Presentation on theme: "Carnegie Mellon Opportunities and Challenges in Security Pradeep K. Khosla Chancellor UC San Diego Cybersecurity: Implications for the Country."— Presentation transcript:
Carnegie Mellon Opportunities and Challenges in Security Pradeep K. Khosla Chancellor UC San Diego Cybersecurity: Implications for the Country
Carnegie Mellon Over 900 Million people online worldwide Growing Number of Connected Apps, P2P, Web Services Increasing reliance on Wireless, Handheld dev CyberSecurity Threats Globalized – Growing in number and Complexity Over 900 Million people online worldwide Growing Number of Connected Apps, P2P, Web Services Increasing reliance on Wireless, Handheld dev CyberSecurity Threats Globalized – Growing in number and Complexity 105M PCs in 1990 Growing Connectivity Mainstream Users and Economy depend on IT Growing Threats (Viruses, Worms, etc) 25K reported incidents in decade 105M PCs in 1990 Growing Connectivity Mainstream Users and Economy depend on IT Growing Threats (Viruses, Worms, etc) 25K reported incidents in decade 5M computers in 1980 Limited Connectivity Tech Savvy Users Limited Security Threats (Floppy Disks) 5M computers in 1980 Limited Connectivity Tech Savvy Users Limited Security Threats (Floppy Disks) Changing Landscape of Computing and Communications Source: CERT, Carnegie Mellon University, eTForecasts, Global Reach Late 1980s 1990s 2000s
Carnegie Mellon Exponents Control Our Life Speed of Microprocessor chips doubles every 12-18 months Storage Density doubles every 12 months Bandwidth is doubling every 12 months Price keeps on dropping making the technology affordable and pervasive
Carnegie Mellon CERT/CC Incident Reports and S/W Vulnerability Reports
Carnegie Mellon Current State of CyberSecurity Security Through Patches Cause of major costs in complex Industrial IT environments Systems and Services “die” under an attack Service Disruption causes economic and productivity loss Disruption of Critical Infrastructure (Banks, Telephone, Power, etc) Patched Approach to Security across the System Melissa virus: $1 billion in damages (Computer Economics) Lloyds of London put the estimate for Love Bug at $15 billion 3.9 million systems infected 30 days to clean up (Reuters) Code Red cost $1.2 billion in damages and $740 million to clean up from the 360,000 infected servers 1999 2000 2001 Slammer $1 billion in damages 2003
Carnegie Mellon Hours Time Weeks or months Days Minutes Seconds Human response: difficult/impossible Automated response: possible Early 1990sMid 1990sLate 1990s20002003 Human response: impossible Automated response: Will need new paradigms Proactive blocking: possible IT Systems Threat Evolution in the Future Contagion Timeframe File Viruses Macro Viruses e-mail Worms Blended Threats “Warhol” Threats “Flash” Threats Human response: possible
Cyber Security: Threats, Vulnerabilities and Risks Disclosure of Health Records Sabotage of Operations/Service Theft of Trade Secrets EFT Fraud Loss of Client Confidence Legal Liability Embedded devices in hospitals Disgruntled Employees Organized Crime Hackers Cyber Terrorists Competitors Governments ThreatsRisks OS Network Supply Chain Applications Databases PCs, PDA, Phones Embedded/networked devices Middleware E-x Communities (e- government, e- commerce, etc) Vulnerabilities
Carnegie Mellon Questions to Consider: Why is the anti spam legislation ineffective? Why are more hackers not caught and prosecuted? How does legislation to disclose vulnerabilities (before the bugs are fixed) help in securing the computing and networking infrastructure? Does it really help the consumer? Is there a way to stop DDoS attacks? Why are we unable to build and deploy systems that “operate through attacks” Can any single company (by making their product secure) make the infrastructure/services secure? Are our kids/citizens “cyberaware”? Would it help if they were “cyberaware”?
Carnegie Mellon Axioms and Assumptions There is no notion of 100% Security – in fact, I believe it is unachievable The adversary is as smart and sophisticated as we are Attacks will happen!! Cybersecurity is not about stopping attacks….. …It is about building Systems and Services that “Operate through an Attack” Need to invest consistently in R&D and education/training to keep one step ahead
Carnegie Mellon What Is Needed? Better Software Improved SW Engineering and development processes New diagnostic tools and metrics Vulnerability discovery/elimination tools Malware detection/elimination tools Perpetually Available Systems Self-aware, self-securing computing and network infrastructure Secure wireless networks, Sensor Networks, RFID Systems Better Identification/Authentication, Access Control mechanisms Multi-biometric technologies for Capture-resilient portable devices (phones, PDAs, laptops, etc.)
Carnegie Mellon What Is Needed - Cont’d Better Risk Management to enable informed decisions about SW enterprises currently use, are considering buying, or are developing Objective measurements of SW artifacts (code, designs, etc.) plus environment information as input to a robust risk model Balance of privacy and security Better government Policy and Informed Legislation Education, Training, and Awareness at all levels PhD researchers, professional degrees, executive education End-user awareness training Integration into school curricula at all levels International collaboration
Carnegie Mellon Survivable Storage Systems (Ganger et al) Perpetually Available Information should always be available even when some system components (computers) are down or unavailable Perpetually Secure and Self Healing Information integrity and confidentiality should always be enforced even when some system components are compromised Graceful in degradation Information access functionality and performance should degrade gracefully as system components fail Assumptions – Some components will fail, some components will be compromised, some components will be inconsistent, BUT...surviving components allow the information storage system to survive
Carnegie Mellon Decimate and Disperse Information Decimate Information and create a “1000 piece” puzzle Store this information on “1000 computers” Under an attack Adversary gains access to a few “puzzle pieces” and most likely no information Legitimate user cannot reconstruct the original information
Carnegie Mellon Decimate, Replicate, and Disperse Information Decimate Information and create multiple “1000 piece” puzzles Store this information on “1000 computers” Under an attack Adversary gains access to a few “puzzle pieces” and most likely no information Legitimate user can reconstruct the original information System can heal itself – identify corrupted information and repair it
Carnegie Mellon DDoS Attack Threats DDoS attacks represent a significant threat Hackers commandeer large botnets and rent them out to interested parties Spam email Racketeering/extortion Paralyze cyber infrastructure Many examples DDoS attacks against DNS, Akamai, Microsoft Extortion attacks against gambling web sites Spammers attack anti-spam web sites Music publishers DoS P2P networks
Carnegie Mellon Integrated Multi-technology Strategy Security will never be solved by a single technology or a single vendor Imagine the following technologies Packet Tracing – will allow one to pinpoint the source of an attack packet Multi-modal real-time biometric authentication – will allow one to confirm the identity of a user of a machine at any time Some Issues Regulation – can you force users to use biometrics? Privacy – how will this be achieved? Who will pay for infrastructure
Carnegie Mellon Mobile/Embedded Devices Are the Future Converged mobile devices (“smartphones”) Affordable Access on the move for all – ability to download data to local storage, run applications, and store user data beyond PIM capabilities IDC: Smartphones show “significant growth and future promise”, with compound annual growth rate of ~86% projected through 2007 RFID, Embedded Sensors and Sensor Networks Will form the infrastructure for tracking, monitoring, control
Carnegie Mellon New Applications on the Horizon Smart phones work like train tickets AP, February 22, 2005... With a service planned for launch in January next year, they'll be able to use their mobile phones in place of the cards to pay for their train fares … Users will also be able to use their Suica-compatible cell phones to pay at some restaurants, convenience stores and shops. … The service will later be expanded to include online shopping and reserved ticket purchases. $5000? Put it on my cell BusinessWeek Online, June 6, 2005 … After introducing handsets last year that double as debit cards allowing users to pay for small purchases such as soda or coffed from vending machines and convenience stores the company this year plans to make those phones full- fledged credit cards. … Technically, transforming phones into credit cards shouldn’t give DoCoMo’s engineers too much trouble. Since last July, DoCoMo has sold some 3 million handsets with FeliCa chips … Nearly 60% of customers with FeliCa phones use the service at least once a week.
Carnegie Mellon Progress through Cellphone Deployment The Real Digital Divide Encourage the spread of mobile phones is the most sensible and effective response to the digital divide The Economist, March 10, 2005 … The digital divide that really matters, then, is between those with access to a mobile network and those without. The good news is that the gap is closing fast. The UN has set a goal of 50% access by 2015, but a new report from the World Bank notes that 77% of the world’s population already lives within range of a mobile network.
Carnegie Mellon Security and Survivability are Critical Enabling Technologies for Mobile-X Secure Downloads Secure Transactions Content Protection Delegating Authority CORPORATE PRODUCTIVITY M-COMMERCE LOCATION SERVICES ENTERTAINMENT Requirements: Security Privacy Capture Resilient Devices “Personal Trusted Devices”
Carnegie Mellon The Grey System [Bauer, Garriss, McCune, Reiter, & Rouse] Existing efforts utilize these devices as a replacement for existing mechanisms (charge card, physical keys, …) However, we believe this device-centric paradigm can support more flexible approaches than previously possible Loan you my car without giving you my phone Send money from my phone to my daughter’s phone Give your secretary temporary access to your email without revealing information (e.g., password) that could be used at a later time Use your phone to open your hotel room door, without ever stopping by the front desk … and do it all from a distance
Carnegie Mellon Some Challenges A sufficiently flexible authorization infrastructure Must support usual modes of access and delegation for each protection mechanism it is to replace, and more Device theft Should ensure that stolen devices cannot be misused Usability Human-to-device authentication Device-to-device authentication Access-control policy creation
Carnegie Mellon Biometrics Is the Key! Most current methods rely on passwords, ID cards that can be easily forgotten or stolen Future: Identity Recognition for access to systems, spaces, and services based on Intelligent fusion multiple biometrics (face, voice, signature, iris, fingerprint…..) PCs and Cell phones with camera and fingerprint sensor (LG-LP3350 – Summer 2005) Internet Authenticated - Secure Channel NO Biometrics Finger + Face Voice Signature PKI Token PKI Client Side e-Bank On-line Shop Friend Server Side
Carnegie Mellon Examples of Different Biometrics Face Fingerprint Voice Palmprint Hand Geometry Iris Retina Scan Voice DNA Signatures Gait Keystroke
Carnegie Mellon Identification vs Verification Identification: Match a person’s biometrics against a database to figure out his/her identity by finding the closest match. Commonly referred to as 1:N matching Verification: The person claims to be ‘John’, system must match and compare his/hers biometrics with John’s stored Biometrics. If they match, then user is ‘verified’ or authenticated that he is indeed ‘John’ Typically referred as 1:1 matching.
Carnegie Mellon Challenges in Biometrics (e.g. Face & Fingerprint) Pose Illumination Expression Occlusion Time lapse Real Problem – Verification Accuracy and False Acceptance rate
Carnegie Mellon Real-time Identification and Authentication
Carnegie Mellon Low Complexity Algorithm for PDA
Carnegie Mellon How will this be accomplished? A partnership involving industry, government, and academia to develop technologies for protecting the global information infrastructure and the physical infrastructures that depend upon it To create a new era of MAST computing and communication systems and services Measurable Available Secure and Sustainable Trustworthy Integrating Research and Development, and Education with next generation CERT like functions
Carnegie Mellon More Questions to Consider: Why are more hackers not caught and prosecuted? Guaranteed Packet tracing + real-time biometrics on every computer Issues – Should there be legislation? Or will this be forced by vendors? How does legislation to disclose vulnerabilities (before the bugs are fixed) help in securing the computing and networking infrastructure? Does it really help the consumer? I don’t think this helps. Bad idea but somehow the lawmakers don’t get it Maybe – A federally funded assurance facility that allows for voluntary testing of software components is the answer Is there a way to stop DDoS attacks? Pi+SIFF+FIT technologies Who will pay for infrastructure upgrade? Should the government mandate it? Why are we unable to build and deploy systems that “operate through attacks” Point solutions exist.
Carnegie Mellon More Questions to Consider: Why is the anti spam legislation ineffective? Would not only require technologies but consistent international laws, their enforcement, and collaboration Can any single company (by making their product secure) make the infrastructure/services secure? Certainly not Are our kids/citizens “cyberaware”? Do they need to be “cyberaware”? Not yet but we need to keep on working. Cyberawareness will certainly contribute to reducing the velocity of propagation CyberSecurity is complex because it: is integration of several disparate technologies requires technologists, business people, policy/lawmakers to work together
Carnegie Mellon Opportunities and Challenges in Security Thank you. Cybersecurity: Implications for the Country