Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Concepts & Technologies for Cyber Defence
Dr. G. Athithan
CC R&D (SAM), DRDO
IIIT, Delhi 13 - Feb - 2016
30
Cyber Defence
A secure system is one that does what it is supposed to (in spite of bad input).
— Eugene Spafford
29
Defence of our cyber space
28
Some people think...
Defence of our cyber space
27
There are others…
Defence of our Cyber Space
Overview 1. Terms and basic concepts 2. Information processing model 3. Cyber threats and vulnerabilities 4. Access control models 5. Role of cryptography 6. Policies, technologies, formalism 7. Challenges and outlook towards future
26
25
Information : A basic ontology
Information Sensing/ Perception Data
Media / Form
Unclass / Classified
Attributes Content / Meta data
Originates from is labelled
Electronic Print Accuracy Cover time
Knowledge
24
Cyber space of information Systems
The Physical Layer • Abode of data and code (electronic form) • The collection of memory cells, both committed and free • Electronic interfaces to the physical world • Includes channels of communications (transient abodes)
Two higher layers • The data/information layer over memory hardware
• The code/application layer operating on data/information layer
Human layer • Human computer interactions (Cyber space in popular imagination)
23
Cyber Space of IT systems
Scope 1. Information (processing) systems (IPS)
• Computing systems • Communication/Networking systems • Storage systems
2. Cyber-physical systems (embedded IPS) • Sensor systems • Motor/actuator systems • Infrastructure
Objectives of Cyber Defence
Objectives of Cyber Defence 1. Protect data/Information in Cyber Space
a. Confidentiality b. Integrity c. Availability
2. Protect code/applications in Cyber Space 3. Keep Cyber Space Integrity Intact 4. Safeguard the Cyber / Physical interface
22
Cyber Security
Information Security
Electronic Information
security
Information processing system – A model
21
Transformation f (Recursive/multi-step)
Input
I
Output
O
• Transformation ( f ) is a carefully developed or sourced program
• Output ( O ) is determined by ( f ) and input ( I )
• Input ( I ) is the only uncontrolled and unreliable entity
• Communication/networking/storage systems are special cases of IPS
• IT-enabled systems have embedded IPS
O = f ( I )
Memory
20
Information processing system – Nature of f
Innatism
Human Language processing models
Information processing system – Nature of f
19
Transformation f (Recursive/multi-step)
Input
I
Output
O
• Several possibilities of ‘f’ • Pure function ( not modifying itself; no memory)
• Non-pure function ( with memory )
• Adaptive function ( changes based on history of I/O )
• Stated + unstated function
• On-line updated function ( Mobile code providing additional fn )
O = f ( I )
Memory
Information processing sys. – Side channels
18
Transformation f (Recursive/multi-step)
Input
I
Output
O
• Input / Output side channels • Electric current flow from source to components
• Radio, acoustic, and thermal emissions
• Electro magnetic interference ( in the form of noise )
• Sources : Data buses, memory controllers, video devices, etc.
• Unstated I / O channels
O = f ( I )
Memory
17
Threat : A definition
Threat Probability Theory
Damage/ Harm
Sources Targets (Assets) Attacks
External/Internal
Cyber Space
Snooping/ Tampering/ Denying/ Spoofing
Scenarios Vulnerabilities
Networks Hosts Applications WAN/LAN/
Host/ Application
Multi-staged
Quantified using
Reside in
Con
sist
s of
Spat
ial
Likely to cause
16
Vulnerabilities of Information/IT systems
a) Poor checking of input
d) Errors in S/W
b) Non-contiguous check and use
e) Unverified systems
c) Space size faults
f) Weak Identity check
15
Starting on a Secure State
• Design for security • Input validation though syntax and semantics
• Rate-based processing of input • Bounds on output values and rates
• Automated testing
• Trustworthiness of commercial systems/components • Trust models for acquisition processes • Verification of trust through testing and reverse engineering
• Compliance to policy and security standards • DRDO Information security procedures and guidelines • Common Criteria (CC) • Federal Information Processing Standard (FIPS)
Partitioning and Access Control
• Trusted Computing Systems Eval. Criteria (Orange Book) • Partitioning is an essential concept for security
Examples a) Forts b) Airports c) Homes
• Classification of Information and systems • Clearance to access based on roles/identities • Bell – Lapadula, Biba, Military models
14
Models for Access, Integrity, and Flow of Data
User cleared for
Secret data
Unclassified domain
Secret domain
Top Secret domain No read up
No write down
Bell-LaPadula
13
User cleared for
Med. integrity data
Low integrity domain
Medium integrity domain
High integrity domain No write up
No read down
Biba Model
12
Perfect Secrecy
m1
m2
m3
m4
c1
c2
c3
c4
k1 k2 k3 k4
k1 k2 k3
k4
• Fault-free message space (All m’s are meaningful)
• Fault-free key space (k-space as large as the m-space)
• A small subspace of meaningful m’s and a small set of k’s is imperfect
Perfect Secrecy : Crypt is safe even against brute attacks
11
Symmetric key 1. Low scalability
2. Custom algorithm devt easy
3. Computationally faster
4. Immune to math breakthroughs
5. Does not provide non-repudiation
6. Does not provide signature
7. Suitable for closed user group
Asymmetric key 1. High scalability
2. Custom algorithm devt difficult
3. Relatively compute intensive
4. Vulnerable to math breakthroughs
5. Provides non-repudiation service
6. Provides signature service
7. Overkill for closed user group
Symmetric vs. Asymmetric key Cryptography
10
9
Common Criteria for IT System Eval’n
Term Definition CC Common Criteria (Official ISO name is Evaluation
Criteria for Information Technology Security)
Target of Evaluation (ToE)
An IT product or system and its associated administrator and user guidance documentation, that is the subject of evaluation
Protection Profile (PP)
An implementation independent set of security requirements
Security Target A set of security requirements and specification to be used as a basis for evaluation of identified ToE
Evaluation Assurance Level (EAL)
A package consisting of assurance components that represents a point on CC predefined assurance scale
8
Federal Information Processing Std. (FIPS 140-2)
Level Technical Details 1: Basic Security Requirements
- Implementation of crypto functions in a PC. - FIPS approved crypto module.
2: Physical Tamper evidence & Role-based authentication
- Tamper evident seals or locks - Role-based operator authentication - Trusted operating system for crypto module
3: Enhanced physical security & Identity-based authentication
- Protection of critical security parameters - Identity-based operator authentication - High-level language implementation
4: Envelope Protection, formal models
- Detect/respond to unauthorised physical access - Identity-based operator authentication - Formal models and informal proofs
Requirements envelope for Starting and Staying Secure
Requirements
Identification/ Authentication
Logging/ Early warning
Sourcing Integrity Secure storage/ Communication
1) User 2) System 3) Message 4) Access control
Functional
Design/ development Procurement
1) Certified codes 2) No hidden code 3) No mobile code
1) Input validation layer 2) Code & Data segre’n 3) Formal approach 4) Quality & standards 5) Indigenous grading
1) Trust models 2) Verification 3) Indigenous versions
1) Time/space tags 2) Watch dog
Input/Output
1) Hard disk Enc 2) Media Enc 3) IPSec (N/W layer) 4) TLS (Trans Layer) 5) Appln Layer 6) Key management
7
Formal verification
• Objectives a) Proof of correctness, consistency and other properties b) IT-product certification based on standards c) Minimization of testing/maintenance costs d) Cyber security and assurance
• Approaches a) Logical representation and propositional calculus b) Discrete event calculus ( Erik Muller – MIT )
• Handles time-dependent physical world models • Uses the concept of fluents and related axioms
c) Automata models and model checking d) Black/white boxes and exhaustive automated checking
6
Formal verification
Space of objects/targets for verification
– Production systems – Automata – UML descriptions
– Source code – Executable
– Models – HDL descriptions – Boolean logic
– Prototypes – Test specimens
HW
HW/SW Mix
SW
Design Implementation Life cycle stage
5
4
A new direction for Cyber Defence
A virus infected computer! (Courtesy : corbisimages )
Human cognition in cyber space for better cyber defence 1. Create an identity/state profile for every computing/cyber system 2. Create and display an activity visage targeting human sensitivities 3. Bring the fundamental human sensory & cognitive faculties into play
3
Some R& D Challenges for Cyber Defence
1. Building tagged dictionaries and grammars of natural languages
2. Common sense reasoning and its application for data validation
3. Segmentation of images and identification of constituent objects
4. Detection of activities in videos and natural language description
5. Display of large graphs and tools for navigation and exploration
6. Efficient algorithms for identification of sub-graph anomalies
7. Solving the problem of satisfiability using analog representations
8. Quantum algorithms for problems in NP Complete class
9. Development of a formal language for product specifications
Outlook towards the Future
1) Artificially Intelligent Systems
2) New Computing technologies
- Quantum computing
- Molecular/DNA computing
3) Cryptanalytic/Factoring breakthroughs
4) Internet of Things (IoT)
5) Internet-II with built-in security
6) Biologically inspired Solutions
2
Thank You 1
I am regularly asked what the average Internet user should do to ensure his cyber security. My first answer usually is ‘Nothing’.