Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) - - PowerPoint PPT Presentation

secure mobile ad hoc interactions reasoning about out of
SMART_READER_LITE
LIVE PREVIEW

Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) - - PowerPoint PPT Presentation

Apr 01, 2023 362 likes •539 views

Introduction Framework Application Conclusion Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels Ronald Kainda, Ivan Flechais, A.W. Roscoe International Workshop on Security and Privacy in Spontaneous Interaction

slide-1
SLIDE 1

Introduction Framework Application Conclusion

Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels

Ronald Kainda, Ivan Flechais, A.W. Roscoe

International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (IWSSI/SPMU) University of Helsinki, Finland

17 May, 2010

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-2
SLIDE 2

Introduction Framework Application Conclusion

Outline

1

Introduction

2

Framework Technical and contextual factors Human factors OOB Channels

3

Application

4

Conclusion

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-3
SLIDE 3

Introduction Framework Application Conclusion

Human-Interactive Security Protocols

N OOB

OOB = Out-Of-Band Channel, N = Normal Channel

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-4
SLIDE 4

Introduction Framework Application Conclusion

Limitations of existing OOB channels

User interfaces Device specific Similar devices Universal solution Scenario specific

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-5
SLIDE 5

Introduction Framework Application Conclusion

OOB channels - factors to consider

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-6
SLIDE 6

Introduction Framework Application Conclusion

OOB channels - factors to consider

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-7
SLIDE 7

Introduction Framework Application Conclusion

OOB channels - factors to consider

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-8
SLIDE 8

Introduction Framework Application Conclusion

OOB channels - factors to consider

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-9
SLIDE 9

Introduction Framework Application Conclusion

Technical and contextual factors

Contextual Social, physical, technological etc. Matching needs to immediate security concerns Changing context is a challenge

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-10
SLIDE 10

Introduction Framework Application Conclusion

Technical and contextual factors

Contextual Social, physical, technological etc. Matching needs to immediate security concerns Changing context is a challenge Technical Vulnerable to non-malicious users Complexity is bad for security Require technical expertise Security = technical solution + correct application within context

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-11
SLIDE 11

Introduction Framework Application Conclusion

Human factors

Personal variables Aware of security needs, unmotivated Users misconceive risk Social countermeasure Are vulnerable to lapses (human error?)

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-12
SLIDE 12

Introduction Framework Application Conclusion

Human factors

Personal variables Aware of security needs, unmotivated Users misconceive risk Social countermeasure Are vulnerable to lapses (human error?) Intentions Willingness to carry out a particular behaviour Attitude (beliefs) and motivation Security must be aligned with user goals

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-13
SLIDE 13

Introduction Framework Application Conclusion

Human factors

Personal variables Aware of security needs, unmotivated Users misconceive risk Social countermeasure Are vulnerable to lapses (human error?) Intentions Willingness to carry out a particular behaviour Attitude (beliefs) and motivation Security must be aligned with user goals Capability Perception Physical, mental, technological

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-14
SLIDE 14

Introduction Framework Application Conclusion

OOB channels

Target goals Secure Scalable Adaptation Fit for purpose

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-15
SLIDE 15

Introduction Framework Application Conclusion

Application of framework

Application Fits in User-Centred Design (UCD) process

Analysis, design, evaluate

Evaluation may be against theoretical specifications or empirical Outcome of evaluation used as feedback

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-16
SLIDE 16

Introduction Framework Application Conclusion

Summary and conclusion

Summary Proposed methods limited in application OOB channels must be evaluated against technical security requirements, human factors, and context Proposed framework identifies main elements Framework fits into UCD process Possibility of extending to other secure systems

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels

slide-17
SLIDE 17

Introduction Framework Application Conclusion

THANK YOU

Ronald Kainda, Ivan Flechais, A.W. Roscoe Framework for Reasoning About OOB Channels