Presentation is loading. Please wait.

Presentation is loading. Please wait.

The role of identity David D.Clark July, 2012. 2 The role of identity A requirement for identity comes up often: Detect misdirection attacks on communication.

Published byAlena Liddiard Modified over 9 years ago

Similar presentations

Presentation on theme: "The role of identity David D.Clark July, 2012. 2 The role of identity A requirement for identity comes up often: Detect misdirection attacks on communication."— Presentation transcript:

1 The role of identity David D.Clark July, 2012

2 2 The role of identity A requirement for identity comes up often: Detect misdirection attacks on communication. Detect invalid (unauthentic) pieces of information. Validate identity/authority of incoming connections to prevent infiltration attacks. Allow application/network to pick desired communication pattern, to insert the desired degree of checking into the path between communicating parties, depending on the degree of trust between the parties. Hold parties accountable for their actions. Should a future Internet include identity mechanisms?

3 3 Designing identity schemes There is more than one way we could approach identity. A private matter among end-nodes. E.g. encrypted or meaningless except at end points. Signal of identity that is visible in the network. Surveillance cameras in cyberspace. Facilitate both policing (perhaps) and repression. Third-party credentials vs. continuity-based familiarity. Revocable anonymity. Anonymity can only be revoked by its creators. Probably need all in different circumstances, so architecture should not constrain. These are not choices to be made by technologists alone. Need a multi-disciplinary conversation. I am very fearful of getting this wrong.

4 Deterrence and identity Deterrence implies the ability to impose a cost on an actor that carries out an inappropriate action. Which implies the need to identify the actor. Which has led to calls in Washington for an “accountable” Internet. Which could be both ineffective and harmful.

5 Consider attribution as a tool Sort out various dimensions of attribution. Person, machine, aggregate entity. Private vs. visible. Identify key non-technical issues Jurisdiction Variation in laws and norms Relate to design of attacks Multi-stage attacks. Draw a few conclusions.

6 Attribution today—packets At the packet level, IP addresses. Directly identify a machine. Only indirectly linked to person. DMCA and the RIAA. Rules depend on jurisdiction. Can be mapped (imprecisely) to larger aggregates such as countries and institutions. Commercial practice today for web queries. Can be forged, but too much is made of that. Can be observed in the network by third parties.

7 Attribution today--applications Many applications include methods by which each end can verify the identity of the others. Banking. Sometimes a third party is involved. E-commerce, certificates. Sometimes the identity is private to the parties. Self-signed certificates. Sometimes the goal is “no identity”. Sites providing health information. Identity information can be hidden in transit.

8 A seeming dichotomy Two kinds of attribution. Machine-level visible to third parties. Personal identity selectively deployed and private to the end-points. Is this structure an accident? Not really. Consistent with a general approach to do “no more than necessary” as a requirement.

9 What sort of deterrence? Criminal prosecution. Might seem to require “person-level” identity of forensic quality. But this may not be right. Prosecutors like physical evidence. Use of network-based attribution may be more important in guiding the investigation. Espionage Often want to assign responsibility to an institution or a state. Cyber-warfare Again, need state/actor-level attribution.

10 Anti-attribution Critical for many purposes. Current approaches: TOR Freegate VPNs. Note: they serve to mask IP-level information.

11 Designing attacks Many attacks are “multi-stage”. Person at computer A penetrates machine B to use it as a platform to attack machine C. DDoS is obvious example, but not only one. Intended to make attribution harder. Attackers are clever. A form of identity theft. Tracing an attack “back to A” implies: Support at intermediate points: issue of jurisdiction. Use of machine addresses.

12 Issues of jurisdiction Many sorts of variation. Rules for binding identity to IP addresses. Rules for when this can be disclosed. And to whom. Support for timely traceback of multi-stage attacks. Attackers “venue-shop”. Might imply a two-level response. Both at the actor and the jurisdiction level.

13 13 Identity schemes invite deception Both a human and a technical problem. How do you know what information to trust? Credentials? Continuity? Collaborative filtering (trust again). Identity itself should be rich and heterogeneous Integrity through availability. How can we avoid illusion on the screen? Remember that a human is not always present. Need ability (perhaps in restricted circumstances) to delegate decision to a program.

14 Some conclusions IP addresses are more useful than sometimes thought. Any proposals/policies for better attribution should take into account: Multi-stage attacks. The need for “anti-attribution. Cross-jurisdiction issues are central. Within one jurisdiction, with a single stage activity, RIAA has demonstrated deterrence.

15 More conclusions Research should focus on mitigating multi-stage attacks, not “better tools for identity”. Multi-stage attack imply identity theft. Solutions will not be purely technical. Redesign of applications can mitigate many problems. Problems arise at that level… Integrate attribution into the application in ways consistent with needs of the dominant actor. Tight controls or none, depending on circumstances. Different patterns of communication.

16 16 A final issue—private association An essential characteristic of a civil society is freedom of association. Can join and leave groups at will. Can participate without fear or harassment. “Private association”. Protection can be legal or technical. Should we try for technical? Any form of identity revealed in the network provides a basis for third parties to observe patterns of association. In vocabulary of security: traffic analysis. But this is what is being called for to attribute bad actions to perpetrators. What constitutes a bad action, and who gets to say? Technology works the same everywhere.

17 My conclusion Better tools for personal attribution should not be a primary part of a future Internet. Does not do much good; does much harm. Applications should tailor their use of identity to the specifics of the situation.

Download ppt "The role of identity David D.Clark July, 2012. 2 The role of identity A requirement for identity comes up often: Detect misdirection attacks on communication."

Similar presentations

Architecture from the top down David D. Clark MIT CSAIL April, 2009.

Architecture from the top down David D. Clark MIT CSAIL April, 2009.
Architectural issues for network-layer identifiers Stefan Savage Dept of Computer Science & Engineering UC San Diego.

Architectural issues for network-layer identifiers Stefan Savage Dept of Computer Science & Engineering UC San Diego.
1 Designing a future Internet: Architecture and requirements David Clark MIT CSAIL August 2008.

1 Designing a future Internet: Architecture and requirements David Clark MIT CSAIL August 2008.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Information-Centric Networks02b-1 Week 2 / Paper 2 Tussle in Cyberspace: Defining Tommorow’s Internet –David D. Clark, John Wroclawski, Karen R. Sollins.

Information-Centric Networks02b-1 Week 2 / Paper 2 Tussle in Cyberspace: Defining Tommorow’s Internet –David D. Clark, John Wroclawski, Karen R. Sollins.
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Risks with IP-based Emergency Services draft-ietf-ecrit-trustworthy-location.

Risks with IP-based Emergency Services draft-ietf-ecrit-trustworthy-location.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Chapter 12 Network Security.

Chapter 12 Network Security.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Similar presentations

Ads by Google