What can Technologists learn from the History of the Internet?

Slides:



Advertisements
Similar presentations
Sandhus Laws of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio Chief.
Advertisements

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
1 Laws of Cyber Security Ravi Sandhu Executive Director and Endowed Professor September 2010
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation
Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Cyber Security A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 15, 2016
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor July 27, 2011
1 Views of Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair March 25, © Ravi Sandhu.
1 Understanding Which New Threats Operators Can Expect To Face Within The Next Two To Five Years To Improve The On- Going Management Of Security Systems.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
Executive Director and Endowed Chair
A CSCE 548 presentation: Trusting Network Name Resolution
Executive Director and Endowed Chair
Executive Director and Endowed Chair
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Security and Privacy in the Networked World
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.
Institute for Cyber Security: Research Vision
Authentication by Passwords
Attribute-Based Access Control: Insights and Challenges
Identity and Access Control in the
Protecting Online Identity™
Cyber Security Research: Applied and Basic Combined*
Challenge-Response Authentication
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
Cyber Security Research: Applied and Basic Combined*
Institute for Cyber Security: Research Vision
Security and Privacy in the Age of the Internet of Things:
Intersection of Data, Policy and Privacy
Authentication and Authorization Federation
UTSA Cyber Security Ecosystem
Attribute-Based Access Control: Insights and Challenges
Cyber Security and Privacy: An Optimist’s Perspective
Identity and Access Control in the
Big Data and Privacy Panel Prof. Ravi Sandhu
Executive Director and Endowed Chair
Cyber Security Trends and Challenges
Institute for Cyber Security Overview
Challenge-Response Authentication
Application-Centric Security
Assured Information Sharing
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Virtual Private Networks (VPN)
Access Control Evolution and Prospects
World-Leading Research with Real-World Impact!
Presentation transcript:

What can Technologists learn from the History of the Internet? Prof. Ravi Sandhu Executive Director and Endowed Chair Department of Computer Science University of Texas at San Antonio Munich Center for Internet Research September 22, 2016 ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu © Ravi Sandhu World-Leading Research with Real-World Impact!

What can Security Technologists learn from the History of the Internet? Prof. Ravi Sandhu Executive Director and Endowed Chair Department of Computer Science University of Texas at San Antonio Munich Center for Internet Research September 22, 2016 ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu © Ravi Sandhu World-Leading Research with Real-World Impact!

Cyberspace Characteristics Cyberspace/Cybersecurity Ecosystem Science Engineering Business/Societal Cyberspace Characteristics Entirely human-made Evolves rapidly and unpredictably Subject to physical, mathematical and technological laws/heuristics © Ravi Sandhu World-Leading Research with Real-World Impact! 3

Cyberspace Characteristics Cyberspace/Cybersecurity Ecosystem Science Engineering Business/Societal Traditional science explains the cause of observed phenomenon Cyber science facilitates the construction of future systems Cyberspace Characteristics Entirely human-made Evolves rapidly and unpredictably Subject to physical, mathematical and technological laws/heuristics © Ravi Sandhu World-Leading Research with Real-World Impact! 4

Internet Hourglass Model TCP/IP © Ravi Sandhu World-Leading Research with Real-World Impact!

Internet Hourglass Model TCP/IP TCP RFC 793 Sept. 1981 IPv4 RFC 791 Sept. 1981 © Ravi Sandhu World-Leading Research with Real-World Impact!

The TCP/IP Story A TCP/IP based Internet was not inevitable. The Internet was supposed to be OSI based. © Ravi Sandhu World-Leading Research with Real-World Impact!

The TCP/IP Story TCP and IP have several well known deficiencies but are unlikely to disappear soon IPv6 not withstanding © Ravi Sandhu World-Leading Research with Real-World Impact!

The TCP/IP Lesson Agility trumps perfection © Ravi Sandhu World-Leading Research with Real-World Impact! 9

The TCP/IP Lesson Agility trumps perfection Not quite the same as Good enough trumps perfect © Ravi Sandhu World-Leading Research with Real-World Impact! 10

Agility = Good enough for now + Future-proof for uncertain future The TCP/IP Lesson Agility = Good enough for now + Future-proof for uncertain future © Ravi Sandhu World-Leading Research with Real-World Impact! 11

IP Spoofing Story ALLOW GOOD GUYS IN KEEP BAD GUYS OUT IP Spoofing predicted in Bell Labs report ≈ 1985 Unencrypted Telnet with passwords in clear 1st Generation firewalls deployed ≈ 1992 IP Spoofing attacks proliferate in the wild ≈ 1993 Virtual Private Networks emerge ≈ late 1990’s Vulnerability shifts to the client PC Network Admission Control ≈ 2000’s Persists as a Distributed Denial of Service mechanism Most of these fixes have not changed or extended IPv4 © Ravi Sandhu World-Leading Research with Real-World Impact! 12

Internet Security Protocols SSL/TLS Dozens of other security protocols IPSEC © Ravi Sandhu World-Leading Research with Real-World Impact!

Internet Security Protocols Half successful SSL/TLS Dozens of other security protocols IPSEC Largely failed Some successes Many failures © Ravi Sandhu World-Leading Research with Real-World Impact!

SSL (Secure Sockets Layer) © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way vs 2-way SSL Client 1-way SSL Server (Browser) Client 2-way SSL © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way vs 2-way SSL Client 1-way SSL Server (Browser) INSECURE Phishing Man-in-the-middle Client (Browser) Server 2-way SSL SECURE Phishing Man-in-the-middle © Ravi Sandhu World-Leading Research with Real-World Impact!

1-way vs 2-way SSL Client 1-way SSL Server (Browser) INSECURE Phishing Man-in-the-middle MASS DEPLOYMENT Client (Browser) Server 2-way SSL SECURE Phishing Man-in-the-middle MINIMAL DEPLOYMENT © Ravi Sandhu World-Leading Research with Real-World Impact!

The SSL Lesson Client-less trumps client-full Start-ups (SSL) trump committees (IPSEC) © Ravi Sandhu World-Leading Research with Real-World Impact! 19

Summary Agility trumps perfection Client-less trumps client-full Start-ups trump committees © Ravi Sandhu World-Leading Research with Real-World Impact! 20

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.