Speaker: Ramesh V. Kesanupalli, Phoenix Technologies.
Title: Solutions for Secure and Trustworthy Authentication
Abstract:
Currently, electronic systems that rely on password-based
authentication are clearly at risk. The emergence of fraud based on
identity theft, through "phishing" attacks (rogue websites
masquerading as websites that user's trust, in order to harvest
passwords) and more sophisticated "pharming" attacks (redirecting
multiple users to rogue websites through DNS altering), are becoming
a serious cause of concern for enterprises, government and financial
institutions. Current authentication protocols, including the most
commonly used method of password authentication over secure HTTP
(HTTPS) are unable to protect against these problems.
As the new challenges are evolving in the information security best defense is to provide Security in various layers starting with the device, Network access and the actual content. Cryptographic protocols alone will not provide a complete solution. Trustworthy user interfaces for personal information and credentials are absolutely required.
Phoenix Technologies has been doing research on improving security by providing stronger root of trust in starting at the core hardware. Current lines of research in Phoenix Technologies focus on protected execution environments, based on special modes of operation of x86 compatible processors. Additional strength can be achieved in these environments with other features, such as caller validation, embedded firmware cryptographic engine and extensible chain of trust rooted to the core of the platform. These enhancements can be used for a number of security applications, in the fields of content protection or device authentication.
In addition, Zero-knowledge proof protocols can successfully address these problems, because no useful information is exchanged in the case of an error. Simple Password-authenticated Exponential Key Exchange protocol (SPEKE) is one of the simplest zero-knowledge password methods, which allows using of a small shared secret (password) for strong authentication being immune to offline dictionary attacks.
Biography:
Mr. Kesanupalli is working with Phoenix Technologies as
the Senior Vice President of Engineering, where he has been involved
in security technologies enforcing root of trust starting at hardware
level. Prior to joining Phoenix in June 2004, Mr. Kesanupalli was
the founder and Chief Executive Officer of Kinera, Inc. (now Telsima,
Inc.) from 1999 to 2003. From 1995 to 1999, Mr. Kesanupalli was the
founder, President and Chief Executive Officer of Object Connect
Inc. Mr. Kesanupalli holds a bachelor's degree in electronics
engineering from the Madras Institute of Technology and a bachelor's
degree in physics from Nagarjuna University.