Recommendations – InScope and OutofScope

These are the same recommendations from the workshop, listed according to whether they fall in the scope of the WSC WG. The organizational designations have been dropped.

InScope

* Building on current relationship establishment procedures

“I guess I'm not fully sure what 'encrypted' means.” - user

* Tailoring the training to the specific user's needs, adapting to strengths and weaknesses

Concluding Remarks

analysis

Summary: 5 Key Principles of a Solution

  1. Trusted user interface for authentication must be based on a secret, since all user interface is spoofable.
  2. A trusted channel can’t be trusted, since an attacker can use a trusted channel.
  3. The client must authenticate the server, since an unauthenticated server can ask for confidential information.
  4. A cleartext password must not be revealed during any phase of authentication, since an attacker will fool the user into completing any standard process.
  5. The anti-phishing solution must integrate with existing password based authentication, since users are trained to use passwords.

The Internet Access Software

Innovation and standardization will present mitigating alternatives to online (and offline) risks Metadata tied to past personal actions, past community activity, and authority recommendations can combat large categories of web site scams – Design that makes all the metadata consistently usable – Attacks on both technical and social aspects of metadata – Gaps from anything not absolute Personalized visual indicators such as:

Conclusion:

If widely accepted this method of personalized visual and behavioral indicators can heighten an end-user consciousness of safe data sharing procedures over internet channels. Petname plugin Matching of TLS Certificate fields User controlled notation We should protect average Net users

* Certificate validation service: define configuration file

AmirHerzberg.com/TrustBar

Candidate Solution I: Secure Mode Browser

Security Mode

Secure Letterhead

Browser Support

LOGOTYPE Certificate Issuers

The SSR Record’s Capabilities Enables sites to raise security level of users’ configurations (exactly what Chuck Wade requested)

– Cipher, keylength, etc. – E.g. HTTPS using SSLv3 and AES-256

– E.g. no HTTP, no SHA1

– E.g. etrade.com + secure.us.etrade.com

– E.g. acceptable subdomains are login.w3.org, www.w3.org

* The interface should make it possible to access all information about the connection

* Anti-phishing databases

Conclusion

to avoid breaking the Internet

(we’re at a critical juncture here, and need to be wary of creating another failed metaphor like the padlock) Leverage new features

Write an extension

(I know this sounds like a cop-out, but it’s a really well proven model for innovation in our market)

OutofScope

The Financial Services Software Vendors

The Holy Grail - Strong Authentication:

Steps 2-10 - We Must Partner

We must form a long-term partnership to ensure that the critical online channel is not lost to fraud and other criminal operations We cannot afford to focus on securing only one channel . . .fraud will move to the path of least resistance Human verified content labels – Integration with mail infrastructure can provide additional benefits – Bootstrapping – Roaming, multiple computers – Human ingenuity x human naiveté

Candidate Solution II: PERSEUS

Security Architecture against MalwaredPhishing

isolation)

protects against Trojan horse attacks like faked dialogs)

are allowed to be executed, measures the application’s integrity

data

Summary

Proof-of-Concept for Online-Banking on-going

Challenges we face

New Metadata exchange protocol SSAApproaches Summary Approach ECP IDP shared secret IDP Portal Benefits Trusted intermediary (IDP) Limitations Inherent portal limitations Additional Component? Specification Involved ID-FF Changes to Client? No Possibly No General, active component manages meeting mutual authentication requirements Scalable shared secret with minimal client changes Requires enhanced client or proxy. Agreement on the representation of the secret and implementation on the client. Yes (Enhanced client or Proxy) Liberty Authentication Service technology – ID-FF Liberty ID-FF technology or equivalent SAML 2.0 ECP or Liberty Alliance LECP ID-FF & ID-WSF (partial for AS)

SXIP Protocols Anti-Phishing…

Identity Commons Non-technical proposals Identity Rights Agreements Range of Choices Privacy Concerns Identity Metasystem Infocard New protocols based on WS- * Standards