1st TIPPI Workshop

Trustworthy Interfaces for Passwords and Personal Information

Speaker: Ramesh V. Kesanupalli, Phoenix Technologies.

Title: Solutions for Secure and Trustworthy Authentication

Currently, electronic systems that rely on password-based authentication are clearly at risk. The emergence of fraud based on identity theft, through "phishing" attacks (rogue websites masquerading as websites that user's trust, in order to harvest passwords) and more sophisticated "pharming" attacks (redirecting multiple users to rogue websites through DNS altering), are becoming a serious cause of concern for enterprises, government and financial institutions. Current authentication protocols, including the most commonly used method of password authentication over secure HTTP (HTTPS) are unable to protect against these problems.

As the new challenges are evolving in the information security best defense is to provide Security in various layers starting with the device, Network access and the actual content. Cryptographic protocols alone will not provide a complete solution. Trustworthy user interfaces for personal information and credentials are absolutely required.

Phoenix Technologies has been doing research on improving security by providing stronger root of trust in starting at the core hardware. Current lines of research in Phoenix Technologies focus on protected execution environments, based on special modes of operation of x86 compatible processors. Additional strength can be achieved in these environments with other features, such as caller validation, embedded firmware cryptographic engine and extensible chain of trust rooted to the core of the platform. These enhancements can be used for a number of security applications, in the fields of content protection or device authentication.

In addition, Zero-knowledge proof protocols can successfully address these problems, because no useful information is exchanged in the case of an error. Simple Password-authenticated Exponential Key Exchange protocol (SPEKE) is one of the simplest zero-knowledge password methods, which allows using of a small shared secret (password) for strong authentication being immune to offline dictionary attacks.

Mr. Kesanupalli is working with Phoenix Technologies as the Senior Vice President of Engineering, where he has been involved in security technologies enforcing root of trust starting at hardware level. Prior to joining Phoenix in June 2004, Mr. Kesanupalli was the founder and Chief Executive Officer of Kinera, Inc. (now Telsima, Inc.) from 1999 to 2003. From 1995 to 1999, Mr. Kesanupalli was the founder, President and Chief Executive Officer of Object Connect Inc. Mr. Kesanupalli holds a bachelor's degree in electronics engineering from the Madras Institute of Technology and a bachelor's degree in physics from Nagarjuna University.

Back to TIPPI workshop page