Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf ·...
Transcript of Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf ·...
![Page 1: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/1.jpg)
Concepts & Technologies for Cyber Defence
Dr. G. Athithan
CC R&D (SAM), DRDO
IIIT, Delhi 13 - Feb - 2016
30
![Page 2: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/2.jpg)
Cyber Defence
A secure system is one that does what it is supposed to (in spite of bad input).
— Eugene Spafford
29
![Page 3: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/3.jpg)
Defence of our cyber space
28
Some people think...
![Page 4: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/4.jpg)
Defence of our cyber space
27
There are others…
![Page 5: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/5.jpg)
Defence of our Cyber Space
Overview 1. Terms and basic concepts 2. Information processing model 3. Cyber threats and vulnerabilities 4. Access control models 5. Role of cryptography 6. Policies, technologies, formalism 7. Challenges and outlook towards future
26
![Page 6: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/6.jpg)
25
Information : A basic ontology
Information Sensing/ Perception Data
Media / Form
Unclass / Classified
Attributes Content / Meta data
Originates from is labelled
Electronic Print Accuracy Cover time
Knowledge
![Page 7: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/7.jpg)
24
Cyber space of information Systems
The Physical Layer • Abode of data and code (electronic form) • The collection of memory cells, both committed and free • Electronic interfaces to the physical world • Includes channels of communications (transient abodes)
Two higher layers • The data/information layer over memory hardware
• The code/application layer operating on data/information layer
Human layer • Human computer interactions (Cyber space in popular imagination)
![Page 8: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/8.jpg)
23
Cyber Space of IT systems
Scope 1. Information (processing) systems (IPS)
• Computing systems • Communication/Networking systems • Storage systems
2. Cyber-physical systems (embedded IPS) • Sensor systems • Motor/actuator systems • Infrastructure
![Page 9: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/9.jpg)
Objectives of Cyber Defence
Objectives of Cyber Defence 1. Protect data/Information in Cyber Space
a. Confidentiality b. Integrity c. Availability
2. Protect code/applications in Cyber Space 3. Keep Cyber Space Integrity Intact 4. Safeguard the Cyber / Physical interface
22
Cyber Security
Information Security
Electronic Information
security
![Page 10: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/10.jpg)
Information processing system – A model
21
Transformation f (Recursive/multi-step)
Input
I
Output
O
• Transformation ( f ) is a carefully developed or sourced program
• Output ( O ) is determined by ( f ) and input ( I )
• Input ( I ) is the only uncontrolled and unreliable entity
• Communication/networking/storage systems are special cases of IPS
• IT-enabled systems have embedded IPS
O = f ( I )
Memory
![Page 11: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/11.jpg)
20
Information processing system – Nature of f
Innatism
Human Language processing models
![Page 12: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/12.jpg)
Information processing system – Nature of f
19
Transformation f (Recursive/multi-step)
Input
I
Output
O
• Several possibilities of ‘f’ • Pure function ( not modifying itself; no memory)
• Non-pure function ( with memory )
• Adaptive function ( changes based on history of I/O )
• Stated + unstated function
• On-line updated function ( Mobile code providing additional fn )
O = f ( I )
Memory
![Page 13: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/13.jpg)
Information processing sys. – Side channels
18
Transformation f (Recursive/multi-step)
Input
I
Output
O
• Input / Output side channels • Electric current flow from source to components
• Radio, acoustic, and thermal emissions
• Electro magnetic interference ( in the form of noise )
• Sources : Data buses, memory controllers, video devices, etc.
• Unstated I / O channels
O = f ( I )
Memory
![Page 14: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/14.jpg)
17
Threat : A definition
Threat Probability Theory
Damage/ Harm
Sources Targets (Assets) Attacks
External/Internal
Cyber Space
Snooping/ Tampering/ Denying/ Spoofing
Scenarios Vulnerabilities
Networks Hosts Applications WAN/LAN/
Host/ Application
Multi-staged
Quantified using
Reside in
Con
sist
s of
Spat
ial
Likely to cause
![Page 15: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/15.jpg)
16
Vulnerabilities of Information/IT systems
a) Poor checking of input
d) Errors in S/W
b) Non-contiguous check and use
e) Unverified systems
c) Space size faults
f) Weak Identity check
![Page 16: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/16.jpg)
15
Starting on a Secure State
• Design for security • Input validation though syntax and semantics
• Rate-based processing of input • Bounds on output values and rates
• Automated testing
• Trustworthiness of commercial systems/components • Trust models for acquisition processes • Verification of trust through testing and reverse engineering
• Compliance to policy and security standards • DRDO Information security procedures and guidelines • Common Criteria (CC) • Federal Information Processing Standard (FIPS)
![Page 17: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/17.jpg)
Partitioning and Access Control
• Trusted Computing Systems Eval. Criteria (Orange Book) • Partitioning is an essential concept for security
Examples a) Forts b) Airports c) Homes
• Classification of Information and systems • Clearance to access based on roles/identities • Bell – Lapadula, Biba, Military models
14
Models for Access, Integrity, and Flow of Data
![Page 18: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/18.jpg)
User cleared for
Secret data
Unclassified domain
Secret domain
Top Secret domain No read up
No write down
Bell-LaPadula
13
![Page 19: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/19.jpg)
User cleared for
Med. integrity data
Low integrity domain
Medium integrity domain
High integrity domain No write up
No read down
Biba Model
12
![Page 20: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/20.jpg)
Perfect Secrecy
m1
m2
m3
m4
c1
c2
c3
c4
k1 k2 k3 k4
k1 k2 k3
k4
• Fault-free message space (All m’s are meaningful)
• Fault-free key space (k-space as large as the m-space)
• A small subspace of meaningful m’s and a small set of k’s is imperfect
Perfect Secrecy : Crypt is safe even against brute attacks
11
![Page 21: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/21.jpg)
Symmetric key 1. Low scalability
2. Custom algorithm devt easy
3. Computationally faster
4. Immune to math breakthroughs
5. Does not provide non-repudiation
6. Does not provide signature
7. Suitable for closed user group
Asymmetric key 1. High scalability
2. Custom algorithm devt difficult
3. Relatively compute intensive
4. Vulnerable to math breakthroughs
5. Provides non-repudiation service
6. Provides signature service
7. Overkill for closed user group
Symmetric vs. Asymmetric key Cryptography
10
![Page 22: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/22.jpg)
9
Common Criteria for IT System Eval’n
Term Definition CC Common Criteria (Official ISO name is Evaluation
Criteria for Information Technology Security)
Target of Evaluation (ToE)
An IT product or system and its associated administrator and user guidance documentation, that is the subject of evaluation
Protection Profile (PP)
An implementation independent set of security requirements
Security Target A set of security requirements and specification to be used as a basis for evaluation of identified ToE
Evaluation Assurance Level (EAL)
A package consisting of assurance components that represents a point on CC predefined assurance scale
![Page 23: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/23.jpg)
8
Federal Information Processing Std. (FIPS 140-2)
Level Technical Details 1: Basic Security Requirements
- Implementation of crypto functions in a PC. - FIPS approved crypto module.
2: Physical Tamper evidence & Role-based authentication
- Tamper evident seals or locks - Role-based operator authentication - Trusted operating system for crypto module
3: Enhanced physical security & Identity-based authentication
- Protection of critical security parameters - Identity-based operator authentication - High-level language implementation
4: Envelope Protection, formal models
- Detect/respond to unauthorised physical access - Identity-based operator authentication - Formal models and informal proofs
![Page 24: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/24.jpg)
Requirements envelope for Starting and Staying Secure
Requirements
Identification/ Authentication
Logging/ Early warning
Sourcing Integrity Secure storage/ Communication
1) User 2) System 3) Message 4) Access control
Functional
Design/ development Procurement
1) Certified codes 2) No hidden code 3) No mobile code
1) Input validation layer 2) Code & Data segre’n 3) Formal approach 4) Quality & standards 5) Indigenous grading
1) Trust models 2) Verification 3) Indigenous versions
1) Time/space tags 2) Watch dog
Input/Output
1) Hard disk Enc 2) Media Enc 3) IPSec (N/W layer) 4) TLS (Trans Layer) 5) Appln Layer 6) Key management
7
![Page 25: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/25.jpg)
Formal verification
• Objectives a) Proof of correctness, consistency and other properties b) IT-product certification based on standards c) Minimization of testing/maintenance costs d) Cyber security and assurance
• Approaches a) Logical representation and propositional calculus b) Discrete event calculus ( Erik Muller – MIT )
• Handles time-dependent physical world models • Uses the concept of fluents and related axioms
c) Automata models and model checking d) Black/white boxes and exhaustive automated checking
6
![Page 26: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/26.jpg)
Formal verification
Space of objects/targets for verification
– Production systems – Automata – UML descriptions
– Source code – Executable
– Models – HDL descriptions – Boolean logic
– Prototypes – Test specimens
HW
HW/SW Mix
SW
Design Implementation Life cycle stage
5
![Page 27: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/27.jpg)
4
A new direction for Cyber Defence
A virus infected computer! (Courtesy : corbisimages )
Human cognition in cyber space for better cyber defence 1. Create an identity/state profile for every computing/cyber system 2. Create and display an activity visage targeting human sensitivities 3. Bring the fundamental human sensory & cognitive faculties into play
![Page 28: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/28.jpg)
3
Some R& D Challenges for Cyber Defence
1. Building tagged dictionaries and grammars of natural languages
2. Common sense reasoning and its application for data validation
3. Segmentation of images and identification of constituent objects
4. Detection of activities in videos and natural language description
5. Display of large graphs and tools for navigation and exploration
6. Efficient algorithms for identification of sub-graph anomalies
7. Solving the problem of satisfiability using analog representations
8. Quantum algorithms for problems in NP Complete class
9. Development of a formal language for product specifications
![Page 29: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/29.jpg)
Outlook towards the Future
1) Artificially Intelligent Systems
2) New Computing technologies
- Quantum computing
- Molecular/DNA computing
3) Cryptanalytic/Factoring breakthroughs
4) Internet of Things (IoT)
5) Internet-II with built-in security
6) Biologically inspired Solutions
2
![Page 30: Concepts & Technologies for Cyber Defencecerc.iiitd.ac.in/spsymp16/Dr_Athithan_spsymp16.pdf · 2017-01-05 · Defence of our Cyber Space Overview 1.Terms and basic concepts 2.Information](https://reader036.fdocuments.in/reader036/viewer/2022081401/5f0400117e708231d40bd2af/html5/thumbnails/30.jpg)
Thank You 1
I am regularly asked what the average Internet user should do to ensure his cyber security. My first answer usually is ‘Nothing’.