Humans are always the weak security link, but do they really have to?
Abstract
The first and fundamental step to security is authentication: a secure identification of the user requesting an action, in fact, is a prerequisite to decide if the requested action is to be allowed or forbidden (access-control); furthermore, the capability to allow access to resource only to the correct parties is a pre-requisite to guarantee resource integrity. Hence, authentication is a cornerstone for all security. Any authentication mechanism, however, is not only required to be resilient to hackers attacks, but it must also be endowed with enough ease of use, to avoid turning into a nuisance that users actively struggle to deactivate with the undesired result of becoming the weak link in the security chain.
At the same time, the fruition of Internet services (be it pure information or more sophisticated services) has seen a steady evolutionary trend toward the use of mobile devices such as smartphones and tablet computers. For this reason, when dealing with cyberthreats, it is necessary to take into full account the peculiarities of each platform in general and, as it is quickly becoming the platform of choice, of mobile devices in particular.
In this talk, we will showcase the importance of usability for security mechanisms in general and authentication in particular and we will show how the evolution of the access patterns of users to cyber-resources, while widening the attack surface available to hackers also provides some very important points of leverage for the development of new security mechanisms sporting a very low impact on users.
Bio
Mauro Migliardi got his PhD in Computer Engineering in 1995. He was a Research Associate and Assistant Professor at the University of Genoa and Research Associate at Emory University. Currently he is Associate Professor at the University of Padua and Adjunct Professor at the University of Genoa.
Having as a general research goal the engineering of distributed systems, he recently focused on cybersecurity and green security for mobile systems, IoT, and human memory support systems and services.
He is a member of the Scientific Committee of the Center for Computing Platforms Engineering, and a member of the Scientific Advisory Board of Circle Garage s.r.l.; he has won the 2013 Canada-Italy Innovation Reward.
He participated to several national and international research projects sponsored by the USA Department of Energy, the European Union, the Italian Government and the University of Padua. He has also (co-)chaired international conferences and workshops and he is member of the Technical Program Committees of several international conferences and workshops.
He has tutored more than 80 among Bachelor, Master and PhD students at the Universities of Genoa, Padua and Emory, and he has authored or co-authored more than 130 scientific papers published in national and international, peer reviewed conferences, books and journals.