Authenticate Like a Boss

Presented at TROOPERS17 (2017), March 21, 2017, 9 a.m. (Unknown duration).

The road to hell may be paved with good intentions but the road to IoT security hell is paved with unknown intentions. Intent is a tricky thing- poorly defined, misunderstood, and chaotically implemented as part of authentication controls. Yet, when we don't know the technology or what it's really doing it's impossible to properly secure all these new "Things" on our part of the Internet. Without understanding intent, we can't authenticate the good and block the bad for as long as we may need to. So we will look at the ongoing research into understanding "intent", the insights, the breakthroughs, the applications, and let you walk away with a new tool for threat detection.


Presenters:

  • Pete Herzog
    About the Trainer Pete Herzog is a security professional, neuro-hacker and managing director for the non-profit security research organization, ISECOM. He created the first social engineering methodology for quantifiable testing of human security for OSSTMM 2.1 in 2002. By 2003 he created Trust Metrics for measuring the amount of trust one can put in anything in a quantifiable manner which was added to OSSTMM 3 in 2010. In 2009 Herzog began working with brainwave scanners and tDCS to directly manipulate the brain and understand how people learn and focus attention. In 2013 he released the Security Awareness Learning Tactics (SALT) project to specifically design security awareness based on the neuro research. You can read more about Pete here: http://en.wikipedia.org/wiki/Social_engineering_%28security%29#Notable_social_engineers http://en.wikipedia.org/wiki/Pete_Herzog https://www.linkedin.com/in/isecom

Links: