Concepts & Technologies for Cyber Defence

Dr. G. Athithan

CC R&D (SAM), DRDO

IIIT, Delhi 13 - Feb - 2016

30

Cyber Defence

A secure system is one that does what it is supposed to (in spite of bad input).

— Eugene Spafford

29

Defence of our cyber space

28

Some people think...

Defence of our cyber space

27

There are others…

Defence of our Cyber Space

Overview 1. Terms and basic concepts 2. Information processing model 3. Cyber threats and vulnerabilities 4. Access control models 5. Role of cryptography 6. Policies, technologies, formalism 7. Challenges and outlook towards future

26

25

Information : A basic ontology

Information Sensing/ Perception Data

Media / Form

Unclass / Classified

Attributes Content / Meta data

Originates from is labelled

Electronic Print Accuracy Cover time

Knowledge

24

Cyber space of information Systems

The Physical Layer • Abode of data and code (electronic form) • The collection of memory cells, both committed and free • Electronic interfaces to the physical world • Includes channels of communications (transient abodes)

Two higher layers • The data/information layer over memory hardware

• The code/application layer operating on data/information layer

Human layer •  Human computer interactions (Cyber space in popular imagination)

23

Cyber Space of IT systems

Scope 1.  Information (processing) systems (IPS)

•  Computing systems •  Communication/Networking systems •  Storage systems

2.  Cyber-physical systems (embedded IPS) •  Sensor systems •  Motor/actuator systems •  Infrastructure

Objectives of Cyber Defence

Objectives of Cyber Defence 1.  Protect data/Information in Cyber Space

a.  Confidentiality b.  Integrity c.  Availability

2.  Protect code/applications in Cyber Space 3.  Keep Cyber Space Integrity Intact 4.  Safeguard the Cyber / Physical interface

22

Cyber Security

Information Security

Electronic Information

security

Information processing system – A model

21

Transformation f (Recursive/multi-step)

Input

I

Output

O

•  Transformation ( f ) is a carefully developed or sourced program

•  Output ( O ) is determined by ( f ) and input ( I )

•  Input ( I ) is the only uncontrolled and unreliable entity

•  Communication/networking/storage systems are special cases of IPS

•  IT-enabled systems have embedded IPS

O = f ( I )

Memory

20

Information processing system – Nature of f

Innatism

Human Language processing models

Information processing system – Nature of f

19

Transformation f (Recursive/multi-step)

Input

I

Output

O

•  Several possibilities of ‘f’ •  Pure function ( not modifying itself; no memory)

•  Non-pure function ( with memory )

•  Adaptive function ( changes based on history of I/O )

•  Stated + unstated function

•  On-line updated function ( Mobile code providing additional fn )

O = f ( I )

Memory

Information processing sys. – Side channels

18

Transformation f (Recursive/multi-step)

Input

I

Output

O

•  Input / Output side channels •  Electric current flow from source to components

•  Radio, acoustic, and thermal emissions

•  Electro magnetic interference ( in the form of noise )

•  Sources : Data buses, memory controllers, video devices, etc.

•  Unstated I / O channels

O = f ( I )

Memory

17

Threat : A definition

Threat Probability Theory

Damage/ Harm

Sources Targets (Assets) Attacks

External/Internal

Cyber Space

Snooping/ Tampering/ Denying/ Spoofing

Scenarios Vulnerabilities

Networks Hosts Applications WAN/LAN/

Host/ Application

Multi-staged

Quantified using

Reside in

Con

sist

s of

Spat

ial

Likely to cause

16

Vulnerabilities of Information/IT systems

a) Poor checking of input

d) Errors in S/W

b) Non-contiguous check and use

e) Unverified systems

c) Space size faults

f) Weak Identity check

15

Starting on a Secure State

•  Design for security •  Input validation though syntax and semantics

•  Rate-based processing of input •  Bounds on output values and rates

•  Automated testing

•  Trustworthiness of commercial systems/components •  Trust models for acquisition processes •  Verification of trust through testing and reverse engineering

•  Compliance to policy and security standards •  DRDO Information security procedures and guidelines •  Common Criteria (CC) •  Federal Information Processing Standard (FIPS)

Partitioning and Access Control

•  Trusted Computing Systems Eval. Criteria (Orange Book) •  Partitioning is an essential concept for security

Examples a)  Forts b)   Airports c)  Homes

•  Classification of Information and systems •  Clearance to access based on roles/identities •  Bell – Lapadula, Biba, Military models

14

Models for Access, Integrity, and Flow of Data

User cleared for

Secret data

Unclassified domain

Secret domain

Top Secret domain No read up

No write down

Bell-LaPadula

13

User cleared for

Med. integrity data

Low integrity domain

Medium integrity domain

High integrity domain No write up

No read down

Biba Model

12

Perfect Secrecy

m1

m2

m3

m4

c1

c2

c3

c4

k1 k2 k3 k4

k1 k2 k3

k4

•  Fault-free message space (All m’s are meaningful)

•  Fault-free key space (k-space as large as the m-space)

•  A small subspace of meaningful m’s and a small set of k’s is imperfect

Perfect Secrecy : Crypt is safe even against brute attacks

11

Symmetric key 1.  Low scalability

2.  Custom algorithm devt easy

3.  Computationally faster

4.  Immune to math breakthroughs

5.  Does not provide non-repudiation

6.  Does not provide signature

7.  Suitable for closed user group

Asymmetric key 1.  High scalability

2.  Custom algorithm devt difficult

3.  Relatively compute intensive

4.  Vulnerable to math breakthroughs

5.  Provides non-repudiation service

6.  Provides signature service

7.  Overkill for closed user group

Symmetric vs. Asymmetric key Cryptography

10

9

Common Criteria for IT System Eval’n

Term Definition CC Common Criteria (Official ISO name is Evaluation

Criteria for Information Technology Security)

Target of Evaluation (ToE)

An IT product or system and its associated administrator and user guidance documentation, that is the subject of evaluation

Protection Profile (PP)

An implementation independent set of security requirements

Security Target A set of security requirements and specification to be used as a basis for evaluation of identified ToE

Evaluation Assurance Level (EAL)

A package consisting of assurance components that represents a point on CC predefined assurance scale

8

Federal Information Processing Std. (FIPS 140-2)

Level Technical Details 1: Basic Security Requirements

- Implementation of crypto functions in a PC. - FIPS approved crypto module.

2: Physical Tamper evidence & Role-based authentication

- Tamper evident seals or locks - Role-based operator authentication - Trusted operating system for crypto module

3: Enhanced physical security & Identity-based authentication

- Protection of critical security parameters - Identity-based operator authentication - High-level language implementation

4: Envelope Protection, formal models

- Detect/respond to unauthorised physical access - Identity-based operator authentication - Formal models and informal proofs

Requirements envelope for Starting and Staying Secure

Requirements

Identification/ Authentication

Logging/ Early warning

Sourcing Integrity Secure storage/ Communication

1) User 2) System 3) Message 4) Access control

Functional

Design/ development Procurement

1) Certified codes 2) No hidden code 3) No mobile code

1)  Input validation layer 2)  Code & Data segre’n 3) Formal approach 4) Quality & standards 5) Indigenous grading

1)  Trust models 2)  Verification 3) Indigenous versions

1) Time/space tags 2) Watch dog

Input/Output

1)  Hard disk Enc 2)  Media Enc 3) IPSec (N/W layer) 4) TLS (Trans Layer) 5) Appln Layer 6) Key management

7

Formal verification

•  Objectives a)  Proof of correctness, consistency and other properties b)   IT-product certification based on standards c)  Minimization of testing/maintenance costs d)   Cyber security and assurance

•  Approaches a)  Logical representation and propositional calculus b)   Discrete event calculus ( Erik Muller – MIT )

•  Handles time-dependent physical world models •  Uses the concept of fluents and related axioms

c)  Automata models and model checking d)   Black/white boxes and exhaustive automated checking

6

Formal verification

Space of objects/targets for verification

–  Production systems –  Automata –  UML descriptions

–  Source code –  Executable

–  Models –  HDL descriptions –  Boolean logic

–  Prototypes –  Test specimens

HW

HW/SW Mix

SW

Design Implementation Life cycle stage

5

4

A new direction for Cyber Defence

A virus infected computer! (Courtesy : corbisimages )

Human cognition in cyber space for better cyber defence 1.  Create an identity/state profile for every computing/cyber system 2.  Create and display an activity visage targeting human sensitivities 3.  Bring the fundamental human sensory & cognitive faculties into play

3

Some R& D Challenges for Cyber Defence

1. Building tagged dictionaries and grammars of natural languages

2. Common sense reasoning and its application for data validation

3. Segmentation of images and identification of constituent objects

4. Detection of activities in videos and natural language description

5. Display of large graphs and tools for navigation and exploration

6. Efficient algorithms for identification of sub-graph anomalies

7. Solving the problem of satisfiability using analog representations

8. Quantum algorithms for problems in NP Complete class

9. Development of a formal language for product specifications

Outlook towards the Future

1) Artificially Intelligent Systems

2) New Computing technologies

- Quantum computing

- Molecular/DNA computing

3) Cryptanalytic/Factoring breakthroughs

4) Internet of Things (IoT)

5) Internet-II with built-in security

6) Biologically inspired Solutions

2

Thank You 1

I am regularly asked what the average Internet user should do to ensure his cyber security. My first answer usually is ‘Nothing’.