2. The Unwired Society: Flexible and Robust but Dangerously Vulnerable Jan A Audestad Senior adviser, Telenor Corporate Management Professor, Norwegian University of Science and Technology Professor, Gjøvik University college

3. 2 The grand picture 1: Size of computer infrastructure 1 billion personal computers Between 1000 and 10 000 billion CPUs Most of them are autonomous –Sensors, accessories, terminals, smart cards, factories, utilities, vehicles, aircraft, infrastructure, RFIDs … They are ubiquitous –Industrial and societal management, work processes, logistics, transport, banking and finance, production and dissemination of information, entertainment … They are interconnected – directly or indirectly They are getting more and more mobile

4. 3 The grand picture 2: The disruptive history of ICT 19952005 Simplicity Transition Complexity 1995 2005 1995 2005 100% Dependence on ICT Interconnectivity of CPUs # of CPUs Computational power factor of increase 1 1000 000 1000

5. 4 Texas Instruments: http://www.ti.com/rfid/docs/images.shtmlhttp://www.ti.com/rfid/docs/images.shtml Reality – not fiction

6. 5 The grand picture 3: Network upon network upon network 500 000? 10 000 billion? 1000 000 billion? Not just one network but many (web, email, banking…)

7. 6 Characteristics Vertical independence Independent growth and evolution Independent dynamics Stochastically independent Independent complexity Two things in common: Scale-freeness (or thick-tailedness) Small-worldness: short distance between pages on the web (about 20 mouse-clicks), few routers in any connection between CPUs

8. 7 Scale-free graphs Discovered by Albert and Barabási in 1999 First comprehensive theories 2000-02 Natural growth algorithms –E.g., add one new node and connect it to a previous node with probability proportional to the degrees of that node Degree g  # of links (  5) Nature: metabolism, food web, sex, AIDS… Social: influence, co-ownership, co-authorship… Technical: internt, web, email…

9. 8 Characteristics of scale-free networks Degree distributed as g  (  is constant). (In ordinary random graphs, degree is Poisson distributed.)  thick-tailed distribution  large probability for large g In the previous example:   2  average degree   ! log(#) log(degree) (  ) Scale-free Ordinary random

10. 9 Structure of scale-free graph Some nodes are more important than other: search engines on the web, companies with large email address lists, large banks, politically influential people. These nodes are called hubs.

11. 10 Random attack Take away random nodes and the network is still connected

12. 11 Targeted attack If the hubs are attacked, the network disintegrates

13. 12 Observations Scale-free networks are robust against random attacks –This is why they are so frequent in nature – nature is random. Internet is very robust by design Scale-free networks are very vulnerable for targeted attacks –The ICT infrastructure is vulnerable because an adversary may find out how it looks like and direct the attack against the hubs Scale-free networks are thus structurally vulnerable!!

14. 13 Protection of society Fault avoidance –Firewalls, access control –Protects against the known but not the unknown –Does not protect the structure of the network Fault tolerance –Automatic recovery (restart, reboot, checkpointing), isolation, redundancy, degeneracy –Identify ICT dependence of infrastructures and remove/reduce structural vulnerability by –identifying the network structures at all layers –reshaping one or more of these structures

15. 14 Structure of physical network Internet Access Fixed Mobile 100% 1995 2005 Fixed vs mobile 1995 2005 Access# Internet Growth

16. 15 Effect on vulnerability Number of CPU accesses increasesMore contamination points Increasing mobility Every access is a potential contamination point More contamination relations Scale-freenessNo epidemic threshold

17. 16 From fixed to mobile periphery Our own devices: who is inside and who is outside the local system? With whom do we communicate and how?

18. 17 Three fundamentally different accesses CPU access to physical network –this is what we usually understand by access –Based on user and terminal characteristics CPU access to other CPUs –This is what actually happens –IP security (confidentiality) Access to software (applications) –This is what we want! –And actually gets! –User profile access screening –TCP security (confidentiality, integrity)

19. 18 What the user wants from wireless access systems Openness –allowing easy access to as many networks and applications as possible Security –against fraud, damage, theft, misuse etc Anonymousness –access without disclosing identity –Untraceability Accountability –prove that transactions took place as specified (non- repudiation) The first easy to build into the system – the other three difficult

20. 19 What the designer and the operator must provide Secure protocols between CPUs Tamper-resistant electronics for storing profiles and encryption/authentication keys in devices Device identification and access profiles Platforms allowing user profiles (e.g., access rights) to be stored in secure databases that are accessible by the network or remote CPUs Protocols and algorithms that ensure both anonymity and accountability This must be built into the design and not fitted afterwards!!!

21. 20 … in an environment with these characteristics Supporting a versatile set of applications with several levels of security requirement and operating characteristics Autonomous creation and reconfiguration of network topologies Automatic presence detection, and autonomous connection and verification of devices Automatic enforcement of security profiles Automatic restoration after failures