Professor Patrick Traynor, University of Florida
From 14.00 until 15.00
At ETH Zurich, CNB/F/110
Universitatstrasse 6
Abstract
Telephones remain a trusted platform for bootstrapping and conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure fall-back when attempting to confirm the veracity of a transaction. In spite of this, authentication is poorly managed between disparate telephony systems, and in the general case it is impossible to be certain of the identity of the entity at the other end of a call. In this talk, I begin with an investigation of the ways in which phone numbers are being used as strong authenticators for Internet-based systems (e.g., Caller-ID fraud, phone verified account fraud). I then detail how much stronger end-to-end mechanisms can be developed and deployed. In so doing, we argue that we can help to overcome security problems that are the direct result of such poorly placed trust.