carnegie mellon opportunities and challenges in security pradeep k. khosla chancellor uc san diego...
TRANSCRIPT
Carnegie Mellon
Opportunities and Challenges in Security
Pradeep K. KhoslaChancellor
UC San Diego
Cybersecurity: Implications for the Country
Carnegie Mellon
• Over 900 Million people online worldwide
• Growing Number of Connected Apps, P2P, Web Services
• Increasing reliance on Wireless, Handheld dev
• CyberSecurity Threats Globalized – Growing in number and Complexity
• Over 900 Million people online worldwide
• Growing Number of Connected Apps, P2P, Web Services
• Increasing reliance on Wireless, Handheld dev
• CyberSecurity Threats Globalized – Growing in number and Complexity
• 105M PCs in 1990
• Growing Connectivity
• Mainstream Users and Economy depend on IT
• Growing Threats (Viruses, Worms, etc)
• 25K reported incidents in decade
• 105M PCs in 1990
• Growing Connectivity
• Mainstream Users and Economy depend on IT
• Growing Threats (Viruses, Worms, etc)
• 25K reported incidents in decade
• 5M computers in 1980
• Limited Connectivity
• Tech Savvy Users
• Limited Security Threats (Floppy Disks)
• 5M computers in 1980
• Limited Connectivity
• Tech Savvy Users
• Limited Security Threats (Floppy Disks)
Changing Landscape of Computing and Communications
Source: CERT, Carnegie Mellon University, eTForecasts, Global Reach
Late 1980s
1990s2000s
Carnegie Mellon
Exponents Control Our Life Speed of Microprocessor chips doubles
every 12-18 months Storage Density doubles every 12
months Bandwidth is doubling every 12 months Price keeps on dropping making the
technology affordable and pervasive
Carnegie Mellon
CERT/CC Incident Reports and S/W Vulnerability Reports
Carnegie Mellon
Current State of CyberSecurity Security Through Patches
Cause of major costs in complex Industrial IT environments
Systems and Services “die” under an attack Service Disruption causes economic and productivity loss Disruption of Critical Infrastructure (Banks, Telephone,
Power, etc)
Patched Approach to Security across the SystemMelissa virus: $1 billion in damages (Computer Economics)
Lloyds of London put the estimate for Love Bug at $15 billion3.9 million systems infected 30 days to clean up
(Reuters) Code Red cost $1.2 billion in damages
and $740 million to clean up from the 360,000 infected servers
1999 2000 2001
Slammer $1 billion in damages
2003
Carnegie Mellon
Hours
Time
Weeks or months
Days
Minutes
Seconds
Human response: difficult/impossibleAutomated response: possible
Early 1990s Mid 1990s Late 1990s 2000 2003
Human response: impossibleAutomated response: Will need new paradigmsProactive blocking: possible
IT Systems Threat Evolution in the Future
Co
nta
gio
n T
imef
ram
e
File Viruses
Macro Viruses
e-mail Worms
Blended Threats
“Warhol” Threats
“Flash” Threats
Human response: possible
Carnegie Mellon
Carnegie Mellon
Cyber Security: Threats, Vulnerabilities and Risks
Disclosure of Health Records
Sabotage of Operations/Service
Theft of Trade Secrets
EFT Fraud Loss of Client
Confidence Legal Liability Embedded devices in
hospitals
Disgruntled Employees
Organized Crime Hackers Cyber Terrorists Competitors Governments
ThreatsThreats RisksRisks
OS Network Supply Chain Applications Databases PCs, PDA, Phones Embedded/networked
devices Middleware E-x Communities (e-
government, e-commerce, etc)
VulnerabilitiesVulnerabilities
Carnegie Mellon
Questions to Consider: Why is the anti spam legislation ineffective?
Why are more hackers not caught and prosecuted?
How does legislation to disclose vulnerabilities (before the bugs are fixed) help in securing the computing and networking infrastructure? Does it really help the consumer?
Is there a way to stop DDoS attacks?
Why are we unable to build and deploy systems that “operate through attacks”
Can any single company (by making their product secure) make the infrastructure/services secure?
Are our kids/citizens “cyberaware”? Would it help if they were “cyberaware”?
Carnegie Mellon
Axioms and Assumptions There is no notion of 100% Security – in fact, I believe it
is unachievable The adversary is as smart and sophisticated as we are Attacks will happen!!
Cybersecurity is not about stopping attacks…..…It is about building Systems and Services that “Operate
through an Attack”
Need to invest consistently in R&D and education/training to keep one step ahead
Carnegie Mellon
What Is Needed? Better Software
Improved SW Engineering and development processes New diagnostic tools and metrics
• Vulnerability discovery/elimination tools• Malware detection/elimination tools
Perpetually Available Systems Self-aware, self-securing computing and network
infrastructure Secure wireless networks, Sensor Networks, RFID Systems
Better Identification/Authentication, Access Control mechanisms Multi-biometric technologies for Capture-resilient portable
devices (phones, PDAs, laptops, etc.)
Carnegie Mellon
What Is Needed - Cont’d Better Risk Management to enable informed decisions about
SW enterprises currently use, are considering buying, or are developing Objective measurements of SW artifacts (code, designs,
etc.) plus environment information as input to a robust risk model
Balance of privacy and security Better government Policy and Informed Legislation Education, Training, and Awareness at all levels
PhD researchers, professional degrees, executive education
End-user awareness training Integration into school curricula at all levels
International collaboration
Carnegie Mellon
Survivable Storage Systems (Ganger et al) Perpetually Available
Information should always be available even when some system components (computers) are down or unavailable
Perpetually Secure and Self Healing Information integrity and confidentiality should always be enforced
even when some system components are compromised Graceful in degradation
Information access functionality and performance should degrade gracefully as system components fail
Assumptions – Some components will fail, some components will be compromised, some components will be inconsistent, BUT...surviving components allow the information storage system to survive
Carnegie Mellon
Decimate and Disperse Information Decimate Information and
create a “1000 piece” puzzle Store this information on “1000
computers” Under an attack
Adversary gains access to a few “puzzle pieces” and most likely no information
Legitimate user cannot reconstruct the original information
Carnegie Mellon
Decimate, Replicate, and Disperse Information Decimate Information and create
multiple “1000 piece” puzzles Store this information on “1000
computers” Under an attack
Adversary gains access to a few “puzzle pieces” and most likely no information
Legitimate user can reconstruct the original information
System can heal itself – identify corrupted information and repair it
Carnegie Mellon
DDoS Attack Threats DDoS attacks represent a significant threat
Hackers commandeer large botnets and rent them out to interested parties Spam email Racketeering/extortion Paralyze cyber infrastructure
Many examples DDoS attacks against DNS, Akamai, Microsoft Extortion attacks against gambling web sites Spammers attack anti-spam web sites Music publishers DoS P2P networks
Carnegie Mellon
Integrated Multi-technology Strategy
Security will never be solved by a single technology or a single vendor
Imagine the following technologies Packet Tracing – will allow one to pinpoint the source of an attack
packet Multi-modal real-time biometric authentication – will allow one to
confirm the identity of a user of a machine at any time Some Issues
Regulation – can you force users to use biometrics? Privacy – how will this be achieved? Who will pay for infrastructure
Carnegie Mellon
Mobile/Embedded Devices Are the Future
Converged mobile devices (“smartphones”) Affordable Access on the move for all – ability to
download data to local storage, run applications, and store user data beyond PIM capabilities
IDC: Smartphones show “significant growth and future promise”, with compound annual growth rate of ~86% projected through 2007
RFID, Embedded Sensors and Sensor Networks Will form the infrastructure for tracking, monitoring,
control
Carnegie Mellon
New Applications on the HorizonSmart phones work like train ticketsAP, February 22, 2005... With a service planned for launch in January next year, they'll be able to use their mobile phones in place of the cards to pay for their train fares … Users will also be able to use their Suica-compatible cell phones to pay at some restaurants, convenience stores and shops. … The service will later be expanded to include online shopping and reserved ticket purchases.
$5000? Put it on my cellBusinessWeek Online, June 6, 2005… After introducing handsets last year that double as debit cardsallowing users to pay for small purchases such as soda or coffed from vending machines and convenience storesthe company this year plans to make those phones full-fledged credit cards. … Technically, transforming phones into credit cards shouldn’t give DoCoMo’s engineers too much trouble. Since last July, DoCoMo has sold some 3 million handsets with FeliCa chips … Nearly 60% of customers with FeliCa phones use the service at least once a week.
Carnegie Mellon
Progress through Cellphone Deployment
The Real Digital DivideEncourage the spread of mobile phones is the most sensible and effective response to the digital divideThe Economist, March 10, 2005… The digital divide that really matters, then, is between those with access to a mobile network and those without. The good news is that the gap is closing fast. The UN has set a goal of 50% access by 2015, but a new report from the World Bank notes that 77% of the world’s population already lives within range of a mobile network.
Carnegie Mellon
Security and Survivability are Critical Enabling Technologies for Mobile-X
Secure Downloads
Secure Transactions
Content Protection
Delegating Authority
CORPORATEPRODUCTIVITY
M-COMMERCE
LOCATIONSERVICES
ENTERTAINMENT
Requirements:SecurityPrivacyCapture Resilient Devices
“Personal Trusted Devices”
Carnegie Mellon
The Grey System[Bauer, Garriss, McCune, Reiter, & Rouse]
Existing efforts utilize these devices as a replacement for existing mechanisms (charge card, physical keys, …)
However, we believe this device-centric paradigm can support more flexible approaches than previously possible Loan you my car without giving you my phone Send money from my phone to my daughter’s phone Give your secretary temporary access to your email without revealing
information (e.g., password) that could be used at a later time Use your phone to open your hotel room door, without ever stopping by
the front desk
… and do it all from a distance
Carnegie Mellon
Some Challenges A sufficiently flexible authorization infrastructure
Must support usual modes of access and delegation for each protection mechanism it is to replace, and more
Device theft Should ensure that stolen devices cannot be misused
Usability Human-to-device authentication Device-to-device authentication Access-control policy creation
Carnegie Mellon
Biometrics Is the Key! Most current methods rely on passwords, ID cards that can be easily forgotten or
stolen Future: Identity Recognition for access to systems, spaces, and services based
on Intelligent fusion multiple biometrics (face, voice, signature, iris, fingerprint…..) PCs and Cell phones with camera and fingerprint sensor (LG-LP3350 – Summer
2005)
Internet
Authenticated - Secure Channel
NO Biometrics Finger + Face
Voice Signature
PKI Token
PKI
Client Side
e-Bank
On-line Shop
Friend
Server Side
Carnegie Mellon
Examples of Different Biometrics
Face Fingerprint Voice Palmprint Hand Geometry Iris Retina Scan Voice DNA Signatures Gait Keystroke
Carnegie Mellon
Identification vs Verification Identification:
Match a person’s biometrics against a database to figure out his/her identity by finding the closest match.
Commonly referred to as 1:N matching Verification:
The person claims to be ‘John’, system must match and compare his/hers biometrics with John’s stored Biometrics.
If they match, then user is ‘verified’ or authenticated that he is indeed ‘John’
Typically referred as 1:1 matching.
Carnegie Mellon
Challenges in Biometrics (e.g. Face & Fingerprint)
• Pose
• Illumination
• Expression
• Occlusion
• Time lapse
• Real Problem – Verification Accuracyand False Acceptance rate
Carnegie Mellon
Illumination Variability
Carnegie Mellon
Real-time Identification and Authentication
Carnegie Mellon
Low Complexity Algorithm for PDA
Carnegie Mellon
How will this be accomplished? A partnership involving industry, government, and academia to
develop technologies for protecting the global information infrastructure and the physical infrastructures that depend upon it
To create a new era of MAST computing and communication systems and services Measurable Available Secure and Sustainable Trustworthy
Integrating Research and Development, and Education with next generation CERT like functions
Carnegie Mellon
More Questions to Consider: Why are more hackers not caught and prosecuted?
Guaranteed Packet tracing + real-time biometrics on every computer Issues – Should there be legislation? Or will this be forced by vendors?
How does legislation to disclose vulnerabilities (before the bugs are fixed) help in securing the computing and networking infrastructure? Does it really help the consumer? I don’t think this helps. Bad idea but somehow the lawmakers don’t get it Maybe – A federally funded assurance facility that allows for voluntary testing of
software components is the answer Is there a way to stop DDoS attacks?
Pi+SIFF+FIT technologies Who will pay for infrastructure upgrade? Should the government mandate it?
Why are we unable to build and deploy systems that “operate through attacks” Point solutions exist.
Carnegie Mellon
More Questions to Consider: Why is the anti spam legislation ineffective?
Would not only require technologies but consistent international laws, their enforcement, and collaboration
Can any single company (by making their product secure) make the infrastructure/services secure? Certainly not
Are our kids/citizens “cyberaware”? Do they need to be “cyberaware”? Not yet but we need to keep on working. Cyberawareness will certainly
contribute to reducing the velocity of propagation
CyberSecurity is complex because it: is integration of several disparate technologies requires technologists, business people, policy/lawmakers to work together
Carnegie Mellon
Opportunities and Challenges in Security
Thank you.
Cybersecurity: Implications for the Country