Marc Hedlund, VP Engineering, Sana; Joe Hildebrand, Chief Architect, Jabber; Jim Kollegger, CEO, BBX; Nikolaj Nyholm, Founder, Ascio Decentralized Indentity and Security" Impressionistic transcript by Cory Doctorow doctorow@craphound.com July 9, 2003 Supernova Conference Washington DC -- Jim Kollegger, BBX: Three trends: 1. Continuing increased use of Internet no matter what, from the Military to Al Quaeda 2. New tech makes problems worse: cellphones can talk to PCs, malware can be loaded to keychain drives 3. Malicious hacking is getting worse: it's not kids, but malicious arms merchants to digital wars, creating Tom Clancy style assaults. 1 year ago, efficiency was more important than security. That's changed in the past six months: CodeRed, Slammer, Fizzer and other worms. Firewalls let >50% of attacks through. 100% of undefined/unitendified virii are not caught by antiviral software. IDS is like an oversensitive burgular alarm -- useless. You can't chase new malware forever. You need a new model: an immune-system for computers. -- Marc Hedlund, Sana: Security is overfunded and overhyped. Customers got burned in the dotbomb and don't want their critical infrastructure to get orphaned in a bankruptcy. Biological models help us protect computers at Sana. Human immune system autonomously defends you without having a signature file of all known virii. Instead, it looks for abnormal activitiy. In a computer, this dramatically reduces false positives and increases protection against new threats, even without a virus definitions list or a security researcher. A customer of ours -- Smith and Hawkins, a retailer -- has 50-60 stores with no IT staff, and a central office that manages security, and has a PoS that runs over the Internet to clear transactions. Our tech comes out of the Web, not out of Enterprise Architecture, polling over http with Tomcat, etc. We adapt to usage patterns in stores and spot anomalies. A firewall or an IDS would be totally ineffective in this realm, but autonomous software works. -- Joe Hildebrand, Jabber: IM can help with identity. Down and Out in the Magic Kingdom uses reputation as a currency. As a knowledge worker, all you have is a reputation. How do I make identity decisions more frequently, how do I manage it, who do I allow to see my identity and what parts of my identity to I reveal? With hundreds of these transactions per hour, how do I manage the decision-load? HTTP and DNS aren't enough for finding people and things, too many firewalls and NATs. We use XML to route info through firewalls to the edges, puncturing firewalls without going over security admins (they decide to allow things in). -- Nikolak Nyholm, Ascio: On behalf of the digital identity industry, sorry: We've been looking at the wrong problem. In 1999, we built a pilot with the #2 cellular carrier in Denmark, to provision services and applications to users over 3G on smart devices with control. And of course it never came to pass. The stupid network prevailed. The carriers have GPRS which is more expensive to bill than to provide (too cheap to meter). I trust Passport more than Liberty Alliance. A software-hardware group that sets policies that trasncend the network and are the equivalent of Novell Netware for the Internet. This isn't good for any Internet user. We've been trying to say, "For you to send an email to me, our mail-servers need to be federated and aware of each other, a priori." Creates a layer atop the stupid network that breaks it. What we should have been trying to solve is: a pseudonymous identifier and an ability to authenticate it. I know that when I get email from Dan Gillmor that it's from Dan Gillmor, without going through a bank, without going through Verisign. I know him by his face and email. The pseudonymous identifier has always been present, but never verified. We can use this with VoIP, -- Joe: Systems need to be adaptive and customized to an enviroment, no one-size-fits-all. -- Jim: Two problems; 1. What's a trusted source? Email can be co-opted. 2. 80% of money is spent on the permiter, but 80% of the attacks come from the inside. Must protect the machine's integrity: 1. The device 2. The server Wrap it in a shield that's flexible enough that an admin can move from tightest to loosest level. Not chasing one attack -- not chasing insiders or outsiders. Our approach is entirely new. We're going to see the ned of antiviral and firewalls. -- Joe: There will never be a central identity server. It's not democratic. -- Nikolaj: The firewall is breaking down. Businesses need accountability for their own employees and partners, but this doesn't mean that all transactions need the same accountability. Bloggers know each other better by their handles (RageBoy v. Chris Locke) than real names. We don't need to be linked together by verification from a government entity. We need trust through other people introducing us and from the ability to know that our conversational partners persist. -- Marc: How do we avoid having the same password for multiple sites? Just hash the password against the domain-name for the site. -- Kevin Werbach: Spam is really pushing security research. -- Nikolaj: It's not security, it's risk-management. -- Marc: You can't have an all-human security system even though humans are important, they can be ably assisted by computers. The question is how good are technologies at adapting to the environment? Do you have to improve everything, or just look for exceptions and make it easy for someone to globally say yeah or nay. -- Joe: Rules that augment human judgement are an significant challenge, that's beeen with us since th eindustrial revolution: how do we let machines help us do more? We need heuristics that help us manage the flow of info if not control it.