By.
Durgeshwar Singh
Adversarial model
E.g., access to data/hardware, ability to corrupt,
communication assumptions, goals
Verification methods
Cryptographic reductions to assumptions, BAN logic
Implementation aspects
E.g., will the communication protocol leak information that
is considered secret in the application layer?
Deceit
Neglect
Configuration
te
ss
a
e
l
d
e
Wir are up
w
firm
wardriving
rootkitting
m
a
r
v
n
s
s
e
el
r
i
ing
t
t
W
e
s
e
u
val
Experiment Design
Gender Effects
80%
70%
Success Rate
60%
50%
40%
30%
20%
10%
0%
To Any
From
Any
To Female
From
Female
To Male
From
Male
To Male
To Female
To Any
From Male
53%
78%
68%
From Female
68%
76%
73%
From Any
65%
77%
72%
Reality:
1
A
4
eBay
3 credentials
Attack:
1 (spoof)
2 credentials
Experiment:
3(
sp
oo
f)
1
A
B
1
5 eBay
4 credentials
Yield (incl spam filtering loss): 11% +-3% eBay greeting removed: same
Mutual
authentication
in the real world
With Tsow,Shah,Blevis,Lim,
What Instills Trust? A
Qualitative Study of Phishing
(Abstract at Usable Security,
2007)
Jose Garcia
their marriage
license
www.browser-recon.info
Why?
$1
$15
Password Reset:
Typical Questions
Intuition
Preference-based authentication:
preferences are more stable than longterm memory (confirmed by psychology
research)
preferences are rarely documented (in
contrast to city of birth, brand of first car,
etc.) especially dislikes!
And next?
http://www. democratic-party.us/LiveEarth
http://www. democratic-party.us/LiveEarth
Countermeasures?
Technical
Better filters
CardSpace
OpenId
Educational
SecurityCartoon
Suitable user interfaces
Legal
Interesting?
Internships at PARC / meet over coffee / etc.
markus.jakobsson@parc.com