2nd TIPPI Workshop

Trustworthy Interfaces for Passwords and Personal Information

Speaker: Phillip Hallam-Baker, Verisign

Title: Outbound Authentication on the Users Terms

Abstract:
Phishing is the use of social engineering to steal credentials. There are thus three basic approaches to stopping phishing: blocking actual attacks in progress, defeating the social engineering attack and deploying credentials that are inherently resistant to theft. Investing in all three approaches results in a considerably stronger defense than is possible by concentrating on one or even two approaches. Banks have made a huge investment in defeating attacks in progress and are in the process of making even larger investment in developing stronger means of authenticating the customer to the bank. To realize the full potential of these investments we must also develop a secure means of authenticating the bank to the customer.

Secure Internet Letterhead provides Web users with a trustworthy means of authenticating the businesses they trust by means of the indicata they are used to recognising them by - the company brand. Every bank branch, ATM, leaflet or letter from a bank carries their brand on their letterhead. Secure Internet Letterhead extends this existing principle to the Web so that every Web site, every email, every Instant message and every telephone call are also consistently branded using a technology that is trustworthy, transparent and accountable.

Bio:
Dr. Phillip Hallam-Baker has played a leading role in the field of Web Security since the earliest days of the Web. His design credits include contributions to the design of HTTP and HTTP Digest Authentication and editing the first editions of the XKMS, SAML and WS-Security standards. His current research focus is developing technology to stop or mitigate Internet Crime, in particular Phishing. Dr Phillip Hallam-Baker holds degrees from Southampton and Oxford Universities and has held research appointments at DESY, CERN and MIT. He is currently Principal Scientist at VeriSign Inc.


Back to TIPPI workshop page