Carnegie Mellon
Opportunities and Challenges in Security
Pradeep K. Khosla
Chancellor
UC San Diego
Cybersecurity: Implications for the Country
Carnegie Mellon
•
Over
9
00 Million
people online
worldwide
•
Growing Number
of Connected Apps,
P2P, Web Services
•
Increasing reliance on
Wireless
, Handheld
dev
•
CyberSecurity Threats
Globalized
–
Growing in number
and Complexity
•
105M PCs in 1990
•
Growing
Connectivity
•
Mainstream Users
and Economy
depend on IT
•
Growing Threats
(Viruses, Worms,
etc)
•
25K reported
incidents in
decade
•
5M computers
in 1980
•
Limited
Connectivity
•
Tech Savvy
Users
•
Limited Security
Threats (Floppy
Disks)
Changing Landscape of Computing and Communications
Source: CERT, Carnegie Mellon University, eTForecasts, Global Reach
Late 1980s
1990s
2000s
Carnegie Mellon
Exponents Control Our Life
Speed of Microprocessor chips doubles
every 12
-
18 months
Storage Density doubles every 12
months
Bandwidth is doubling every 12 months
Price keeps on dropping making the
technology affordable and pervasive
Carnegie Mellon
CERT/CC Incident Reports
and S/W Vulnerability Reports
Carnegie Mellon
Current State of CyberSecurity
Security Through Patches
Cause of major costs in complex Industrial IT environments
Systems and Services
“
摩d
”
畮摥爠慮a慴瑡捫
Service Disruption causes economic and productivity loss
Disruption of Critical Infrastructure (Banks, Telephone,
Power, etc)
Patched Approach to Security across the System
Melissa virus:
$1
billion
in damages
(Computer Economics)
Lloyds of London put the
estimate for Love Bug at
$15
billion
3.9 million systems
infected
30 days to clean
up
(Reuters) Code Red cost
$1.2 billion
in damages
and
$740 million
to clean
up from the
360,000 infected
servers
1999
2000
2001
Slammer
$1 billion
in
damages
2003
Carnegie Mellon
Hours
Time
Weeks or
months
Days
Minutes
Seconds
Human response:
difficult/impossible
Automated response:
possible
Early 1990s
Mid 1990s
Late 1990s
2000
2003
Human response:
impossible
Automated response:
Will need
new paradigms
Proactive blocking:
possible
IT Systems Threat Evolution in the Future
Contagion Timeframe
File Viruses
Macro Viruses
e
-
mail Worms
Blended Threats
“
Warhol
”
Threats
“
Flash
”
Threats
Human response:
possible
Carnegie Mellon
Carnegie Mellon
Cyber Security: Threats, Vulnerabilities and Risks
Disclosure of
Health
Records
Sabotage of
Operations/Service
Theft of Trade
Secrets
EFT Fraud
Loss of Client
Confidence
Legal Liability
Embedded devices in
hospitals
Disgruntled
Employees
Organized Crime
Hackers
Cyber Terrorists
Competitors
Governments
Threats
Risks
OS
Network
Supply Chain
Applications
Databases
PCs, PDA, Phones
Embedded/networked
devices
Middleware
E
-
x Communities (e
-
government, e
-
commerce, etc)
Vulnerabilities
Carnegie Mellon
Questions to Consider:
Why is the anti spam legislation ineffective?
Why are more hackers not caught and prosecuted?
How does legislation to disclose vulnerabilities (before the bugs
are fixed) help in securing the computing and networking
infrastructure? Does it really help the consumer?
Is there a way to stop DDoS attacks?
Why are we unable to build and deploy systems that “operate
through attacks”
Can any single company (by making their product secure) make
the infrastructure/services secure?
Are our kids/citizens “cyberaware”? Would it help if they were
“cyberaware”?
Carnegie Mellon
Axioms and Assumptions
There is no notion of 100% Security
–
in fact
, I believe
it
is unachievable
The adversary is as smart and sophisticated as we are
Attacks will happen!!
Cybersecurity is not about stopping attacks…..
…It is about building Systems and Services that
“
Operate
through an Attack
”
Need to invest consistently in R&D and education/training
to keep one step ahead
Carnegie Mellon
What Is Needed?
Better Software
Improved SW Engineering and development processes
New diagnostic tools and metrics
•
Vulnerability discovery/elimination tools
•
Malware detection/elimination tools
Perpetually Available Systems
Self
-
aware, self
-
securing comput
ing
and network
infrastructure
Secure wireless networks, Sensor Networks, RFID Systems
Better Identification/Authentication, Access Control mechanisms
Multi
-
biometric technologies
for
Capture
-
resilient portable
devices (phones, PDAs, laptops, etc.)
Carnegie Mellon
What Is Needed
-
Cont
’
d
Better Risk Management to
e
nable informed decisions about
SW enterprises currently use, are considering buying, or are
developing
Objective measurements of SW artifacts (code, designs,
etc.) plus environment information as input to a robust
risk model
Balance of privacy and security
Better government Policy and Informed Legislation
Education, Training, and Awareness at all levels
PhD researchers, professional degrees, executive
education
End
-
user awareness training
Integration into school curricula at all levels
International collaboration
Carnegie Mellon
Survivable Storage Systems
(Ganger et al)
Perpetually Available
Information should always be available even when some system
components (computers) are down or unavailable
Perpetually Secure and Self Healing
Information integrity and confidentiality should always be enforced
even when some system components are compromised
Graceful in degradation
Information access functionality and performance should degrade
gracefully as system components fail
Assumptions
–
Some components will fail, some components will be
compromised, some components will be inconsistent, BUT...surviving
components allow the information storage system to survive
Carnegie Mellon
Decimate and Disperse Information
Decimate Information and
create a
“
1000 piece
”
puzzle
Store this information on
“
1000
computers
”
Under an attack
Adversary gains access
to a few
“
灵p穬攠灩散ps
”
and most likely no
information
Legitimate user cannot
reconstruct the original
information
Carnegie Mellon
Decimate, Replicate, and Disperse Information
Decimate Information and create
multiple
“
1000 piece
”
puzzles
Store this information on
“
1000
computers
”
Under an attack
Adversary gains access to a
few
“
灵空汥p灩散敳
”
慮搠
浯獴楫敬礠湯湦潲浡瑩潮
Legitimate user can
reconstruct the original
information
System can heal itself
–
identify corrupted
information and repair it
Carnegie Mellon
DDoS Attack Threats
DDoS attacks represent a significant threat
Hackers commandeer large botnets and rent them out
to
interested parties
Spam email
Racketeering/extortion
Paralyze cyber infrastructure
Many examples
DDoS attacks against DNS, Akamai, Microsoft
Extortion attacks against gambling web sites
Spammers attack anti
-
spam web sites
Music publishers DoS P2P networks
Carnegie Mellon
Integrated Multi
-
technology Strategy
Security will never be solved by a single technology or a single
vendor
Imagine the following technologies
Packet Tracing
–
will allow one to pinpoint the source of an attack
packet
Multi
-
modal real
-
time biometric authentication
–
will allow one to
confirm the identity of a user of a machine at any time
Some Issues
Regulation
–
can you force users to use biometrics?
Privacy
–
how will this be achieved?
Who will pay for infrastructure
Carnegie Mellon
Mobile
/Embedded
Devices
A
re the Future
Converged mobile devices (
“
獭慲瑰桯湥s
”
)
Affordable Access on the move for all
–
ability to
download data to local storage, run applications, and
store user data beyond PIM capabilities
IDC: Smartphones show
“
significant growth and
future promise
”
, with compound annual growth rate
of ~86% projected through 2007
RFID, Embedded Sensors and Sensor Networks
Will form the infrastructure for tracking, monitoring,
control
Carnegie Mellon
New Applications on the Horizon
Smart phones work like train tickets
AP, February 22, 2005
... With a service planned for launch in January next year, they'll be able to use their
mobile phones in place of the cards to
pay for their train fares
… Users will also be
able to use their Suica
-
compatible cell phones to
pay at some restaurants,
convenience stores and shops
. … The service will later be expanded to include
online shopping and reserved ticket purchases
.
$5000? Put it on my cell
BusinessWeek Online, June 6, 2005
… After introducing handsets last year that double as debit cards
allowing users to
pay for small purchases such as soda or coffed from vending machines and
convenience stores
the company this year plans to make those phones full
-
fledged credit cards
. … Technically, transforming phones into credit cards
shouldn
’
t give DoCoMo
’
s engineers too much trouble. Since last July, DoCoMo
has sold some 3 million handsets with FeliCa chips …
Nearly 60% of customers
with FeliCa phones use the service at least once a week.
Carnegie Mellon
Progress through Cellphone Deployment
The Real Digital Divide
Encourage the spread of mobile phones is the most sensible and effective
response to the digital divide
The Economist, March 10, 2005
… The digital divide that really matters, then, is between those with access to a
mobile network and those without. The good news is that the gap is closing fast.
The UN has set a goal of 50% access by 2015, but
a new report from the World
Bank notes that 77% of the world
’
s population already lives within range of a
mobile network
.
Carnegie Mellon
Security and Survivability are
Critical
Enabling Technologies for Mobile
-
X
Secure Downloads
Secure Transactions
Content Protection
Delegating Authority
CORPORATE
PRODUCTIVITY
M
-
COMMERCE
LOCATION
SERVICES
ENTERTAINMENT
Requirements:
Security
Privacy
Capture Resilient Devices
“
Personal Trusted Devices
”
Carnegie Mellon
The Grey System
[Bauer, Garriss, McCune, Reiter, & Rouse]
Existing efforts utilize these devices as a replacement for
existing mechanisms (charge card, physical keys, …)
However, we believe this device
-
centric paradigm can support
more flexible approaches than previously possible
Loan you my car without giving you my phone
Send money from my phone to my daughter
’
s phone
Give your secretary temporary access to your email without revealing
information (e.g., password) that could be used at a later time
Use your phone to open your hotel room door, without ever stopping by
the front desk
… and do it all from a distance
Carnegie Mellon
Some Challenges
A sufficiently flexible authorization infrastructure
Must support usual modes of access and delegation for each
protection mechanism it is to replace, and more
Device theft
Should ensure that stolen devices cannot be misused
Usability
Human
-
to
-
device authentication
Device
-
to
-
device authentication
Access
-
control policy creation
Carnegie Mellon
Biometrics
I
s the Key!
Most current methods rely on passwords, ID cards that can be easily forgotten or
stolen
Future: Identity Recognition for access to systems, spaces, and services based
on Intelligent fusion multiple biometrics (face, voice, signature, iris, fingerprint…..)
PCs and Cell phones with camera and fingerprint sensor (LG
-
LP3350
–
Summer
2005)
Internet
Authenticated
-
Secure Channel
NO Biometrics
Finger + Face
Voice
Signature
PKI Token
PKI
Client Side
e
-
Bank
On
-
line Shop
Friend
Server Side
Carnegie Mellon
Examples of Different Biometrics
Face
Fingerprint
Voice
Palmprint
Hand Geometry
Iris
Retina Scan
Voice
DNA
Signatures
Gait
Keystroke
Carnegie Mellon
Identification vs Verification
Identification:
Match a person
’
猠扩潭整物捳条楮獴i愠摡瑡扡a攠瑯楧畲攠
out his/her identity by finding the closest match.
Commonly referred to as 1:N matching
Verification:
The person claims to be
‘
䩯桮
’
Ⱐ獹s瑥t 浵獴慴捨m慮搠
捯浰慲攠桩猯桥牳h扩潭整物捳⁷c瑨⁊t桮
’
猠獴潲敤s
䉩潭整B楣献
If they match, then user is
‘
癥物v楥i
’
潲畴桥湴o捡瑥搠
瑨慴t猠楮摥敤i
‘
䩯桮
’
Typically referred as 1:1 matching.
Carnegie Mellon
Challenges in
Biometrics (e.g.
Face
& Fingerprint)
•
Pose
•
Illumination
•
Expression
•
Occlusion
•
Time lapse
•
Real Problem
–
Verification Accuracy
and False Acceptance rate
Carnegie Mellon
Illumination
Variability
Carnegie Mellon
Real
-
time Identification and Authentication
Carnegie Mellon
Low Complexity Algorithm for PDA
Carnegie Mellon
How will this be accomplished
?
A partnership involving industry, government, and academia to
develop technologies for protecting the global information
infrastructure and the physical infrastructures that depend upon it
To create a new era of
MAST
computing and communication
systems
and services
M
easurable
A
vailable
S
ecure and
S
ustainable
T
rustworthy
Integrating Research and Development, and Education with next
generation CERT like functions
Carnegie Mellon
More Questions to Consider:
Why are more hackers not caught and prosecuted?
Guaranteed Packet tracing + real
-
time biometrics on every computer
Issues
–
Should there be legislation? Or will this be forced by vendors?
How does legislation to disclose vulnerabilities (before the bugs are fixed) help
in securing the computing and networking infrastructure? Does it really help the
consumer?
I don’t think this helps. Bad idea but somehow the lawmakers don’t get it
Maybe
–
A federally funded assurance facility that allows for voluntary testing of
software components is the answer
Is there a way to stop DDoS attacks?
Pi+SIFF+FIT technologies
Who will pay for infrastructure upgrade? Should the government mandate it?
Why are we unable to build and deploy systems that “operate through attacks”
Point solutions exist.
Carnegie Mellon
More Questions to Consider:
Why is the anti spam legislation ineffective?
Would not only require technologies but consistent international laws, their
enforcement, and collaboration
Can any single company (by making their product secure) make the
infrastructure/services secure?
Certainly not
Are our kids/citizens “cyberaware”? Do they need to be “cyberaware”?
Not yet but we need to keep on working. Cyberawareness will certainly
contribute to reducing the velocity of propagation
CyberSecurity is complex because it:
is integration of several disparate technologies
requires technologists, business people, policy/lawmakers to work together
Carnegie Mellon
Opportunities and Challenges in Security
Thank you.
Cybersecurity: Implications for the Country
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο