trust, washington, d.c. meeting january 9–10, 2006 trust :team for research in ubiquitous secure...

TRUST, Washington, D.C. Meeting January 9–10, 2006

TRUST:Team for Research in Ubiquitous Secure Technologies

OverviewShankar Sastry, PI and Dir.Ruzena Bajcsy, Outreach Dir.Sigurd Meldal, Education Co-Dir.John Mitchell, co-PIVijay Raghavan, Exec DirMike Reiter, co-PIFred Schneider, Chief Sci.Janos Sztipanovits, co-PI and Education Co-DirSteve Wicker, co-PI

"Overview", Shankar Sastry 2TRUST, Washington, D.C. Meeting January 9–10, 2006

Technology Generations of Information Assurance

1st Generation1st Generation(Prevent Intrusions)(Prevent Intrusions)

Intrusions will Occur

Some Attacks will Succeed

Cryptography

Trusted Computing Base

Access Control & Physical Security

Multiple Levels of Security

2nd Generation2nd Generation(Detect Intrusions, Limit Damage)(Detect Intrusions, Limit Damage) Firewalls Intrusion Detection

SystemsBoundary Controllers VPNs

PKI

3rd Generation(Operate Through Attacks) Big Board View of Attacks

Real-Time Situation Awareness& Response

Intrusion Tolerance

Graceful Degradation

Hardened Core

Functionality

Performance

Security


TRUST worthy Systems

More than an Information Technology issue Complicated interdependencies and composition issues

– Spans security, systems, and social, legal and economic sciences– Cyber security for computer networks– Critical infrastructure protection – Economic policy, privacy

TRUST: “holistic” interdisciplinary systems view of security, software technology, analysis of complex interacting systems, economic, legal, and public policy issues

Trustworthiness problems invariably involve solutions with both technical and policy dimensions (theme of Schneider’s talk)

Goals: – Composition and computer security for component technologies– Integrate and evaluate on testbeds– Address societal objectives for stakeholders in real systems


Faking – An e-mail that seems to

be from a legitimate source

Spoofing– A Web site that appears

to be “official”

Phishing– Luring users to provide

sensitive data

From Aucsmith, Microsoft

Integrative Project: Identity Theft


Most people are spoofed– Over 60% have visited a fake or spoofed site

People are tricked – Over 15% admit to having provided personal data – 2780 phishing websites in March 2005 alone

Target for spoofing attacks– Banks, credit card companies, Web retailers, online auctions

(E-bay) and mortgage companies.

Economic loss– 1.2 million U.S. adults have lost money– The total dollar impact in first 6 months of 2005: $929 million, in

all of 2003 $ 1.2B.

Source: TRUSTe & Gartner

PHISHING Impact Stats


Software that:– Collects personal information from you – Without your knowledge or permission

Privacy– 15 percent of enterprise PCs have a keylogger

Source: Webroot's SpyAudit

– Number of keyloggers jumped three-fold in 12 monthsSource: Sophos

Reliability– Microsoft Watson

~50% of crashes caused by spyware

Support Costs– Dell, HP, IBM: Spyware causes ~30% of calls– Estimated support costs at $2.5m+ / year

SPYWARE Impact Stats


ID Protection: Client Side Tools

SpoofGuard: Stanford (NDSS ’04)– Alerts user when browser is viewing a spoofed web page.– Uses variety of heuristics to identify spoof pages.– A new type of anomaly detection problem.

Dynamic Security Skins: Berkeley (SOUPS ’05)– Allows a remote web server to prove its identity in a way that is easy

for human to verify and hard for attacker to spoof: uses a photograph to create trusted path

PwdHash: Stanford (Usenix Sec ’05)– Simple mechanism for strengthening password web auth.

SpyBlock: Stanford (under development)– Prevent Spyware from capturing sensitive data.


Tech Transfer from Phishing Work

SpoofGuard:– Some SpoofGuard heuristics now used in

eBay toolbar and Earthlink ScamBlocker.– Very effective against basic phishing attacks.

PwdHash:– Collaboration with RSA Security to implement

PwdHash on one-time RSA SecurID passwords. RSA SecurID passwords vulnerable to online phishing PwdHash helps strengthen SecurID passwords


Coordinated Research Agenda

The TRUST center will develop and demonstrate science and technology in real-life testbeds.

NSF core funding over 5 years plus option 5 years Possible support from US Air Force for IAS for GIG Network of partnerships with industry, infrastructure

stakeholders NSF/US State Department would like to make

partnerships with key international partners Coordinated research: eleven challenge areas across

three key topics:– Security Science – Systems Science– Social Science


TRUST Structure

Privacy

Computer andNetwork Security

Power GridTestbed

Network SecurityTestbed

Secure NetworkedEmbedded Systems

Testbed

Software Security

Trusted Platforms

Applied Crypto -graphic Protocols

NetworkSecurity

Secure NetworkEmbedded Sys

Forensic and Privacy

Complex Inter -Dependency mod.

Model -basedSecurity Integration.

Econ., Public Pol. Soc. Chall.

Secure Compo -nent platforms

HCI andSecurity

Secure Info Mgt.Software Tools

Technologies

Societal Challenges

Integrative Testbeds -

Critical Infrastructure

System Science Security Science Social Science

Role:• Connect societal challenges to technical agenda• Integrate component technologies • Measure progress in real-life context

Objective: Information Assurance in a Systems Context


Security Science (1)

Software Security (language based) Static Code Verification Dynamic Analysis Multi-lingual Security Software Design Trusted Platforms

Composition– Security and Vulnerability– Minimal Software and Hardware Configurations

Applied Cryptographic Protocols Protocol design methods Protocol analysis, testing, and verification


Security Science (2)

Network Security– Focused on making the Internet more secure– Challenges

Denial of service attacks Spoofed source addresses Routing security

– Approaches: Structured overlay networks Better infrastructure Epidemic protocols Simulation and Emulation on DETER testbed


Cyber Defense Technology and Experimental Reseach Network: DETER

Inadequate wide scale deployment of security technologies

Lack of experimental infrastructure– Testing and validation in small to medium-scale private

research labs

– Missing objective test data, traffic and metrics Create reusable library of test technology for

conducting realistic, rigorous, reproducible, impartial tests

– For assessing attack impact and defense effectiveness– Test data, test configurations, analysis software, and

experiment automation tools


System Science (1)

Complex Interdependency Modeling and Analysis– Four-fold approach to reducing vulnerability of

interdependent systems to disruptive failure Modeling Strategies Analysis Techniques Design Technologies Operational Tools

Secure Network Embedded Systems– Present unique security concerns

Conventional end-to-end approaches break down New code must be propagated throughout the network

– Focus areas: Automated design, verification, and validation Secure, composable, and adaptive software

– Emphasis on sensor networking technology as high-impact application


Mote Evolution


Secure Network Embedded System Testbed (577 nodes) at Berkeley

Software– TinyOS– Deluge

Network reprogramming– Drip and Drain (Routing Layer)

Drip: disseminate commands

Drain: collect data– DetectionEvent

Multi-moded event generator

– Multi-sensor fusion and multiple-target tracking algorithms

Other testbeds at Cornell, Vanderbilt (Wicker’s talk)


System Science (2)

Model-Based Integration of Trusted Platforms– Supports system integration through embedded software

Model-based design Model transformation technology QoS-enabled component middle-wareSecure Information

Management Software

Emphasis on new software tools for monitoring and controlling large sensor infrastructures

– Combines peer-to-peer protocols with epidemic algorithms Highly scalable Rigorous semantics User-friendly APIs


Sample Application:The proposed DoD NCES/GIG architecture

Basis is Web Services standard, although CORBA is likely to be used on server clusters

Primary application platform will be Microsoft Windows

NSA and DISA are playing key roles in mapping these components to military needs


Social Science

Economics, Public Policy and Societal Challenges– From privacy to personal security– Liability and insurance are critical concerns– What are the benefits and costs of security policies?– What are the nature and size of transaction costs associated with security?

Digital Forensics and Privacy– Privacy cuts across the trust/security issues that are the focus of TRUST– Common interfaces are needed for specifying privacy requirements– Emphasis on strong audit, selective revelation of information, and rule-

processing technologies Human Computer Interfaces and Security

– Security problems may arise through the mis-configuration of complex systems

– Generally, humans lack many computational abilities that are conducive to securing networks and systems

Strengthening standard passwords Using biometric information Using image recognition


Healthcare Information Technology

Rise in mature population- Population of age 65 and older with

Medicare was 35 million for 2003 and 35.4 million for 2004

New types of technology– Sensors for elderly assisted living

Increased demand for health data– Health information technology

Commercial use of health data Current Responses for Technology

Assisting Healthcare:– Electronic Patient Records– Telemedicine– Remote Patient Monitoring

Table compiled by the U.S. Administration on

Aging based on data from the U.S. Census Bureau.

United Nations ▪ “Population Aging ▪ 2002”

2050

Percentage of Population over 60 years oldGlobal Average = 21%


Patient Portal Project

Vanderbilt Patient Portal– Electronic healthcare records

Include real-time monitoring of congestive heart failure patients– Heterogeneous sensor network for monitoring– Data integrated into MyHealth@Vanderbilt patient portal

Berkeley ITALH Testbed: seniors in Sonoma

– Stationary sensors: Motion detectors, Camera systems– Wearable sensor: Fall sensors, Heart rate or pulse monitors

Fall Detector with Bluetooth

Berkeley Motes Sensors with

Bluetooth

Ad hoc Zigbee network

Zigbee

Sensors: at home and wearableMobile Gateway

Home Health System

Mobile Phone

Integrated Camera

Secure Internetand/or

telephone

Berkeley Mote

Sensors

Hospital

Terminal

BluetoothWLAN


LARGE INTEGRATIVE PROJECTS

My Health Portals for Electronic Patient Records: Vanderbilt, Berkeley, Cornell (Sztipanovits’ talk)

Phishing, Spyware, Identity Theft: Stanford, Berkeley (Mitchell’s talk)

Secure Sensor Networks: Berkeley, CMU, Cornell, Vanderbilt (Wicker’s talk)

DoD GIG IAS: Cornell, Vanderbilt, Berkeley (Birman’s talk)

Cybersecurity Educational Modules: SJSU, Vanderbilt, Stanford (Meldal’s talk)


ProviderPatient

Payer Society

Primary care

Specialists

AncillariesImmediate

FamilyExtended

Family

Community Support

FriendsLegally Authorized

Reps

Admin.

Staff

Claims Processors

Subcontractors

Clearinghouses

Insurers

Public Health

State Licensure

Boards

Law Enforcement

Internal QA

External accreditation

orgs

Clinical Trials

Sponsors

Fraud Detection

Medical Information

Bureau

Business Consultants

National Security

Bioterrorism Detection

Healthcare Information Access Privacy and Security Everywhere


Sensor Networks in Public Places

Protecting Infrastructure– Opportunities for embedding sensor networks

Transportation Water and Fuel Power Grid

– TRUST is emphasizing development of supporting technology for randomly distributed sensors

Buildings– Combine surveillance with energy control– Integrate into building materials

Open Spaces (parks, plazas, etc.)– Combine surveillance with environmental monitoring – Line-of-sight surveillance technologies


EDUCATIONAL INITIATIVES

Meldal, Sztipanovits and Bajcsy will speak in detail about the repositories, course work development, summer school and other educational initiatives under way

Policy, Technology, Psychological Motivations of Terrorism: Maurer (Berkeley), Lazowska (Washington), Savage (UCSD) and Microsoft, Fall 05 http://www.cs.washington.edu/education/courses/csep590/05au/lectures/

– Lampson, “Accountability and Freedom– Varian “Economics and Computer Security”– Maurer “The Third Wave of Terrorism”– Aucsmith “Crime on the Internet”

Samuelson, Mulligan, Wicker, and Goldberg: Video Privacy in Public Places?

Capacity Building program for HBCU, HIS: Reiter TRUST Summer School (TSS) in June 2006


Outreach Initiatives

BFOIT - Berkeley Foundation for Opportunities in Information Technologyhttp://www.bfoit.org/

SUPERB-IT - Summer Undergraduate Program in Engineering Research at Berkeley - Information Technologyhttp://www.eecs.berkeley.edu/Programs/ugrad/superb/superb.html

SIPHER - Summer Internship Program in Hybrid and Embedded Software Researchhttp://fountain.isis.vanderbilt.edu/fountain/Teaching/

Pennsylvania Area HBCU Outreach - Historically Black Colleges and Universitieshttp://is.hss.cmu.edu/summer.html

Women’s Institute in Summer Enrichment (WISE) to be kicked off in July 2006


SUMMARY

TRUST has been successfully launched: research, education, outreach programs under way

Hallmark of TRUST: Grand Challenge Projects– Large Integrative Projects

Identity Theft Secure Network Embedded Systems Secure Electronic Patient Records Portal DoD Global Information Grid Security

– Education: Large Projects Repositories: Evaluation using Learning Theory Modules for existing courses TRUST Summer School

– Outreach: Comprehensive BFOIT, SUPERB, SIPHER Capacity Building Program for HBCU/HSI WISE outreach to women researchers

TRUST, Washington, D.C. Meeting January 9–10, 2006

BACKUPS


Systems Science Teams Social Science TeamsSecurity Technology Teams

Software Security

Trusted Platforms

Applied Cryptographic Protocols

Network Security

Complex Interdependency

Modeling and Analysis

Secure Network Embedded Systems

Model-based Integration of Trusted Components

Secure Information Management Software

Economics, Public Policy and Societal

Challenges

Digital Forensics and Privacy

Human Computer Interfaces and Security

Integrative Projects

Patient Portals VUMC

System/Sec CoDesign Boeing+Raytheon

Sensor NetworksORNL

Education Program

Summer School

Curriculum

Learning Science & Technology Insertion

Repository

Project Structure


Example Experiment: Bandwidth-limited Scanning Worm Experiment

ICSI and PSU: characterization, modeling and scale-down simulation of Slammer SQL worm’s propagation through the Internet: ICSI+PSU WORM’04 paper.

Development of virtual nodes that model the response of sub-networks or whole Internet to a worm attack for the purposes of scale-down – 1/64th scale Internet

Near term activity:– Other worm attack recreations in the near term– Collaborative defenses under test– Large-scale enterprise network simulation


NEST Final Experiment: Demo


Overview of Agenda

Schneider “Technology + Policy” Sztipanovits “Patient Medical Records Portals” Wicker “Secure Sensor Networks and Network

Embedded Systems Mitchell “PwdHash, Spoofguard, Spyware, Botnets” Birman “Global Information Grid” POSTERS with 3 minute introductions Meldal, Sztipanovits and Bajcsy, Education and

Outreach Activities Tygar, Technology Transition Strategy

trust, washington, d.c. meeting january 9–10, 2006 trust :team for research in ubiquitous secure...

Documents