Keynote on Collaborative Technologies 2011- Theme Security: Techniques and challenges for ensuring effective use of collaborative systems, Professor Carsten Maple, Univ of Bedfordshire.
NOTE: These conference notes are prone to my misinterpretations and the trouble of keeping up with the presenters» pace…
Introduction: Collaborative Technologies. We use them quite a lot- Wikipedia in some cases- and professional and private life is merging. There is a massive growth:
– Elearning; blackboard, moodle
– Videoconferencing; Webex (Cisco), Skype (Microsoft)
– E-gov; Govdex (Australian government)»
– Grovt of skype; Nov 2009,20 mill- Nov 2010, 25 mill- six months later 30 mill
Challenge; Security, Reliability, Abuses, Usability, Acceptance/Behavioral challenge
Collaborative systems come with plusses and minuses on different modes of working – ie wiki hinders the energy normally emerging from brainstorming
Security: Information Assurance – towards a new way of systems design
– Confidentiality, Integrity, Availability, Non-repudiation, Autenthification.
Holistic design idea and preventing cyper-stalking
– Data Confidentiality is straightforward keeping something sent unchanged.
In real life more often what one think is breach of Data conf:
– Integrity breach: The guarantee that the data received by one party is the data sent
– Availability: Assuranse that the systems and data are available at any required time- This is increasingly important
– Non-rep. = assurance that sender cannot deny what has been sent
– Autenthification = The process of the act of confirming the truth of an entity.
Pflegers» Classification of Network Attacks: Interruption, Interception, Modification, Fabrication/ Insertion.
With a autenthification breach all of the attack types can happen.
Techniques; Security – Encryption, Integrity- Hash algorithm (fingerprint of document made and tested), Availability – Redundancy, Non-rep.-Digital signature, Autenthification – Password (has often been compromised or NO password to system exist). This have been the cause of most cases one hears of.
– What you know – password
– What you have – tokens (keys)
– What you are – biometrics, static or dynamic- physical or behavioral
– Enrolment (registration)
– Reset (often not mentioned)
It is a bad idea that biometrics are the best! WHEN compromised you have lost all hope of resetting. A password you can change
People struggle to remember random strings (=good passwords). It IS a good ide to use good passwords AND WRITE THEM DOWN! Few has access to your workplace and many to your web site. Strangely this strategy was ridiculed earlier on.
We interact differently online than face to face. With some consequences. How many has let others borrow a password?
Holistic approach is needed to look at and address the motivation for cyber harrassment.
– How difficult it is to do, What rewards harassment leads to, probability of getting caught, probability of penalty, What penalty
Conclution: Most approaches focus on the first. Lawmakers must address the challenge.
Question after presentation;
The user is the weakest link, as we all know. What is the second weakest? (Strangely this is the first time the professor has been asked :-)).
– Your business partner is the second weakest link.
– But a rising threat is availability risk due to increase of mobile systems and possible interception of signals.
Personal comment: An interesting general presentation about security with some obvious and some surprising new bits of knowledge