Catálogo de publicaciones - libros

The theme of the workshop is that the system likes you and wants to be your friend, so rather than look directly at security issues, I’m going to consider whether my system is actually friendly, and see if there are any observations that may be helpful to us in improving the security.

I start off by looking at some of my experience with trying to use DNS from a bog standard PC. Now you might say that DNS is rather an easy target to attack from a security perspective, but what I’m going to address here isn’t really the security aspect of it, it’s just the way that this system seems to behave.

Protecting users’ privacy is essential for turning networks and services into trustworthy friends. Many privacy enhancing techniques, such as anonymous e-cash and mix-nets, have been proposed to make users more comfortable in their network usage. These techniques, in turn, usually rely on very basic security mechanisms, e.g., confidentiality protection, for their realization. But these mechanisms are also used for other security related reasons.

In this paper, we make some new observations on how security can degrade privacy. For example, using security as a component of an advanced privacy enhancing technique may not have the effect we expect; i.e., too careless application of security may defeat the assumed privacy gains. In particular, introducing new identifiers may make it to track users. This effect is especially harmful to mobile users. Even in cases when privacy is not the main driver for the use of security, we believe that identifiers require special attention in some circumstances.

We propose a mechanism, which we call to allow the communicating parties to continuously change the identifiers they use, without any signalling and without adverse affects on realibility or security.

As a number of times before, I’m trying to make a very simple presentation, to present a very simple idea. To me, this one looks almost too simple; maybe somebody else has already made this observation, and if so I’d like to hear about that. I’m diverging from this year’s theme and what I’m going to say is that, at least in some cases, security can be the system’s friend. So, in this case instead of the system is being your friend, security is now going to be the system’s friend, more or less.

J. L. Austin’s theory of speech acts [1] identifies two classes of utterance:

A revised version of his theory recogised that some utterances can belong to both classes simultaneously. In this revised theory, locutions can have a illocutory aspect (doing something) and a perlocutory aspect (changing the recipients’ emotions or state of mind, by persuading them).

Way back in the 1950s, when computer science and communications engineering were really just beginning, there was a great deal of enthusiasm for treating human beings as if they were machines. There was Alan Turing’s work on the Turing Test, and there was Norbert Weiner’s work on cybernetics. Claude Lévi-Strauss, the anthropologist, was inspired by all of this to go and use some stolen computer science and communications engineering ideas in anthropology. To do that you need to bash the concepts about so much that they’re barely recognisable. After its success in anthropology, Lévi-Stauss’s approach – by then known as “structuralism” – was applied to literary criticism. And then a certain amount of scepticism set in that this didn’t quite work or wasn’t quite right.

Some are wondering whether due to the appearance of spyware, insecure wireless LAN, the increase in spam, the persistence of computer viruses and worms, home users may renounce on PCs. They state, for example, that setting up a secure wireless LAN is not trivial for many users, or that users are unaware since the default comes without security.

Anderson gave an economic reason why Microsoft gave information security a low priority. In this paper we analyze some scenarios where users want userfriendly security and setting it up is far from trivial. We try to find technical reasons and folklore scientific explanations why some security problems have either not been taken into account, or why, when they have, they are not doing the best job, or why they are so user-unfriendly.

When I saw the call for papers for this workshop, I said, no, computers do not love us, and we don’t love computers, in particular when we’re looking from the viewpoint of information security. If we would love computers they would be much nore user-friendly, and so that’s why I’m talking about understanding why some network protocols are user-unfriendly.

We can see that security products may be user-unfriendly for the average user, but what’s more surprising to see is that security products today are even user-unfriendly for system managers, and I will give some examples of that.

So what are the problems with security products? I claim that security experts also have problems with security products, and we heard this morning from Mark Lomas, who basically had similar feelings about that as myself. So, that’s a problem. I’m going to describe some problems, and then I’m going to describe what the possible technical reasons are that some of these problems pop up. And then we need to learn the lessons from that, and that’s how we’ll conclude.

We propose a new framework for authentication mechanisms that seek to interact with users in a friendlier way. Human or community-centric authentication supports to users who fail an initial attempt to identify themselves. This limited access enables them to communicate with their peer community to achieve authentication. The actions of users with vanilla access can be in case they do not progress to full authentication status.

This mechanism is supported by a peer community trust infrastructure that exploits the effectiveness that humans have in understanding their communal roles in order to mitigate their lesser skill in remembering passwords or pins. The techniques involved essentially implement a human-centric key escrow and recovery mechanism.

This is a story of Alice, and she just got transferred to a new department. She was warned not to use a computer system but since it looked familiar enough, I mean, a computer system is just another computer system, she of course didn’t read the manual, she probably wouldn’t be holding the job if every time she needed to learn something else she had to look at the manual. So the address book has a very different feature, it has something called a trusted circle, and because it was the first time that Alice was learning the software, she was prompted to add persons to her circle of trust, so she decided to add her friend Marla, but she didn’t try to find out what that meant very carefully. She got an interesting message like this, this is the only member of your trusted circle, to have access to your computer files, OK. She didn’t know what to do so she just continued, she was very busy on her first day of work, the following day she realises that with all the changes she doesn’t remember her password anymore, and it is now time to contact the sys admin, and she hates to do that, because the sys admin is not very user-friendly. So she tries to guess the password, I guess all of us have one time forgot the password and tried to guess it. She logs in, but nothing is in her file system, she has no email inbox, her files have vanished, OK, so she is in a limbo. She logged in apparently, she didn’t get any error messages, but nothing that she expected to see actually took place.

Among the most basic simplifying assumptions of modern communications security is the notion that most communication channels should, by their very nature, be considered vulnerable to interception. It has long been considered almost reckless to suggest depending on any supposed intrinsic security properties of the network itself, and especially foolish in complex, decentralized, heterogeneously-controlled networks such as the modern Internet. Orthodox doctrine is that any security must be either end-to-end (as with cryptography), or not considered to exist at all.

While this heuristic well serves cautious confidential communicators, it is unsatisfying from the point of view of the . Paradoxically, while end-to-end security may be a prerequisite to robust confidentiality in most networks, it does not follow that a of end-to-end security always makes it possible to eavesdrop.