Opportunities and Challenges in Security

licoricebedsΑσφάλεια

22 Φεβ 2014 (πριν από 3 χρόνια και 5 μήνες)

89 εμφανίσεις

Carnegie Mellon

Opportunities and Challenges in Security

Pradeep K. Khosla

Chancellor

UC San Diego

Cybersecurity: Implications for the Country

Carnegie Mellon


Over
9
00 Million
people online
worldwide


Growing Number

of Connected Apps,

P2P, Web Services


Increasing reliance on
Wireless
, Handheld
dev


CyberSecurity Threats
Globalized



Growing in number

and Complexity




105M PCs in 1990


Growing
Connectivity


Mainstream Users
and Economy
depend on IT


Growing Threats
(Viruses, Worms,
etc)


25K reported
incidents in
decade


5M computers

in 1980


Limited
Connectivity


Tech Savvy
Users


Limited Security
Threats (Floppy
Disks)

Changing Landscape of Computing and Communications

Source: CERT, Carnegie Mellon University, eTForecasts, Global Reach

Late 1980s

1990s

2000s

Carnegie Mellon

Exponents Control Our Life


Speed of Microprocessor chips doubles
every 12
-
18 months


Storage Density doubles every 12
months


Bandwidth is doubling every 12 months


Price keeps on dropping making the
technology affordable and pervasive

Carnegie Mellon

CERT/CC Incident Reports

and S/W Vulnerability Reports

Carnegie Mellon

Current State of CyberSecurity


Security Through Patches


Cause of major costs in complex Industrial IT environments


Systems and Services

摩d


畮摥爠慮a慴瑡捫


Service Disruption causes economic and productivity loss


Disruption of Critical Infrastructure (Banks, Telephone,
Power, etc)


Patched Approach to Security across the System



Melissa virus:
$1
billion

in damages
(Computer Economics)




Lloyds of London put the
estimate for Love Bug at
$15

billion

3.9 million systems
infected

30 days to clean
up


(Reuters) Code Red cost

$1.2 billion

in damages
and
$740 million

to clean
up from the
360,000 infected

servers

1999

2000

2001


Slammer

$1 billion

in
damages

2003

Carnegie Mellon

Hours

Time

Weeks or

months

Days

Minutes

Seconds

Human response:
difficult/impossible

Automated response:
possible

Early 1990s

Mid 1990s

Late 1990s

2000

2003

Human response:
impossible

Automated response:
Will need
new paradigms

Proactive blocking:
possible


IT Systems Threat Evolution in the Future

Contagion Timeframe

File Viruses

Macro Viruses


e
-
mail Worms

Blended Threats


Warhol


Threats


Flash


Threats

Human response:
possible

Carnegie Mellon

Carnegie Mellon

Cyber Security: Threats, Vulnerabilities and Risks


Disclosure of
Health

Records


Sabotage of

Operations/Service


Theft of Trade

Secrets


EFT Fraud


Loss of Client

Confidence


Legal Liability


Embedded devices in
hospitals


Disgruntled
Employees


Organized Crime


Hackers


Cyber Terrorists


Competitors


Governments

Threats

Risks


OS


Network


Supply Chain


Applications


Databases


PCs, PDA, Phones


Embedded/networked
devices


Middleware


E
-
x Communities (e
-
government, e
-
commerce, etc)

Vulnerabilities

Carnegie Mellon

Questions to Consider:


Why is the anti spam legislation ineffective?


Why are more hackers not caught and prosecuted?


How does legislation to disclose vulnerabilities (before the bugs
are fixed) help in securing the computing and networking
infrastructure? Does it really help the consumer?


Is there a way to stop DDoS attacks?


Why are we unable to build and deploy systems that “operate
through attacks”


Can any single company (by making their product secure) make
the infrastructure/services secure?


Are our kids/citizens “cyberaware”? Would it help if they were
“cyberaware”?


Carnegie Mellon

Axioms and Assumptions


There is no notion of 100% Security


in fact
, I believe
it
is unachievable


The adversary is as smart and sophisticated as we are


Attacks will happen!!


Cybersecurity is not about stopping attacks…..

…It is about building Systems and Services that

Operate
through an Attack



Need to invest consistently in R&D and education/training
to keep one step ahead




Carnegie Mellon

What Is Needed?


Better Software


Improved SW Engineering and development processes


New diagnostic tools and metrics


Vulnerability discovery/elimination tools


Malware detection/elimination tools


Perpetually Available Systems


Self
-
aware, self
-
securing comput
ing

and network

infrastructure



Secure wireless networks, Sensor Networks, RFID Systems


Better Identification/Authentication, Access Control mechanisms


Multi
-
biometric technologies

for
Capture
-
resilient portable
devices (phones, PDAs, laptops, etc.)

Carnegie Mellon

What Is Needed
-

Cont

d


Better Risk Management to
e
nable informed decisions about
SW enterprises currently use, are considering buying, or are
developing


Objective measurements of SW artifacts (code, designs,
etc.) plus environment information as input to a robust
risk model


Balance of privacy and security


Better government Policy and Informed Legislation


Education, Training, and Awareness at all levels


PhD researchers, professional degrees, executive
education


End
-
user awareness training


Integration into school curricula at all levels


International collaboration

Carnegie Mellon

Survivable Storage Systems

(Ganger et al)



Perpetually Available


Information should always be available even when some system
components (computers) are down or unavailable


Perpetually Secure and Self Healing


Information integrity and confidentiality should always be enforced
even when some system components are compromised


Graceful in degradation


Information access functionality and performance should degrade
gracefully as system components fail


Assumptions


Some components will fail, some components will be
compromised, some components will be inconsistent, BUT...surviving
components allow the information storage system to survive


Carnegie Mellon

Decimate and Disperse Information


Decimate Information and
create a

1000 piece


puzzle


Store this information on

1000
computers



Under an attack


Adversary gains access
to a few

灵p穬攠灩散ps


and most likely no
information


Legitimate user cannot
reconstruct the original
information

Carnegie Mellon

Decimate, Replicate, and Disperse Information


Decimate Information and create
multiple


1000 piece


puzzles


Store this information on

1000
computers



Under an attack


Adversary gains access to a
few

灵空汥p灩散敳


慮搠
浯獴楫敬礠湯⁩湦潲浡瑩潮


Legitimate user can
reconstruct the original
information


System can heal itself


identify corrupted
information and repair it

Carnegie Mellon

DDoS Attack Threats


DDoS attacks represent a significant threat


Hackers commandeer large botnets and rent them out
to
interested parties


Spam email


Racketeering/extortion


Paralyze cyber infrastructure


Many examples


DDoS attacks against DNS, Akamai, Microsoft


Extortion attacks against gambling web sites


Spammers attack anti
-
spam web sites


Music publishers DoS P2P networks

Carnegie Mellon

Integrated Multi
-
technology Strategy


Security will never be solved by a single technology or a single
vendor


Imagine the following technologies


Packet Tracing


will allow one to pinpoint the source of an attack
packet


Multi
-
modal real
-
time biometric authentication


will allow one to
confirm the identity of a user of a machine at any time


Some Issues


Regulation


can you force users to use biometrics?


Privacy


how will this be achieved?


Who will pay for infrastructure

Carnegie Mellon

Mobile
/Embedded

Devices
A
re the Future


Converged mobile devices (

獭慲瑰桯湥s

)


Affordable Access on the move for all



ability to
download data to local storage, run applications, and
store user data beyond PIM capabilities


IDC: Smartphones show

significant growth and
future promise

, with compound annual growth rate
of ~86% projected through 2007


RFID, Embedded Sensors and Sensor Networks


Will form the infrastructure for tracking, monitoring,
control


Carnegie Mellon

New Applications on the Horizon

Smart phones work like train tickets

AP, February 22, 2005

... With a service planned for launch in January next year, they'll be able to use their
mobile phones in place of the cards to
pay for their train fares

… Users will also be
able to use their Suica
-
compatible cell phones to
pay at some restaurants,
convenience stores and shops
. … The service will later be expanded to include
online shopping and reserved ticket purchases
.

$5000? Put it on my cell

BusinessWeek Online, June 6, 2005

… After introducing handsets last year that double as debit cards

allowing users to
pay for small purchases such as soda or coffed from vending machines and
convenience stores

the company this year plans to make those phones full
-
fledged credit cards
. … Technically, transforming phones into credit cards
shouldn

t give DoCoMo

s engineers too much trouble. Since last July, DoCoMo
has sold some 3 million handsets with FeliCa chips …
Nearly 60% of customers
with FeliCa phones use the service at least once a week.

Carnegie Mellon

Progress through Cellphone Deployment

The Real Digital Divide

Encourage the spread of mobile phones is the most sensible and effective
response to the digital divide

The Economist, March 10, 2005

… The digital divide that really matters, then, is between those with access to a
mobile network and those without. The good news is that the gap is closing fast.
The UN has set a goal of 50% access by 2015, but
a new report from the World
Bank notes that 77% of the world

s population already lives within range of a
mobile network
.

Carnegie Mellon

Security and Survivability are
Critical

Enabling Technologies for Mobile
-
X

Secure Downloads

Secure Transactions

Content Protection

Delegating Authority

CORPORATE

PRODUCTIVITY

M
-
COMMERCE

LOCATION

SERVICES

ENTERTAINMENT

Requirements:

Security

Privacy

Capture Resilient Devices


Personal Trusted Devices


Carnegie Mellon

The Grey System

[Bauer, Garriss, McCune, Reiter, & Rouse]


Existing efforts utilize these devices as a replacement for
existing mechanisms (charge card, physical keys, …)



However, we believe this device
-
centric paradigm can support
more flexible approaches than previously possible


Loan you my car without giving you my phone


Send money from my phone to my daughter

s phone


Give your secretary temporary access to your email without revealing
information (e.g., password) that could be used at a later time


Use your phone to open your hotel room door, without ever stopping by
the front desk


… and do it all from a distance

Carnegie Mellon

Some Challenges


A sufficiently flexible authorization infrastructure


Must support usual modes of access and delegation for each
protection mechanism it is to replace, and more


Device theft


Should ensure that stolen devices cannot be misused


Usability


Human
-
to
-
device authentication


Device
-
to
-
device authentication


Access
-
control policy creation

Carnegie Mellon

Biometrics
I
s the Key!


Most current methods rely on passwords, ID cards that can be easily forgotten or
stolen


Future: Identity Recognition for access to systems, spaces, and services based
on Intelligent fusion multiple biometrics (face, voice, signature, iris, fingerprint…..)


PCs and Cell phones with camera and fingerprint sensor (LG
-
LP3350


Summer
2005)

Internet

Authenticated
-

Secure Channel

NO Biometrics

Finger + Face

Voice

Signature

PKI Token

PKI



Client Side


e
-
Bank

On
-
line Shop

Friend



Server Side

Carnegie Mellon

Examples of Different Biometrics


Face


Fingerprint


Voice


Palmprint


Hand Geometry



Iris


Retina Scan


Voice


DNA


Signatures


Gait


Keystroke

Carnegie Mellon

Identification vs Verification



Identification:


Match a person

猠扩潭整物捳⁡条楮獴i愠摡瑡扡a攠瑯⁦楧畲攠
out his/her identity by finding the closest match.


Commonly referred to as 1:N matching


Verification:


The person claims to be

䩯桮

Ⱐ獹s瑥t 浵獴慴捨m慮搠
捯浰慲攠桩猯桥牳h扩潭整物捳⁷c瑨⁊t桮

猠獴潲敤s
䉩潭整B楣献


If they match, then user is

癥物v楥i


潲⁡畴桥湴o捡瑥搠
瑨慴⁨t⁩猠楮摥敤i

䩯桮



Typically referred as 1:1 matching.


Carnegie Mellon

Challenges in
Biometrics (e.g.
Face

& Fingerprint)





Pose



Illumination



Expression



Occlusion



Time lapse



Real Problem


Verification Accuracy

and False Acceptance rate

Carnegie Mellon

Illumination

Variability

Carnegie Mellon

Real
-
time Identification and Authentication

Carnegie Mellon

Low Complexity Algorithm for PDA

Carnegie Mellon

How will this be accomplished
?


A partnership involving industry, government, and academia to
develop technologies for protecting the global information
infrastructure and the physical infrastructures that depend upon it


To create a new era of
MAST

computing and communication
systems

and services


M
easurable


A
vailable


S
ecure and
S
ustainable


T
rustworthy


Integrating Research and Development, and Education with next
generation CERT like functions

Carnegie Mellon

More Questions to Consider:


Why are more hackers not caught and prosecuted?


Guaranteed Packet tracing + real
-
time biometrics on every computer


Issues


Should there be legislation? Or will this be forced by vendors?


How does legislation to disclose vulnerabilities (before the bugs are fixed) help
in securing the computing and networking infrastructure? Does it really help the
consumer?


I don’t think this helps. Bad idea but somehow the lawmakers don’t get it


Maybe


A federally funded assurance facility that allows for voluntary testing of
software components is the answer


Is there a way to stop DDoS attacks?


Pi+SIFF+FIT technologies


Who will pay for infrastructure upgrade? Should the government mandate it?


Why are we unable to build and deploy systems that “operate through attacks”


Point solutions exist.

Carnegie Mellon

More Questions to Consider:


Why is the anti spam legislation ineffective?


Would not only require technologies but consistent international laws, their
enforcement, and collaboration


Can any single company (by making their product secure) make the
infrastructure/services secure?


Certainly not


Are our kids/citizens “cyberaware”? Do they need to be “cyberaware”?


Not yet but we need to keep on working. Cyberawareness will certainly
contribute to reducing the velocity of propagation


CyberSecurity is complex because it:


is integration of several disparate technologies


requires technologists, business people, policy/lawmakers to work together


Carnegie Mellon

Opportunities and Challenges in Security

Thank you.

Cybersecurity: Implications for the Country