ID Theft Knowledge Transfer

							     ID Theft
Knowledge Transfer




TRUST 2nd Year Site Visit, March 19th, 2007
KT-ID Theft   TRUST 2nd Year Site Visit, March 19th, 2007   3
Technology Transition Plan


      PwdHash: RSA Security (www.pwdhash.com)
         –    Initial integration completed fall 2006
         –    Hope to convince IE team to embed natively in IE
      SpyBlock deployment:
         –    Available at   http://getspyblock.com/
         –    Relevant companies: Mocha5, VMWare
         –    Dialog with companies about transaction generators
      SafeHistory: Microsoft, Mozilla.
         –    Available at www.safehistory.com



KT-ID Theft                       TRUST 2nd Year Site Visit, March 19th, 2007   4
Public relations activities

     News articles on PwdHash:
        –     Many articles in popular press, still appearing
        –     Computerworld Horizon Award: August 2006
     SafeHistory & SafeCache:
        –     WWW ’06 paper
     Timing attacks
        –     WWW ’07 paper
     SpyBlock and transaction generation
        –     Report completed; conference paper in process

KT-ID Theft                         TRUST 2nd Year Site Visit, March 19th, 2007   5
KT-ID Theft   TRUST 2nd Year Site Visit, March 19th, 2007   6
KT-ID Theft Speaker-Name
"Title", J.Q.              TRUST 2nd Year Site Visit, March 19th, 2007   7
PwdHash and RSA SecurID

      Tech transfer: available as IE and Firefox extensions
         –    Working to convince MS to embed natively into IE

      Integration with RSA SecurID:
         –    Motivation: “man in the middle” phishing attacks
                  Defeats one-time password systems

         –    Phase I:    apply PwdHash to one-time passwords
                  Requires updates to SecurID server and PwdHash

         –    Phase II: authenticate server to client
                  Planned for next year




KT-ID Theft                                TRUST 2nd Year Site Visit, March 19th, 2007   8