Opportunities and Challenges in Security

Carnegie Mellon

Opportunities and Challenges in Security

Pradeep K. Khosla

Chancellor

UC San Diego

Cybersecurity: Implications for the Country

Carnegie Mellon

•
Over
9
00 Million
people online
worldwide

•
Growing Number

of Connected Apps,

P2P, Web Services

•
Increasing reliance on
Wireless
, Handheld
dev

•
CyberSecurity Threats
Globalized
–


Growing in number

and Complexity



•
105M PCs in 1990

•
Growing
Connectivity

•
Mainstream Users
and Economy
depend on IT

•
Growing Threats
(Viruses, Worms,
etc)

•
25K reported
incidents in
decade

•
5M computers

in 1980

•
Limited
Connectivity

•
Tech Savvy
Users

•
Limited Security
Threats (Floppy
Disks)

Changing Landscape of Computing and Communications

Source: CERT, Carnegie Mellon University, eTForecasts, Global Reach

Late 1980s

1990s

2000s

Carnegie Mellon

Exponents Control Our Life


Speed of Microprocessor chips doubles
every 12
-
18 months


Storage Density doubles every 12
months


Bandwidth is doubling every 12 months


Price keeps on dropping making the
technology affordable and pervasive

Carnegie Mellon

CERT/CC Incident Reports

and S/W Vulnerability Reports

Carnegie Mellon

Current State of CyberSecurity


Security Through Patches


Cause of major costs in complex Industrial IT environments


Systems and Services
“
摩d
”

畮摥爠慮a慴瑡捫


Service Disruption causes economic and productivity loss


Disruption of Critical Infrastructure (Banks, Telephone,
Power, etc)


Patched Approach to Security across the System



Melissa virus:
$1
billion

in damages
(Computer Economics)




Lloyds of London put the
estimate for Love Bug at
$15

billion

3.9 million systems
infected

30 days to clean
up


(Reuters) Code Red cost

$1.2 billion

in damages
and
$740 million

to clean
up from the
360,000 infected

servers

1999

2000

2001


Slammer

$1 billion

in
damages

2003

Carnegie Mellon

Hours

Time

Weeks or

months

Days

Minutes

Seconds

Human response:
difficult/impossible

Automated response:
possible

Early 1990s

Mid 1990s

Late 1990s

2000

2003

Human response:
impossible

Automated response:
Will need
new paradigms

Proactive blocking:
possible


IT Systems Threat Evolution in the Future

Contagion Timeframe

File Viruses

Macro Viruses


e
-
mail Worms

Blended Threats

“
Warhol
”

Threats

“
Flash
”

Threats

Human response:
possible

Carnegie Mellon

Carnegie Mellon

Cyber Security: Threats, Vulnerabilities and Risks


Disclosure of
Health

Records


Sabotage of

Operations/Service


Theft of Trade

Secrets


EFT Fraud


Loss of Client

Confidence


Legal Liability


Embedded devices in
hospitals


Disgruntled
Employees


Organized Crime


Hackers


Cyber Terrorists


Competitors


Governments

Threats

Risks


OS


Network


Supply Chain


Applications


Databases


PCs, PDA, Phones


Embedded/networked
devices


Middleware


E
-
x Communities (e
-
government, e
-
commerce, etc)

Vulnerabilities

Carnegie Mellon

Questions to Consider:


Why is the anti spam legislation ineffective?


Why are more hackers not caught and prosecuted?


How does legislation to disclose vulnerabilities (before the bugs
are fixed) help in securing the computing and networking
infrastructure? Does it really help the consumer?


Is there a way to stop DDoS attacks?


Why are we unable to build and deploy systems that “operate
through attacks”


Can any single company (by making their product secure) make
the infrastructure/services secure?


Are our kids/citizens “cyberaware”? Would it help if they were
“cyberaware”?


Carnegie Mellon

Axioms and Assumptions


There is no notion of 100% Security
–

in fact
, I believe
it
is unachievable


The adversary is as smart and sophisticated as we are


Attacks will happen!!


Cybersecurity is not about stopping attacks…..

…It is about building Systems and Services that
“
Operate
through an Attack
”


Need to invest consistently in R&D and education/training
to keep one step ahead




Carnegie Mellon

What Is Needed?


Better Software


Improved SW Engineering and development processes


New diagnostic tools and metrics

•
Vulnerability discovery/elimination tools

•
Malware detection/elimination tools


Perpetually Available Systems


Self
-
aware, self
-
securing comput
ing

and network

infrastructure



Secure wireless networks, Sensor Networks, RFID Systems


Better Identification/Authentication, Access Control mechanisms


Multi
-
biometric technologies

for
Capture
-
resilient portable
devices (phones, PDAs, laptops, etc.)

Carnegie Mellon

What Is Needed
-

Cont
’
d


Better Risk Management to
e
nable informed decisions about
SW enterprises currently use, are considering buying, or are
developing


Objective measurements of SW artifacts (code, designs,
etc.) plus environment information as input to a robust
risk model


Balance of privacy and security


Better government Policy and Informed Legislation


Education, Training, and Awareness at all levels


PhD researchers, professional degrees, executive
education


End
-
user awareness training


Integration into school curricula at all levels


International collaboration

Carnegie Mellon

Survivable Storage Systems

(Ganger et al)



Perpetually Available


Information should always be available even when some system
components (computers) are down or unavailable


Perpetually Secure and Self Healing


Information integrity and confidentiality should always be enforced
even when some system components are compromised


Graceful in degradation


Information access functionality and performance should degrade
gracefully as system components fail


Assumptions
–

Some components will fail, some components will be
compromised, some components will be inconsistent, BUT...surviving
components allow the information storage system to survive


Carnegie Mellon

Decimate and Disperse Information


Decimate Information and
create a
“
1000 piece
”

puzzle


Store this information on
“
1000
computers
”


Under an attack


Adversary gains access
to a few
“
灵p穬攠灩散ps
”

and most likely no
information


Legitimate user cannot
reconstruct the original
information

Carnegie Mellon

Decimate, Replicate, and Disperse Information


Decimate Information and create
multiple

“
1000 piece
”

puzzles


Store this information on
“
1000
computers
”


Under an attack


Adversary gains access to a
few
“
灵空汥p灩散敳
”

慮搠
浯獴楫敬礠湯⁩湦潲浡瑩潮


Legitimate user can
reconstruct the original
information


System can heal itself
–

identify corrupted
information and repair it

Carnegie Mellon

DDoS Attack Threats


DDoS attacks represent a significant threat


Hackers commandeer large botnets and rent them out
to
interested parties


Spam email


Racketeering/extortion


Paralyze cyber infrastructure


Many examples


DDoS attacks against DNS, Akamai, Microsoft


Extortion attacks against gambling web sites


Spammers attack anti
-
spam web sites


Music publishers DoS P2P networks

Carnegie Mellon

Integrated Multi
-
technology Strategy


Security will never be solved by a single technology or a single
vendor


Imagine the following technologies


Packet Tracing
–

will allow one to pinpoint the source of an attack
packet


Multi
-
modal real
-
time biometric authentication
–

will allow one to
confirm the identity of a user of a machine at any time


Some Issues


Regulation
–

can you force users to use biometrics?


Privacy
–

how will this be achieved?


Who will pay for infrastructure

Carnegie Mellon

Mobile
/Embedded

Devices
A
re the Future


Converged mobile devices (
“
獭慲瑰桯湥s
”
)


Affordable Access on the move for all
–


ability to
download data to local storage, run applications, and
store user data beyond PIM capabilities


IDC: Smartphones show
“
significant growth and
future promise
”
, with compound annual growth rate
of ~86% projected through 2007


RFID, Embedded Sensors and Sensor Networks


Will form the infrastructure for tracking, monitoring,
control


Carnegie Mellon

New Applications on the Horizon

Smart phones work like train tickets

AP, February 22, 2005

... With a service planned for launch in January next year, they'll be able to use their
mobile phones in place of the cards to
pay for their train fares

… Users will also be
able to use their Suica
-
compatible cell phones to
pay at some restaurants,
convenience stores and shops
. … The service will later be expanded to include
online shopping and reserved ticket purchases
.

$5000? Put it on my cell

BusinessWeek Online, June 6, 2005

… After introducing handsets last year that double as debit cards

allowing users to
pay for small purchases such as soda or coffed from vending machines and
convenience stores

the company this year plans to make those phones full
-
fledged credit cards
. … Technically, transforming phones into credit cards
shouldn
’
t give DoCoMo
’
s engineers too much trouble. Since last July, DoCoMo
has sold some 3 million handsets with FeliCa chips …
Nearly 60% of customers
with FeliCa phones use the service at least once a week.

Carnegie Mellon

Progress through Cellphone Deployment

The Real Digital Divide

Encourage the spread of mobile phones is the most sensible and effective
response to the digital divide

The Economist, March 10, 2005

… The digital divide that really matters, then, is between those with access to a
mobile network and those without. The good news is that the gap is closing fast.
The UN has set a goal of 50% access by 2015, but
a new report from the World
Bank notes that 77% of the world
’
s population already lives within range of a
mobile network
.

Carnegie Mellon

Security and Survivability are
Critical

Enabling Technologies for Mobile
-
X

Secure Downloads

Secure Transactions

Content Protection

Delegating Authority

CORPORATE

PRODUCTIVITY

M
-
COMMERCE

LOCATION

SERVICES

ENTERTAINMENT

Requirements:

Security

Privacy

Capture Resilient Devices

“
Personal Trusted Devices
”

Carnegie Mellon

The Grey System

[Bauer, Garriss, McCune, Reiter, & Rouse]


Existing efforts utilize these devices as a replacement for
existing mechanisms (charge card, physical keys, …)



However, we believe this device
-
centric paradigm can support
more flexible approaches than previously possible


Loan you my car without giving you my phone


Send money from my phone to my daughter
’
s phone


Give your secretary temporary access to your email without revealing
information (e.g., password) that could be used at a later time


Use your phone to open your hotel room door, without ever stopping by
the front desk


… and do it all from a distance

Carnegie Mellon

Some Challenges


A sufficiently flexible authorization infrastructure


Must support usual modes of access and delegation for each
protection mechanism it is to replace, and more


Device theft


Should ensure that stolen devices cannot be misused


Usability


Human
-
to
-
device authentication


Device
-
to
-
device authentication


Access
-
control policy creation

Carnegie Mellon

Biometrics
I
s the Key!


Most current methods rely on passwords, ID cards that can be easily forgotten or
stolen


Future: Identity Recognition for access to systems, spaces, and services based
on Intelligent fusion multiple biometrics (face, voice, signature, iris, fingerprint…..)


PCs and Cell phones with camera and fingerprint sensor (LG
-
LP3350
–

Summer
2005)

Internet

Authenticated
-

Secure Channel

NO Biometrics

Finger + Face

Voice

Signature

PKI Token

PKI



Client Side


e
-
Bank

On
-
line Shop

Friend



Server Side

Carnegie Mellon

Examples of Different Biometrics


Face


Fingerprint


Voice


Palmprint


Hand Geometry



Iris


Retina Scan


Voice


DNA


Signatures


Gait


Keystroke

Carnegie Mellon

Identification vs Verification



Identification:


Match a person
’
猠扩潭整物捳⁡条楮獴i愠摡瑡扡a攠瑯⁦楧畲攠
out his/her identity by finding the closest match.


Commonly referred to as 1:N matching


Verification:


The person claims to be
‘
䩯桮
’
Ⱐ獹s瑥t 浵獴慴捨m慮搠
捯浰慲攠桩猯桥牳h扩潭整物捳⁷c瑨⁊t桮
’
猠獴潲敤s
䉩潭整B楣献


If they match, then user is
‘
癥物v楥i
’

潲⁡畴桥湴o捡瑥搠
瑨慴⁨t⁩猠楮摥敤i
‘
䩯桮
’


Typically referred as 1:1 matching.


Carnegie Mellon

Challenges in
Biometrics (e.g.
Face

& Fingerprint)



•

Pose

•

Illumination

•

Expression

•

Occlusion

•

Time lapse

•

Real Problem
–

Verification Accuracy

and False Acceptance rate

Carnegie Mellon

Illumination

Variability

Carnegie Mellon

Real
-
time Identification and Authentication

Carnegie Mellon

Low Complexity Algorithm for PDA

Carnegie Mellon

How will this be accomplished
?


A partnership involving industry, government, and academia to
develop technologies for protecting the global information
infrastructure and the physical infrastructures that depend upon it


To create a new era of
MAST

computing and communication
systems

and services


M
easurable


A
vailable


S
ecure and
S
ustainable


T
rustworthy


Integrating Research and Development, and Education with next
generation CERT like functions

Carnegie Mellon

More Questions to Consider:


Why are more hackers not caught and prosecuted?


Guaranteed Packet tracing + real
-
time biometrics on every computer


Issues
–

Should there be legislation? Or will this be forced by vendors?


How does legislation to disclose vulnerabilities (before the bugs are fixed) help
in securing the computing and networking infrastructure? Does it really help the
consumer?


I don’t think this helps. Bad idea but somehow the lawmakers don’t get it


Maybe
–

A federally funded assurance facility that allows for voluntary testing of
software components is the answer


Is there a way to stop DDoS attacks?


Pi+SIFF+FIT technologies


Who will pay for infrastructure upgrade? Should the government mandate it?


Why are we unable to build and deploy systems that “operate through attacks”


Point solutions exist.

Carnegie Mellon

More Questions to Consider:


Why is the anti spam legislation ineffective?


Would not only require technologies but consistent international laws, their
enforcement, and collaboration


Can any single company (by making their product secure) make the
infrastructure/services secure?


Certainly not


Are our kids/citizens “cyberaware”? Do they need to be “cyberaware”?


Not yet but we need to keep on working. Cyberawareness will certainly
contribute to reducing the velocity of propagation


CyberSecurity is complex because it:


is integration of several disparate technologies


requires technologists, business people, policy/lawmakers to work together


Carnegie Mellon

Opportunities and Challenges in Security

Thank you.

Cybersecurity: Implications for the Country