Speaker: Phillip Hallam-Baker, Verisign
Title: Outbound Authentication on the Users Terms
Abstract:
Phishing is the use of social engineering to steal credentials. There are
thus three basic approaches to stopping phishing: blocking actual attacks in
progress, defeating the social engineering attack and deploying credentials
that are inherently resistant to theft. Investing in all three approaches
results in a considerably stronger defense than is possible by concentrating
on one or even two approaches. Banks have made a huge investment in
defeating attacks in progress and are in the process of making even larger
investment in developing stronger means of authenticating the customer to
the bank. To realize the full potential of these investments we must also
develop a secure means of authenticating the bank to the customer.
Secure Internet Letterhead provides Web users with a trustworthy means of authenticating the businesses they trust by means of the indicata they are used to recognising them by - the company brand. Every bank branch, ATM, leaflet or letter from a bank carries their brand on their letterhead. Secure Internet Letterhead extends this existing principle to the Web so that every Web site, every email, every Instant message and every telephone call are also consistently branded using a technology that is trustworthy, transparent and accountable.
Bio:
Dr. Phillip Hallam-Baker has played a leading role in the field of Web
Security since the earliest days of the Web. His design credits include
contributions to the design of HTTP and HTTP Digest Authentication and
editing the first editions of the XKMS, SAML and WS-Security standards. His
current research focus is developing technology to stop or mitigate Internet
Crime, in particular Phishing.
Dr Phillip Hallam-Baker holds degrees from Southampton and Oxford
Universities and has held research appointments at DESY, CERN and MIT. He is
currently Principal Scientist at VeriSign Inc.