Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Defence University, www.mpkk.fi professor Hannu H. Kari Page 1/51 Attacking (wireless) Internet Hannu H. Kari professor, research director National.

Similar presentations


Presentation on theme: "National Defence University, www.mpkk.fi professor Hannu H. Kari Page 1/51 Attacking (wireless) Internet Hannu H. Kari professor, research director National."— Presentation transcript:

1 National Defence University, professor Hannu H. Kari Page 1/51 Attacking (wireless) Internet Hannu H. Kari professor, research director National Defence University

2 National Defence University, professor Hannu H. Kari Page 2/51... a short flashback...

3 National Defence University, professor Hannu H. Kari Page 3/51 Yksityisyys langattomissa verkoissa Hannu H. KARI virkaanastujaisesitelmä

4 National Defence University, professor Hannu H. Kari Page 4/51 Yksityisyys nykyaikana?

5 National Defence University, professor Hannu H. Kari Page 5/51 Yksilö ja yksityisyys

6 National Defence University, professor Hannu H. Kari Page 6/51 Yksityisyys ja sähkömagneettinen aura

7 National Defence University, professor Hannu H. Kari Page 7/51 Esimerkki: Ketkä ovat kavereita?

8 National Defence University, professor Hannu H. Kari Page 8/51 Esimerkki: Ketkä ovat kavereita? Solu 1: Solu 2: Solu 3:... Samassa solussa...

9 National Defence University, professor Hannu H. Kari Page 9/51 Yksityisyyden viisi/kuusi luokkaa •Informaatio (data privacy) •Kohde/lähde (identity privacy) •Tapahtumapaika (location privacy) •Tapahtuma-aika (time privacy) •Olemassaolo (privacy of existence) + Tapahtuma (transaction)

10 National Defence University, professor Hannu H. Kari Page 10/51 Yksilö vs. yhteiskunta Yksilön oikeus yksityisyyteen Yhteiskunnan valvontatarve

11 National Defence University, professor Hannu H. Kari Page 11/51 And now back to our original program...

12 National Defence University, professor Hannu H. Kari Page 12/51 History

13 National Defence University, professor Hannu H. Kari Page 13/51 Technology enhancements (www.daimler.co.uk) (decorateyourgarage.com) (www.macarthurcoal.com.au) ~100+ years

14 National Defence University, professor Hannu H. Kari Page 14/51 Technology enhancements (www.route79.com)(www2.jsonline.com) (www.openfire.us) (www.eia.doe.gov) (www.pennways.com) (en.wikipedia.org)

15 National Defence University, professor Hannu H. Kari Page 15/51 Technology enhancements The same thing has happened in Internet in 10…15 years!

16 National Defence University, professor Hannu H. Kari Page 16/51 Need for privacy?

17 National Defence University, professor Hannu H. Kari Page 17/51 Analogy for identification: Pets (news.wisc.edu) ID database Owner ID

18 National Defence University, professor Hannu H. Kari Page 18/51 Human identification today

19 National Defence University, professor Hannu H. Kari Page 19/51 Human identification some 60 years ago... and... today

20 National Defence University, professor Hannu H. Kari Page 20/51 Need for privacy

21 National Defence University, professor Hannu H. Kari Page 21/51 Need for privacy

22 National Defence University, professor Hannu H. Kari Page 22/51 Need for privacy

23 National Defence University, professor Hannu H. Kari Page 23/51 Need for privacy + + remote readable passport

24 National Defence University, professor Hannu H. Kari Page 24/51 Need for privacy + + remote readable passport

25 National Defence University, professor Hannu H. Kari Page 25/51 Need for privacy + + remote readable passport

26 National Defence University, professor Hannu H. Kari Page 26/51 Need for privacy + + remote readable passport

27 National Defence University, professor Hannu H. Kari Page 27/51 Wireless network eavesdropping BlueTooth Sniper rifle: range meters WiFi Sniper rifle: range 10+ km (http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1 original page deleted, found still from Internet archive: /Sections-article106.php)

28 National Defence University, professor Hannu H. Kari Page 28/51 Privacy •Definition of Privacy Privacy is the claim of individuals, groups, and institutions to determine for themselves, when, how, and to what extent information about them is communicated to others. Alan Westin 1967

29 National Defence University, professor Hannu H. Kari Page 29/51 Threats

30 National Defence University, professor Hannu H. Kari Page 30/51 Holmlund: Verkkohyökkäys voi uhata rahaliikennettä { : MPK 187:n avajaiset} •YETTS: yhteiskunnan elintärkeät toiminnot tulee turvata kaikissa tilanteissa •Myyrmanni, Jokela & Kauhajoki: * syrjäytyminen sisäisen turvallisuutemme suurin uhka * monia ei-toivottuja kehitystrendejä •Tarkoituksellisin verkkohyökkäyksin saatetaan heikentää valtion päätöksentekojärjestelmien tai esimerkiksi rahaliikenteen toimivuutta •Ikävät tapahtumat tulevat eteemme aina jossain määrin yllätyksenä * varautumisesta ja riskianalyyseista huolimatta.  Asymmetrinen maailma, asymmetriset arvot ja motiivit  Kaikki uhkat eivät välttämättä tule ulkoa

31 National Defence University, professor Hannu H. Kari Page 31/51 Main threats of Internet 1. We loose our confidence 2. Internet does not work 3. We loose data/money with Internet

32 National Defence University, professor Hannu H. Kari Page 32/51 Scenario ”3/2011”

33 National Defence University, professor Hannu H. Kari Page 33/51 Scenario “3/2011” •Election in a small EU country a country famous on ICT usage, including electronic voting •During the election days, a massive DDoS attack is launched against the election system  Electronic voting system is unavailable for several hours  As a back up alternative, people will use ”traditional paper voting system”  No harm done????

34 National Defence University, professor Hannu H. Kari Page 34/51 Scenario “3/2011” •Report for the Council of Europe: Internet voting in the March 2007 Parliamentary Elections in Estonia –Internet attacks, such as DDoS (Distributed Denial of Service) attacks, could have hampered the ability to run the e-voting application. An extension of the e- voting period could potentially make it more difficult to launch such attacks. •... But will anyone really seriously think electronic voting as a viable alternative for paper voting after this??? •NO! We have lost the game permanently

35 National Defence University, professor Hannu H. Kari Page 35/51 Design flaws of Internet

36 National Defence University, professor Hannu H. Kari Page 36/51 Security problems in Internet, samples October 2002, Scientific American ”9 out of 13 root DNS –servers were crippled by DDoS attack” November 2004, Damages caused by worms/viruses, Mikko Hyppönen/F-Secure Slammer: Intranet of nuclear power plant in Ohio down Bank of America ATM network down Blaster: Electric power network down in NY, USA Several SCADA systems down Sasser: All train traffic halted in Australia Two hospitals in Sweden infected January 2005, FBI/Tsunami ”Net criminals used fake web pages of American Red Cross to get credit card data” September 2006, Scientific American ”Attack on DNS (Domain Name System) allows cybercriminal to hijack ordinary netbanking sessions” January 2007, ”Almost 1 Million € stolen from a Scandinavian bank by a Russian hacker with a trojan distributed with spam mail” ”The biggest so far..” January 2005, BBC News ”Internet gambling hit hard by the attacks. Extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid.” May 2007, IT-Viikko ”Attacks on Estonian governmental and commercial net sites”

37 National Defence University, professor Hannu H. Kari Page 37/51 Security problems in Internet, samples DDoS attacks Design flaws DoS, DDoS attacks Criminal intentions Viruses, worms, mallware Criminal intentions DNS attacks Design flaws DoS, DDoS attacks Design flaws Phishing Users’ stupidity Scams Users’ stupidity

38 National Defence University, professor Hannu H. Kari Page 38/51 Who and Why? WHY Motivations: 1.Social behavior 2.Vandalism 3.Money 4.Ideology 5.Military strategic interests WHO Amateurs are just tip of the iceberg •Hackers: Fun, can-I-do-it?, show-up,... (1, 2) The real problem: Professionals •Mafia, organized crime (3) •Industrial espionage, competitors (3) •Cyber terrorists (2, 4) •Terrorist-countries (4, 5) •Military (5 )

39 National Defence University, professor Hannu H. Kari Page 39/51 Internet design criterion •Primary goals –Multiplexing of channel –Various network archtectures –Administrative boundaries –Packet switching –Gateways (routers) between networks •Secondary goals –Robustness (loss of routers and links) –Multiple services (reliable or realtime data) –Usage of various networks –Distributed management –Cost efficient implementation –Simple attachement to network –Resource usage monitoring Based on David D. Clark: ”The Design Philosophy of the DARPA Internet Protocols”

40 National Defence University, professor Hannu H. Kari Page 40/51 Implicit Internet design criterion •Silent assumptions –Benevolence –Openness –Low level of dynamicity –No mobility –Limited computation capacity –High cost of crypto algorithms –Limited bandwidth ASSUMPTIONS NOT VALID ANY MORE !!!

41 National Defence University, professor Hannu H. Kari Page 41/51 Internet design flaws •Original design principles: The enemy is out there! –”Everybody can send anything to anybody” –Security measures are introduced afterwards •The new design principles: The enemy is among us! –We must be prepared to pay for security/reliability •in form of computation power, bandwidth, energy, etc. –Strong security as the fundamental building block –Legal sanctions against malevolent entities  Every packet must have an owner!

42 National Defence University, professor Hannu H. Kari Page 42/51 Security domains

43 National Defence University, professor Hannu H. Kari Page 43/51 Four security domains 2. End-to-end secured communication (Data integrity and confidentiality) 3. Content integrity/authenticity/timelyness (information sharing) 1. Reliable operation of the critical network infrastructure PGP, S/MIME Restricted caller groups IPsec, TLS PLA, MPLS, Freq.hopping, Link encryption, Physical protection, Virtual communities (Knowledge sharing)

44 National Defence University, professor Hannu H. Kari Page 44/51 Four security domains 2. End-to-end secured communication (Data integrity and confidentiality) 3. Content integrity/authenticity/timelyness (information sharing) 1. Reliable operation of the critical network infrastructure PGP, S/MIME Restricted caller groups IPsec, TLS Partial solutions: MPLS, Physical protection 4. Virtual communities (Knowledge sharing) GOOD “BRAND” MANAGEMENT IS MOST IMPORTANT

45 National Defence University, professor Hannu H. Kari Page 45/51 Securing network infrastructure

46 National Defence University, professor Hannu H. Kari Page 46/51 Traditional Internet usage R R

47 National Defence University, professor Hannu H. Kari Page 47/51 Short term solution: Secured Infrastructure Router (SIR) SIR

48 National Defence University, professor Hannu H. Kari Page 48/51 Secured Infrastructure Router (SIR) SIR QoS control, duplication SIR QoS control, duplicate removal QoS reporting, management signaling

49 National Defence University, professor Hannu H. Kari Page 49/51 Alternative SIR operation SIR

50 National Defence University, professor Hannu H. Kari Page 50/51 Conclusions

51 National Defence University, professor Hannu H. Kari Page 51/51 Conclusions •Privacy in Internet is vital –Especially in wireless environment in all 5/6 categories •Risks with Internet are imminent –...due to original design flaws of Internet •Architecture with several levels of security •Plan-B: ”What shall we do, when our network doesn’t work?” •What is the minimum level of service? •How to handle ”Internet brand”

52 National Defence University, professor Hannu H. Kari Page 52/51 NATIONAL DEFENCE UNIVERSITY ”Do the work that has a meaning” Thank you for your Questions? attention!

53 National Defence University, professor Hannu H. Kari Page 53/51 Good/Bad things of Internet •Google.cn: ”tiananmen square” – 12 first image hits

54 National Defence University, professor Hannu H. Kari Page 54/51 Good/Bad things of Internet •Google.com: ”tiananmen square” – 12 first image hits


Download ppt "National Defence University, www.mpkk.fi professor Hannu H. Kari Page 1/51 Attacking (wireless) Internet Hannu H. Kari professor, research director National."

Similar presentations


Ads by Google