5. Collaborative Security | ION July 2016Collaborative Security | ION July 20165
https://www.flickr.com/photos/worldbank/4725033296/in/album-72157634090168746/
14. Collaborative Security | ION July 201614
Advertisement, skip in: 0:100:090:080:070:060:050:040:030:020:010:00
12 August 2016, 11:59 PM EDT (UTC-4:00): Paper titles and abstracts due
16 August 2016, 11:59 PM EDT (UTC-4:00): Full submissions for technical papers and panels due
NDSS 2017 Call for Papers
15. Collaborative Security | ION July 201615
Mutually Agreed Norms
for
Routing Security (MANRS)
Stimulate visible improvements in security and resilience of
Internet Routing by changing towards a culture of collective responsibility
16. Collaborative Security | ION July 2016
common problems to be addressed
16
1 The organization (ISP/network operator) recognizes the interdependent
nature of the global routing system and its own role in contributing to a
secure and resilient Internet.
2 The organization integrates best current practices related to routing
security and resilience in its network management processes in line with
the Actions.
3 The organization is committed to preventing, detecting and mitigating
routing incidents through collaboration and coordination with peers and
other ISPs in line with the Actions.
4 The organization encourages its customers and peers to adopt these
Principles and Actions.
Principles
17. Collaborative Security | ION July 201617
Prevent propagation of incorrect routing information.
Prevent traffic with spoofed source IP addresses.
Facilitate global operational communication and coordination
between network operators.
Facilitate validation of routing information on a global scale.
21. Collaborative Security | ION July 201621
Living in a World of Decentralized Data
Dr. Burt Kaliski, Jr.
Senior Vice President and CTO, Verisign
NDSS Workshop on Security of Emerging Networking
Technologies (SENT)
February 8, 2015
23. Collaborative Security | ION July 201623
Areas of Responsibility
Courtesy: Tschofenig et al, IETF 92 Technical Plenary
Deployment
Implementation
Protocol Specifications and
Architecture
Cryptographic Primitives
Improved algorithms for
integer factorization, too small
key size.
No end-to-end security,
complexity in specifications,
insecure authentication
protocols
Buffer overflow attacks, poor
UI or other usability problems,
poor choice of hardware
Enabled debug ports, missing
deployment of security
mechanisms
Examples of Problems
Understanding the distributed nature of the development process is essential for tackling security problems.
23
27. Collaborative Security | ION July 2016 6/11/1527
Foster Confidence and Protect
Opportunities
Collective Responsibility
Evolution and Consensus
Fundamental Properties and Values
Think Globally, Act Locally
Smart Connected Objects
These objects will have a profound impact on our lives.
Important Security Questions have not been answered while
we deploy.
The Collaborative Security Approach has properties that will
help to make a positive impact
First a few words about who we are, the Internet society….
We usually think of the Internet as a complex network of networks, each operated by autonomous operators whereby the services are only loosely coupled to the offered transport networks that offers a best effort service. where application providers provide their applications
When we talk about technology we have to remember that the technology is really an enabler for humans. The technology is primarily a driver for Socio economic capabilities.
(Although this picture might make you wonder if we give up other social interactions … )
But.. back to the technology for a bit.
Global reach, integrity: Any endpoint of the Internet can address any other endpoint, and the information received at one endpoint is as intended by the sender, wherever the receiver connects to the Internet. Implicit in this is the requirement of global, managed addressing and naming services.
General purpose: The Internet is capable of supporting a wide range of demands for its use. While some networks within it may be optimized for certain traffic patterns or expected uses, the technology does not place inherent limitations on the applications or services that make use of it.
Supports innovation without requiring permission (by anyone): Any person or organization can set up a new service, that abides by the existing standards and best practices, and make it available to the rest of the Internet, without requiring special permission.
Accessible – it’s possible to connect to it, build new parts of it, and study it overall: Anyone can “get on” the Internet – not just to consume content from others, but also to contribute content on existing services, put up a server (Internet node), and attach new networks.
Based on interoperability and mutual agreement: The key to enabling inter-networking is to define the context for interoperation – through open standards for the technologies, and mutual agreements between operators of autonomous pieces of the Internet.
Collaboration: Overall, a spirit of collaboration is required – beyond the initial basis of interoperation and bi-lateral agreements, the best solutions to new issues that arise stem from willing collaboration between stakeholders.
Technology – reusable building blocks: Technologies have been built and deployed on the Internet for one purpose, only to be used at a later date to support some other important function.
There are no permanent favourites: While some technologies, companies and regions have flourished, their continued success depends on continued relevance and utility, not strictly some favoured status.
The economy, stupid — James Carville had coined as a campaign strategist of Bill Clinton's successful 1992 presidential campaign against sitting president George H. W. Bush.
Security is like economy.
Looking at these invariants to the security perspective.
Policy measures that are premised on stopping bad things, rather than protecting what is valued, provide no guide as to how far those measures should go.
If we are not careful, the spectre of cyber threats can be used as a vehicle for control of networks and how they are used, plus pervasive monitoring
The Internet, with its high degree of interconnection and dependencies, brings another dimension to the management of risks. Security and resilience of the Internet depends not only on how well risks to you and your assets are managed, but also, importantly, on the management of risks that you (by your action or inaction) present to the Internet ecosystem – the “outward” risks. Additionally, some risks need to be managed by more than one actor.
This is the notion of collective and shared risk management – a notion that is well aligned with the “public interest” nature of the Internet.
This latter aspect of risk management is not necessarily self-evident, especially since there is often no obviously identifiable immediate harm to the actors or their assets and, therefore, no direct business case that can be immediately associated with such effort. And, it also is human nature to seek outcomes that further our individual “self-interest”. However, such a narrow approach is counter-productive and, in the long-term, harmful to everyone’s interests – not only will it impact the security of the ecosystem, but it will also diminish the overall pool of social and economic potential that the Internet offers.
Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
Fostering confidence and protecting opportunities: The objective of security is to foster confidence in the Internet and to ensure the continued success of the Internet as a driver for economic and social innovation.
Collective Responsibility: Internet participants share a responsibility towards the system as a whole.
Fundamental Properties and Values: Security solutions should be compatible with fundamental human rights and preserve the fundamental properties of the Internet — the Internet Invariants.
Evolution and Consensus: Effective security relies on agile evolutionary steps based on the expertise of a broad set of stakeholders.
Think Globally, act Locally: It is through voluntary bottom-up self-organization that the most impactful solutions are likely to reached.
Enough conceptual talk.. lets see where that takes us.
Collaborative security happens in may places, perhaps not even consciously. Anywhere where people get together and work towards improving trust of the Internet. No claim for completeness.
Regional Registries: Maintaining Registries
Regional Operators: Best Current Practices
Industry organizations like MAAWG and first coordinating
Programmers that try to do the right thing by sharing code, reviewing other people code
Academic conferences that work on improving security
etc…
A key part of any smart object design is the problem of how to establish trust for a smart object. Typically, bootstrapping trust involves giving the device the credentials it needs to operate within a larger network of devices or services.
Smart objects will, in many cases, be deployed in places where additional physical security is difficult or impossible. Designers should take into account that any such device can and will be compromised by an attacker with direct physical access. Thus, trust models should distinguish between devices susceptible to physical compromise and devices with some level of physical security. Physical attacks, such as timing, power analysis, and glitching, are commonly applied to extract secrets [PhysicalAttacks].
Smart objects will, in many cases, be deployed as collections of identical or near identical devices. Protocols should be designed so that a compromise of a single device does not result in compromise of the entire collection, especially since the compromise of a large number of devices can enable additional attacks such as a distributed denial of service. Sharing secret keys across an entire product family is, therefore, also problematic since compromise of a single device might leave all devices from that product family vulnerable.
Smart objects will, in many cases, be deployed in ways that the designer never considered. Designers should either seek to minimize the impact of misuse of their systems and devices or implement controls to prevent such misuse where applicable.
It is anticipated that smart objects will be deployed with a long (e.g., 5-40 years) life cycle. Any security mechanism chosen a the outset may not be "good enough" for the full lifespan of the device. Thus, long-lived devices should start with good security and provide a path to deploy new security mechanisms over the lifetime of the device.
Security protocols often rely on random numbers, and offering randomness in embedded devices is challenging. For this reason, it is important to consider the use of hardware-based random number generators during early states of the design process.