Introducing SCS Speaker Lilly Ryan

Imagine walking down the street and thinking you’ve spotted a friend from afar. Maybe it’s the way they walk, their hair cut or their coat that leads you to recognize them. You approach and look them in the face to make sure it really is your friend. When you see a familiar face, you identify them instantly with very high confidence in the result. I don’t remember a time I was talking to a friend face to face and it turned out to not be him or her.

This trust is gone in the online world. Attacks on the identification of a communication partner, the authentication step, are notorious. As we know, there are three ways to authenticate on a computer: Something you know, something you own and who you are, that is, biometric authentication.

Of these three, biometrics gives many people a creepy feeling. Namely, people in the IT security crowd. Yet, biometrics is making progress: Most smartphones come with fingerprint readers these days. And it seems as though Apple’s Face ID is indeed very strong.

Two weeks ago, the Swiss draft law on “Electronic IDs” was presented. In the message accompanying the law, the federal council stated that strong electronic authentication must include two factors. Much to my surprise, they also stated that one of these factors needs to be a biometric authentication factor. Maybe it’s only me, but I was astonished by this statement. They have no intention of using a physical ID with a chip as a strong second authentication factor (something you own). This is what I would expect from a country with a long tradition of issuing physical IDs to people. Instead, they want to rely on a biometric factor alone.

Biometric authentication has left the laboratory stage and is becoming mainstream. And if the virtual world is really modelled after the analog world, then it is only natural that facial recognition will be chosen as the gold standard.

This alone warrants inviting Lilly Ryan to speak at Swiss Cyber Storm: Lilly, known as attacus among her pen-testing friends, is an Australian security researcher. She has extensive experience attacking facial recognition installations. The cool thing is, she is also bringing a case full of items and gadgets. This will allow you to try and fool the technology yourself after the talk. That’s going to be fun.

So, Lilly is a top notch security researcher. But I really like the way she is able to add meaning to technical problems and security weaknesses. She does not merely describe bugs in software. With Lilly, an individual bug can become a symbol of cultural significance, rooted in our human nature or hundreds of years of history.

Adding history into the equation comes only natural to her, as Lilly has a background in medieval history. Now, it’s an open secret that I studied medieval history, too. So right after we first met, I started to follow her closely to see if she did any research that would fit our program. Then we settled on trust as a focus topic. And around the same time, I saw her announcing a talk about facial recognition in Australia and I was sold. So here we are: Cyber Medievalist attacus is joining us for Swiss Cyber Storm 2018. I hope you’ll be there too!

More about Lilly Ryan / attacus:

• Personal Website: attacus.net
• Twitter: @attacus_au
• Video of Usenix Enigma Talk: Rage against the Ghost in the Machine

 

Christian Folini, Program Chair