Security, Dependability and Trust in the Future InternetJeju, South Korea, August 27, 2008 Think-Trust (FP ) is a Coordination Action funded by the European Commissions 7 th Framework Information Society Technologies (IST) Programme, within the Unit D4 ICT for Trust and Security. Digital world roadmap: at a crossroads of intangible & invisible entities August 28, 2008AsiaFI meeting, Jeju, South Korea2 I Science convergence Nano-Bio-Info-Cogno-Socio-Quantum Ecosystems Digital Convergence Architectures, protocols, formats Cyber-systems Invisibleintangible Reclusive Attitude Further Expansive Attitude Effervescence, chaotic period traceable Future Internet and Future Web Polymorphic, pervasive Physical & Digital reconciliation Digital hybrid urbanization : holistic future Internet August 28, 2008AsiaFI meeting, Jeju, South Korea3 Post-Beyond 3-4G Galileo-GPS- Clock and Position Current Internet WDM-IPv4-IPv6-MPLS Internet of Things Services Hooked to several infrastructures No more monochromic, mono-technology security Quantum Infrastructures Distribution of secrets Future Internet : Polymorphic & Poly-Infrastructures Security of the digital convergence Digital governance : PC, TV, Phone, location infrastructures Instilling trust : Quantum Secret Keys distribution through Quantum Infrastructures Pollination of services : threats & opportunities for security Composition of services Federation and orchestration of security functions Cross fertilization of secure services through several infrastructures With the new Future Internet, we can reinvest the real world Trusted clock and trusted location : Trusted infrastructures (Galileo, GPS2, Russia, China) To avoid replay attacks To improve comfortable authentication (with time and location) To route data August 28, 2008AsiaFI meeting, Jeju, South Korea4 Internet is broken : (*) how to heal the future fragile communications ? August 28, 2008AsiaFI meeting, Jeju, South Korea5 IPv4 IPv6 TCP DNS Web Security Mobility SSL Router Packet Patches Efficiency XML Anti-virus URL PKI Firewall Honey-pots IDS IPSec PrivacyTrust IETF MPLS spam virus Digital signature 3GPP (*) David D. Clark, The Internet is broken, Technology Review, December 2005/January 2006, MIT Press. The changing landscape in security August 28, 2008AsiaFI meeting, Jeju, South Korea6 DDoS Domino effects Illicit content Illicit computations identification IP addresses ONS Overlay, P2P, Grids Trans-continent Virtual Organizations Computer virus New standard bodies Asymmetric cryptography Quantum Crypto for distribution of secrets Intrusion, Malware Spontaneous massive attacks Multimedia content, XML, Message, document Zetta bytes of data Physical attacks on individuals New Threats New Usages => New threats New landscape Massive multi-parties applications programs (Alice & Bob relationship is over ) 500 Mega-machines, 3 Giga-people, 1 tera-objects (Security is not scalable ) Huge flows of multimedia content and virtual distributed services (traceability will be difficult, indeed impossible) Interconnection with the physical world : sensors and actuators (end of an intangible world) Digital world : a vast ecosystem of critical infrastructures (how to control and master ?) Mobility of devices, persons, groups, swarms of things Privacy issues : European Identity cards, Anonymization, fragmented identity Addiction of users, Inescapable Infrastructures (individual, enterprise, society) Major threats => illicit computer programs Emergence of combined opportunities for attackers : concidence of Massive Power for everyone : an end-user will have at his disposal Billions of Mips over the networks (new equilibrium of computing power) Pervasive connections to physical reality : possibility to join and disturb the distributed physical world (physical presence will be too dangerous for terrorists, because of CCTV networks of surveillance) New generation of attackers, failures Organized cybercrime: criminal organization, but also untrusted service operators (telecom, network service, security brokers) August 28, 2008AsiaFI meeting, Jeju, South Korea7 New vulnerabilities New Architectures => new vulnerabilities 3 global virtual ubiquities : communication, computation, storage identity of persons and objects becomes a major issue Externalization of resources Mobility and disappearance of intangible entities: difficult to trace More complexity, more abstractions => more fragile Mobile and dynamic computing resources : flexible services & plastic architectures Core network: high data rate cryptography How to encrypt at 100Gbits/s data rate Access network: illicit & malicious programs Wireless multi-technologies, multi-policies Peripheral networks : identity thef ts August 28, 2008AsiaFI meeting, Jeju, South Korea8 Future Internet Attacks Attacks through user cooperation Users are increasingly lost in the dynamic, recursively overlaid structures and distributed applications Attract, threaten, fool users to cooperation Attacks through travels from Virtual to Real, back and forth Attacks through dependencies: attack infrastructure A to provoke failures in infrastructure B Botnet attacks Focus botnet power on targets, today mostly click fraud and DDoS In future massive computations & data mining: inference, predictions Illicit content distribution attacks Today mostly copyrighted material Tomorrow: massive distribution of classified and illegal material through steganography and P2P networks Cyberwars Secret and special services disrupting the IT infrastructures of enemy states State sovereignty: massive disinformation and opinion manipulation, influence on elections in third states Internet assassinations Remark: already implicitly possible today through connected object tracking In future through direct object control and disruptive actions on objects resulting in incidents Cyberterrorism disrupt services, provoke accidents in certain regions, kill certain citizens, disinformation, propaganda Personal attacks leading to virtual solitude and depression Identity theft, identity usurpation, targeted ads, illicit banking operations Killing digital reputation, provoking digital isolation August 28, 2008AsiaFI meeting, Jeju, South Korea9 Incremental or Disruptive Approach ? Upgrade Internet++, B3G++ => Patch & Go Clean slate => rethink & radically design August 28, 2008AsiaFI meeting, Jeju, South Korea10 For security : radical redesign SSL++ IPSecV9 Next Generation IDS RFC b proprietary PKI Antivirus-spam & botnet Hostile context Tranquil context Authentication with trusted clocks and position Distribution of secrets using Quantum Crypto Trust instrumentation (at the design level) Systems : S original & operational August 28, 2008AsiaFI meeting, Jeju, South Korea11 Digital System S technology Ambient System Human values We must secure the whole relationship Research at the international level Research, based on progress & human values Awareness of what is achievable (technical) what is acceptable (civilized ethics, democratic values) Countries: bearers of a variously facetted humanism to be instantiated in the communications or protection tools Knowledge, partitioned for choice Users awareness to grasp the security & intimacy stakes The choices: multiple, ephemeral & adaptable Defining the demarcation line: movable Users behavior to be taken into account imagining and anticipating the effects on the behavior of both individuals and groups August 28, 2008AsiaFI meeting, Jeju, South Korea12 TechnologyEconomy Usage Societal factors Legislation Intercontinental Thought : new models beyond an idyllic, pre-scripted vision of future networks Neither unique nor providential solution Model, counter-model, alter-model Arrival of China and India on the IT scene change in concerns (demographic, development) change in power Alter-models the pseudo-libertarians (Naives of the Internet) Repression-pure players (some governments). Cyberspace & Cyber-governance ( rudder) Technology-free reign? descriptive of order no control and regulation: becomes self-reflexive normative of order governing is defining order In technologies, we talk about often: what is not often: what ought to be or what could be August 28, 2008AsiaFI meeting, Jeju, South Korea13 3 Ubiquities : Storage - Communication - Computation August 28, 2008AsiaFI meeting, Jeju, South Korea14 Meta-Systems Intelligence & Cognition Components complex security at large for networks and systems security at simple for small, indeed invisible security at giant, indeed inextricable Identity Traceability Availability Accountability Integrity Authentication Access Control Expand the field of security & Push back the Frontiers Within space ubiquity and mobility of computation, communication & storage Securing Communication & Information Infrastructures & MetaSystems global ubiquitous computing, ambient intelligence, digital Living, digital urbanization globalization of services, Skype-, Google-like innovative services Protecting huge amount of artifacts (hardware, software, data) for citizens, organizations, governments waste, archive, backup, permanent, persistent, volatile, just-in-time dematerialized information noise, fungible, public, proprietary (IPR, DRM), critical, sensitive, classified Treating scarce resources & information in all respects Infrastructures of Rfids, nanoHardware, tiny OSs, fleets of smart dust, massive short messages Within time (> 20 years) transcend ephemeral & incremental technologies Protection duration of digital data > Life duration of Security technologies (hash or encryption algorithms) Secure archives & signatures must be foolproof In a complexity from the simple, via the complex, to the inextricable a Divergence & richness of services, usages Spontaneous virtual mobile architectures Virtual Hybrid Ontologies the physical/logical features + brand image, identity, ownership Massive Hardware, Software, Data Dynamic Virtual Entities, fleets of structures, dynamic services Adaptive security policies August 28, 2008AsiaFI meeting, Jeju, South Korea15 Regular: artifacts for individuals & enterprises August 28, 2008AsiaFI meeting, Jeju, South Korea16 Traditional security to be improved and revisited (architecture & protocols): Classical Cryptography Engineering Security Dwarf : tiny program, simple artifact, scarce resource August 28, 2008AsiaFI meeting, Jeju, South Korea17 Stochastic Security Strong security at the collection level (architecture) Cheap weak security at the individual level (massive & simple algorithms) The digital world is neither fractal nor scalable For tiny objects, Emergence of self-* models at the collection level Huge, Giant : Complex systems, inextricable problems August 28, 2008AsiaFI meeting, Jeju, South Korea18 Semantic security for Complexity & human values Trust Virtualization Incarnation dialectic Virtualization of properties Heterogeneous infrastructures Mobility, security Network concepts incarnation Situated services, context Neighbors, Topology August 28, 2008AsiaFI meeting, Jeju, South Korea19 Logical entities Physical entities A virtual community Resilience of functional objects : centralized trusted infrastructures (PKI, DNS, ) Responsibility, Accountability Resilience of non functional properties : architecture, mobility, configurability, QoS, Resilience of the Ambient Intelligence : ecology of virtual ontologies (V2V) Management of global security, Transparency 2 orthogonal dashes in the paradigms evolution the virtualization paradigm to juggle with entities of a different nature to mask exotic forms and reduce complexity memory, storage hw (virtual machine) sw (OS) architecture (overlay) protocols (circuit/package) Ephemeral instantiation and dynamic configuration of systems properties the incarnation / embodiment paradigm Thinking requests a knowledge posture (it is not only computation) intelligence requires a body (*) Instantiation for networks Old vision: signaling protocols, control plane Distributed instrument (usually software) to grasp the context and the situation Today vision: overlay structures Tomorrow vision : overlay and incarnation over network-computer, hw/sw, content-services August 28, 2008AsiaFI meeting, Jeju, South Korea20 Network of Artifacts societies Adaptation (*) How the Body Shapes the Way We Think: A New View of Intelligence by Rolf Pfeifer and Josh C. Bongard, MIT Press, 2006 Computational Cryptography Traditional hierarchical ladder of the current internet Re-equilibrium of forces within the future internet (attacks, cryptanalysis) August 28, 2008AsiaFI meeting, Jeju, South Korea21 amateur Hacker Governmental organizations Standalone end-user Massive externalized furtive computer power running within the anonymous networks confidential illicit computations New Crypto with computation, history and geography ? Alice and Bob are no more alone in this world: They have witnesses, alibis, trajectories They leave traces Cryptography in the Future Internet Classical cryptography Core network : Crypto at 100 Gbits/s up to 1 Tbits/s : authentication protocols Edge: Crypto for the Internet of things - integrity of tags Multiparty, massive Games Alice and Bob are dead or they are lost within the crowd Quantum cryptography Distribution of secrets October 2008 : demonstration in Vienna (Secoqc IP FP6 Project) August 28, 2008AsiaFI meeting, Jeju, South Korea22 Exchanges crossing boundaries : virtual, massive, private August 28, 2008AsiaFI meeting, Jeju, South Korea23 country A country B Technology 1 Technology 2 Technology 3 Multi-parties : Web2 (Second Life, multi-players games) Massive numbers of participants Multiservices : Skype, P2P Multi-parties : Web2 (Second Life, multi-players games) Massive numbers of participants Multiservices : Skype, P2P A science of the Web : technical challenges Old Web : importance of the underlying protocols computers connected (Web pages, Web sites) 1986 : ancient Web : (Wide Electronic Board) 1991 : Web (Berners-Lee) Web with text 1995 : first success (Java encapsulated) Bandwidth issue (wait-wait-wait) 2000 : high data rate Web with Multimedia Web2 (Multiparties, Virtual), Semantic Web, Future Web: importance of mobility, context and reinvestment of Humans & Reality Computers (Mobile, Multimedia), networks at large, within physical world profound evolution in parallel with Future Internet Geography : Mobility, Ubiquity Reconciliation with nomadicity (vocal Web) Search engines with locality, smarter search engines : Post-Google engines History : Memory of the web (Next Generation of the Deep Web, Hidden Web) Stochastic XML (see P Senellart PhD Thesis December 2007, Paris) Knowledge Representation, Visualization Search engines, Social computing, Natural language technology Web of intentional Things Things will display their public life cycle, will blog (for maintenance) August 28, 2008AsiaFI meeting, Jeju, South Korea24 Catastrophic event in the protocol world in 2000 : Web Http decreases, P2P protocols raises drastically Hidden Web, Deep scattered services : death of the OSI model Old Internet : flat architecture, independence between application - network Future Web Services : distributed resources, aggressive protocols, Continuity application - network August 28, 2008AsiaFI meeting, Jeju, South Korea25 First Drawing of Internet (Paul Baran, 1962)Example : Skype architecture Resilience Vision: private dedicated local overlay technology August 28, 2008AsiaFI meeting, Jeju, South Korea26 storagecomputation communication technologies for the three functions Local Overlay Networks local P2P structures local Overlay Services Grids local stands for resources known or shared by neighbors cross-mechanisms to link the virtual interfaces mutualization of three resilient Ubiquities Scalability & granularity issues : overlays do not overlap August 28, 2008AsiaFI meeting, Jeju, South Korea27 Infrastructure communication storage computation Evolution of computing paradigms: growing complexity, darkness, vulnerability Before 1980 : Computing belonged to private kingdoms 1980: Everything is a file Instruments: Unix and C Language (golden age of the computer scientist) Unix unites hardware and software A file: string of characters that can be manipulated using C programming language A printer is a file (/dev/lpr), as is the recycling bin (/dev/null) 1990: Everything is a document Computing for all businesses 1990: On the desktop (Microsoft) 1995: On a network (Internet) for someone communicating, everything is a document available on the network, readable by everybody (HTML) and executable everywhere (Java) 2000: Everything is a Program ambient intelligence Jini Concept: a printer is a Java program (which announces its capabilities to its neighbors) Active network: an IP packet has a header which is a Java program that executes itself on the networks routers Intentional Architecture: an address name is a program which can be used to find it 2010 : Architecture is a program August 28, 2008AsiaFI meeting, Jeju, South Korea28 Languages : complexification of abstract typing August 28, 2008AsiaFI meeting, Jeju, South Korea29 Bjarne Stroustrup Dennis M. Ritchie John Backus John Mac Carthy Fortran Lisp CC++ Java 1992 Pointers: Static Structures Pointers : objects, dynamic, programs List : organization of the memory with strings Floats, Integers Independent within the memory Networks : Complexification of abstract typing of links August 28, 2008AsiaFI meeting, Jeju, South Korea30 Traditional network : nodes and links Overlay network, P2P : Introduction of topology BitTorrent, Chord Virtual tier networks : Static structure of personalized nodes Semantic dynamic networks : Programmable structures Google Web Ontologies ubiquity Asynchronous Text Text Mining Scalable protocols History memory Geography Multimedia Knowledge Identity card projects in Europe with biometry August 28, 2008AsiaFI meeting, Jeju, South Korea31 A secure ID plastic card with a chip set ? and other secure keys and personal data ? Fragmented Compartmented Multi-identities August 28, 2008AsiaFI meeting, Jeju, South Korea32 You have multiple roles: a citizen, an employee, a consumer, a provider a parent, a patient, a victim, a player Physical identity(ies) & Cyber identity(ies) must be considered separately and as a whole All these roles have their own privacy Virtual & Real world : new generation of attacks August 28, 2008AsiaFI meeting, Jeju, South Korea33 Attacks swing between virtual and reality, back and forth What is biometry (voice, picture) when digitized ? Just 1 and 0 On the future Internet, the audio video content will be quite sensitive and highly valuable avatar A 2 layer model after the digital convergence August 28, 2008AsiaFI meeting, Jeju, South Korea34 ManagementSecurity Service oriented architecture Internet3GGalileo Internet of Things Virtual PLANE Engineering PLANE How to secure a fully virtual world across countries ? August 28, 2008AsiaFI meeting, Jeju, South Korea35 The virtual plane Virtual Word : Deep Web, Virtual Organizations, Virtual Operating Systems, Virtual Private Networks, Overlays (BitTorrent, Skype, Storage Area Networks), Underlays (Landmarks), Web2 Security & Trust August 28, 2008AsiaFI meeting, Jeju, South Korea36 1 st Threshold 2 nd Threshold Trust Continuum 1 st Threshold to modify behavior 2 nd Threshold to stop interacting Dissociation between both Infrastructures/Instrumentations of Trust & Security Privacy : Dialectic Security & Freedom August 28, 2008AsiaFI meeting, Jeju, South Korea37 citizensociety Security Privacy Visibility, reciprocal transparency, peer surveillance The rest of the worldA private entity : an individual, a company Quarantine zone Future Internet Will be characterized through unlimited services and infrastructure convergence Apparent service transparence on heterogeneous networks Complexity, vertical mobility, adaptation International environment Different ethics, different legislations Participative environment Consumers are producers who are consumers of other producers, etc. Ad-hoc spontaneous service creation: complex workflows with security policies Unlimited distribution vs. content vulnerability Origin, authenticity, legality of content, legality of possession of it Non-repudiation, accounting, billing Privacy violations Tracing, abuse, identity theft Still a definition problem Interconnection of todays Internet, 3G/4G, Galileo New networks: Internet of things, opening of critical infrastructures Scaling: from the minuscule to the gigantic Reconcile ethics & cultures: system with multiple instantiations, multi-form structure? Multipolar Governance August 28, 2008AsiaFI meeting, Jeju, South Korea38 Trust, Security, Dependability & Privacy Issues to be validated Identity of physical and moral persons Identity management, accountability, responsibility, in proportionality of the whole value chain of players : end-user, software editor, Service Provider, etc Catalog of authentications (Accountability & non repudiation) Privacy and intimacy policies Identity of virtual entities and physical artifacts Internet of Things (Massive and extremely tiny objects ) : Statistical security (traceability) Urbanization of Poly-infrastructures (Internet, 3G, Galileo, Internet of things) Huge and inextricable digital world Complex system of systems : impossible to fully understand (and secure) End-users and assets to protect : New Architectures and protocols Necessity to create a new trusted infrastructures (analog to reinforced concrete for physical buildings) Contents (flow, assets) and programs Distributed Learning Machines in Security : Resilience Traffic analysis & monitoring : early detection Distributed security instrument to detect and analyze security breaches Scalability of security paradigms Seamless (through heterogeneity), mobility (through persons and robots) and massivity (extreme data rate & volume) properties Digital governance Protection of the user (ethical behavior) from the rest of the world Protection of the society from the user (hacker, cyber crime, cyber terrorism) August 28, 2008AsiaFI meeting, Jeju, South Korea39 New security paradigms for Internet resilience The new art of sharing secrets How to split between address location & identity ? Design new mechanisms for authenticity Death of bunch of passwords : when? Tamper resistant devices Protocols to ensure trust properties for routing No lies, no spoofing, no impersonation How to forget ? Traces, memories, events, blogs and The new art to be accountable and liable Sharing trust in the end to end actors chain within the collaborative environment The new art of remaining free and private August 28, 2008AsiaFI meeting, Jeju, South Korea40 Top down approach : different granularities Need to secure systems of systems Urbanism instead of architecture Reconcile different security policies and build coexistent conflicting policies Need to secure any participating system Multi-party security, heterogeneous security Close but do not enclose: service vs. security Need to secure every entity Identification, traceability, protected sessions But respect privacy needs of legal bodies Anonymity, pseudonymity, unconditional confidentiality Need to educate users Legal issues, responsibility, technological background, risks & opportunities Best practices, control, reaction and procedures Governance: need to control and manage (end-users within the loop) System and entity management at every level Just-in-time analysis and reaction to incidents Machine and autonomous learning Security and reliability of these mechanisms August 28, 2008AsiaFI meeting, Jeju, South Korea41 New challenges Dynamic systems & adaptive context & services Security services : realtime measurements and assurance calculations Just-in time security is very vulnerable How to make the distinction between positive services and distributed botnets ? Self-* properties, autonomous local properties : who is responsible? non repudiation protocols will be crucial Current Internet : Alice and Bob are dead Future Internet : Astrid, Barnab, Charlotte, David, Elody were born within a dynamic environment, with a lot of neighbours Personalization Not only end-to-end communications Indirect attacks through Objects, locations Location based services Traceability (ONS, etc) Virtual entities are not taken into account by Policies Virtual stands for Identification difficult Accountability difficult August 28, 2008AsiaFI meeting, Jeju, South Korea42 Changing the paradigm & rethinking the system First route: changing the paradigm : pervasive and never finished Vision of a future pervasive ICT with billions of networked devices, leading to self-organizing, -healing, -protection systems could benefit from bio-living world inspiration where such organized populations evolve Incremental development & deployment systems are never finished, evolution is incessant, upgrades, changes in functionality, new features are being added at a continuous pace systems are expected to be able to respond to the changing circumstances of the ambient where they are embedded Second route: rethink the system from the users point of view This vision of a future user-centric system These users must take back control (at least in part) of their personal, digital space to change the current asymmetry between users and suppliers/publishers/service providers. Privacy risk of the growing trend towards a massive dissemination of digital traces representing behavioral, personal and even biological information The result should be able to combine privacy protection with personalization driving role, by seeking subsidiarity and independence, arriving at developing methods for user-oriented risk assessment August 28, 2008AsiaFI meeting, Jeju, South Korea43 Security : technology & policy (societal) Security of functional properties (services, operations) Through the natural Security functions identification, authentication, access control, data protection Through the architecture: new distribution of computers, persons, things, contents, services Composition, self-* Through the delegation of Business process management Security of non functional properties of the digital world Mobility Management Evolution, adaptability Security 2 for instilling trustworthiness (stakeholders) Security of security Security of trust Trust of security (security in the dark) Usability August 28, 2008AsiaFI meeting, Jeju, South Korea44