In this inspiring video interview from Edge, Professor Ross Anderson explains why and how the greed-driven fostering of market imperfections has created the fundamental information security design flaws found in today’s networks and computer systems.
As an example, the world of online banking uses OTP over SMS as a secure second authentication factor, which telecommunication companies around the world have sold to banks as a safe and secure technology. However, the internal SS7 protocol between telecoms is fundamentally insecure, possibly putting billions of bank accounts at risk.
Anderson explains how and why service providers like banks find themselves the victims of systemic security design flaws, but often manage these risks by typically pushing these risks further onto users through new terms and conditions which never was seen in the market previous to digital banking age. The effect of this is that no one has the economical incentives of fixing security problems, but instead externalize the problems, with the end result of indirectly nurturing cyber-crime.
Another example, the ransomware “WannaCry” that ran rampage globally over the last month is at its core a result of the decision by Microsoft to ship Windows with fundamental security design flaws. (https://www.schneier.com/blog/archives/2017/06/wannacry_and_vu.html)
Both examples have the same root cause in the economics of insecurity, where a sub-optimized economic decision is made at the cost of others.
This illustrates the Protectoria Secure Mobile Platform (PSMP) value proposition. PSMP provides a future-proof solution to various markets’ inner dysfunctional economical dynamics, such as in the example of telecom services, computer systems, information security, banking, payments, IoT., etc.
In all these services, insecurity is inherently a part of the desired product design, mandated by the mantra as Ross Anderson told it, “Ship the product on Tuesday, fix the security problems in version 3.”
Consequently, Internet will forever be a broken system. So how can a security be built into a broken system? PSMP has a winning recipe over cyber-crime by building high-end software security into inherently insecure systems by turning the attackers’ weapons against them through continuously morphing its properties and security mechanisms. This way, the PSMP outperforms attackers by loading extreme costs onto intruders through extreme entropy, complexity and time limits. The required effort for the service provider is cost effective, and users are not negatively affected.
This is the basis of the mathematical security (crypto) of the Protectoria Secure Mobile Platform, protecting essential services such as payment transactions, compliant with the Payment Services Directive II (PSD2).
A third party security evaluation is a requirement of the PSD2 Strong Customer Authentication requirement. The Protectoria Secure Mobile Platform is the only technology that has passed this security compliance, with a user experience based on a single mobile phone.
Image Credit: Edge.org