enforcing privacy for critical infrastructures - etsi · precyse methodology metrics iso2700x...
TRANSCRIPT
Enforcing Privacy for Critical Infrastructures
EUROPEAN COMMISION
Infrastructures
By Nils UlltveitUniversity of Agder,Norway
Sophia Antipolis, France, 17. January 2013
EUROPEAN COMMISION
Enforcing Privacy for Critical InfrastructuresInfrastructures
By Nils Ulltveit-MoeUniversity of Agder,
Sophia Antipolis, France, 17. January 2013
PRECYSE Methodology
Metrics
ISO2700xSecurity Management
standard
Overarching requirements
Other standardsand best practices(NIST, ISA99 etc.)
Methodology
VeriniceISMS tool
Security
MageritRisk assessment
Checklists
Benchmarking
Relationships
ArchitecturePRECYSE tools
ReportsCheck resultsArchitecture
improvements
Protect against attack
Prevent attacks
ISMS tool
Privacyenforcement
EUROPEAN COMMISIONPRECYSE Methodology
Other standardsand best practices(NIST, ISA99 etc.)
Legal, Ethical, PrivacyAnd Policy issues.
(WP8)
Productionsystem
Real
TrustResiliencePrivacy
Checklists
Vuln. Ass.
Benchmarking
Relationships
Architecture
Vulnerabilityassessment
AssetsTest
system
Controls
Gapanalysis
Privacymetrics
Recent Threats on Critical Information Infrastructures EUROPEAN COMMISION
Recent Threats on Critical Information Infrastructures
Objective
� Information leakage control is needed to:
� Protect sensitive information, avoid eavesdropping;
� Detect and restrict unintended flows of sensitive data;
� Support sharing of:Support sharing of:
− best practices,
− attack information;
� Support outsourced Managed Security Services;
� Privacy metrics also aid in detecting some attacks.
EUROPEAN COMMISIONObjective
Information leakage control is needed to:
Protect sensitive information, avoid eavesdropping;
Detect and restrict unintended flows of sensitive data;
Support outsourced Managed Security Services;
Privacy metrics also aid in detecting some attacks.
Information Sharing?
� Beneficial to share attack and vulnerability information:
� Increases security;
� Outsourcing gives networking effect:effect:
− Examples: IDS services, antianti-virus, operating system patches etc.
� Peer-to-peer collaboration between CERTs.
� But... How much information are you willing to share with these semitrusted parties?
EUROPEAN COMMISIONInformation Sharing?
Beneficial to share attack and
Outsourcing gives networking
Examples: IDS services, anti-spam, virus, operating system
peer collaboration between
But... How much information are you willing to share with these semi-
Inhibitors for Information Sharing
� Information sharing is beneficial, especial sharing information about cyber attacks.
� However there are some inhibitors against this (ENISA 2010):
� Often a culture against sharing (suspiciousness);
� Lack of awareness on how to protect sensitive information;
� Lack of technical solutions and standards to efficiently enforce protection of sensitive information.
EUROPEAN COMMISION
Inhibitors for Information Sharing
Information sharing is beneficial, especial sharing information about cyber attacks.
However there are some inhibitors against this (ENISA
Often a culture against sharing (suspiciousness);
Lack of awareness on how to protect sensitive
Lack of technical solutions and standards to efficiently enforce protection of sensitive information.
Sources of Information Leakages
� Accidental leakage of sensitive information:
� Through data queries, error messages or sent data (e.g. IDS alarms);
� Insiders mistakenly sending sensitive information;
� Email on mobile devices.
� Deliberate information leakages:
� Industrial espionage or attacks by insiders;
� External attacks supporting cyber
EUROPEAN COMMISION
Sources of Information Leakages
Accidental leakage of sensitive information:
Through data queries, error messages or sent data
Insiders mistakenly sending sensitive information;
Deliberate information leakages:
Industrial espionage or attacks by insiders;
External attacks supporting cyber-espionage.
PRECYSE Framework and Methodology
� Intentions: develop an open methodology and framework.
� Open Source reference implementation.
� Structured approach for increasing the cyber� Structured approach for increasing the cyberof critical infrastructures and mobile systems.
� Focus on detecting gaps in privacy, security, resilience and trust.
� Support risk analysis.
� Support risk mitigation/control selection.
EUROPEAN COMMISION
PRECYSE Framework and Methodology
Intentions: develop an open methodology and
Open Source reference implementation.
Structured approach for increasing the cyber-security Structured approach for increasing the cyber-security of critical infrastructures and mobile systems.
Focus on detecting gaps in privacy, security, resilience
Support risk mitigation/control selection.
Improvement Process
� Objective: reduce the leakage (or exposure) of private or confidential information:
� Need-to-know principle.
� Based on a gap analysis:
� Measure information leakages;
� Requires privacy metrics, indicators and checklists.
� Supports the well-known Plan Do Check Act (PDCA) model of improvement.
EUROPEAN COMMISIONImprovement Process
Objective: reduce the leakage (or exposure) of private or confidential information:
Measure information leakages;
Requires privacy metrics, indicators and checklists.
known Plan Do Check Act (PDCA)
Improvement Process:Plan Do Check Act
� Plan information protection scheme:
� anonymisation policy, encryption, access control, measurements etc.
� Enforcement (Do) a privacy policy.
� Check that the policy works as intended:
� Trigger actions if privacy leakages exceed threshold;� Trigger actions if privacy leakages exceed threshold;
� Verify that protection scheme is operative;
� Verify information opacity (transparent/mixed/encrypted).
� Act - perform corrective actions:
� Improve IDS rules and events to be less privacy invasive;
� Improve privacy controls/privacy enforcement;
� Improve measurements, indicators, checks or processes.
EUROPEAN COMMISION
Improvement Process:Plan Do Check Act
Plan information protection scheme:
anonymisation policy, encryption, access control, measurements etc.
Check that the policy works as intended:
Trigger actions if privacy leakages exceed threshold;Trigger actions if privacy leakages exceed threshold;
Verify that protection scheme is operative;
Verify information opacity (transparent/mixed/encrypted).
Improve IDS rules and events to be less privacy invasive;
Improve privacy controls/privacy enforcement;
Improve measurements, indicators, checks or processes.
Privacy Metricsand Indicators
� Used for enforcement:
� Planning anonymisation;
� Verifying anonymisation (over time);
� Trigger reevaluation of policy;Trigger reevaluation of policy;
� Indicate fault conditions (faulty configurations, unexpected traffic etc.);
� Detect attacks:
− Abuse, theft of sensitive information, concealing attacks etc.
� Risk analysis and management:
� Quantify the risk of leaking private or confidential information from critical infrastructures;
EUROPEAN COMMISION
Privacy Metricsand Indicators
Verifying anonymisation (over time);
Trigger reevaluation of policy;Trigger reevaluation of policy;
Indicate fault conditions (faulty configurations,
Abuse, theft of sensitive information, concealing attacks
Risk analysis and management:
Quantify the risk of leaking private or confidential information from critical infrastructures;
Privacy metric: Information Entropy
� Shannon Entropy (Claude Shannon, 1948)
� Useful to detect anomalies in information being transmitted.
H1�X�= ∑
x∈Symbols
P [X=x]log
transmitted.
� Unintended information leakages
� Anomalous information or services
� Particularly useful for DoS attacks
− Measures information dispersion
� Attacks on encrypted protocols (SSH, SSL etc)
� Other attacks
EUROPEAN COMMISION
Privacy metric: Information Entropy
Shannon Entropy (Claude Shannon, 1948)
Useful to detect anomalies in information being
log1
P [X=x ]
Unintended information leakages
Anomalous information or services
Particularly useful for DoS attacks
Measures information dispersion
Attacks on encrypted protocols (SSH, SSL etc)
SID 1:1437 Windows Multimedia Download
Anonymiseddata
EUROPEAN COMMISION
SID 1:1437 Windows Multimedia Download
Inside gzip
Start of gzipCompressedstream
Inside gzipstream
Privacy enforcement control
Proxy/anonymiser
deanonymiserIDSIDSIDS
Higher orderIDS
(correlation)
Trusted higher order IDS/SIEM
� Anonymise individual elements and attributes of IDS alarms
� XACML-based authorisation, decision cache
� Multi-level security and deanonymisation
� Compatible with the IDMEF IDS alarm format.
� Can be used with existing SIEM solutions.
EUROPEAN COMMISION
Privacy enforcement control
Higher orderIDS
(correlation)
Proxy/anonymiser
SOCFrontend
Trusted higher order IDS/SIEM
Alarmdb
deanonymiser
Anonymise individual elements and attributes of IDS
based authorisation, decision cache
level security and deanonymisation
Compatible with the IDMEF IDS alarm format.
Can be used with existing SIEM solutions.
Thank you!
This presentation has been partially supported by the project «PRECYSE Protection, prevention and reaction to cyberfunded by the European Commission under the FP7 programme with contract
number FP7-SEC-2012-1-285181 http://www.precyse.eu
EUROPEAN COMMISIONThank you!
This presentation has been partially supported by the project «PRECYSE –Protection, prevention and reaction to cyber-attacks to critical infrastructures», funded by the European Commission under the FP7 programme with contract
285181 http://www.precyse.eu