, AES)
• Hardware tokens
• Zeroization capability
• Physical/Electrical security
Security/Auth for Mac's 19
What about the Mac?
• Opportunities to design in features
• Token access
• Hardware crypto
• Entropy Generation
• Biometric devices
• Suck Less
Security/Auth for Mac's 20
Security Considerations
Security/Auth for Mac's 21
Issues
• Crypto Issues
• Non-crypto issues
• Human factors
• Packaging
Security/Auth for Mac's 22
Crypto Issues
• Parameters: key size, etc.
• Design choices of algorithms -- licensing, embedded software issues
• Installed base intertia
• Human error
Security/Auth for Mac's 23
Non-crypto issues
• Many security failures are not the crypto
• Protocol implementation issues
• User Interface issues
• New implementations->bugs
• Additional hardware and software needed
Security/Auth for Mac's 24
Human factors
• Trouble getting people to do extra work
• Entropy generation is hard
• pass phrases can be forgotten
• stigma issues
• fear issues
Security/Auth for Mac's 25
Threat Issues
• Fancy screens -- information leakage
• Fancy plastic -- case hacking
• Risk of using hardware tokens
• Misuse of hardware acceleration
• Wide use -- better target
Security/Auth for Mac's 26
Rodney Thayer
Presentation is at: http://www.pkiclue.com/presentations