TRUST:Team for Research in Ubiquitous Secure Technologies Overview Shankar Sastry, PI and Dir. Ruzena Bajcsy, Outreach Dir. Sigurd Meldal, Education Co-Dir. John Mitchell, co-PI Vijay Raghavan, Exec Dir Mike Reiter, co-PI Fred Schneider, Chief Sci. Janos Sztipanovits, co-PI and Education Co-Dir Steve Wicker, co-PI

Technology Generations of Information Assurance 1st Generation (Prevent Intrusions) Cryptography Trusted Computing Base Access Control & Physical Security Multiple Levels of Security Intrusions will Occur 2nd Generation (Detect Intrusions, Limit Damage) Firewalls Intrusion Detection Systems Boundary Controllers VPNs PKI Resist approach is not cost effiective Not amenable to COTS & legacy systems Does not work for insider threat and Life Cycle Attacks Identify attacks amenable to cost-effective resistance Tolerate the rest Tolerance mechanisms must stay ahead of attackers Functionality, performance and security must be traded off in real time Identify Attacks amenable to cost-effective resistance Functional, performance & security must be traded off in real-time Some Attacks will Succeed 3rd Generation (Operate Through Attacks) Big Board View of Attacks Real-Time Situation Awareness & Response Intrusion Tolerance Graceful Degradation Hardened Core Functionality Performance Security "Overview", Shankar Sastry

TRUST worthy Systems More than an Information Technology issue Complicated interdependencies and composition issues Spans security, systems, and social, legal and economic sciences Cyber security for computer networks Critical infrastructure protection Economic policy, privacy TRUST: “holistic” interdisciplinary systems view of security, software technology, analysis of complex interacting systems, economic, legal, and public policy issues Trustworthiness problems invariably involve solutions with both technical and policy dimensions (theme of Schneider’s talk) Goals: Composition and computer security for component technologies Integrate and evaluate on testbeds Address societal objectives for stakeholders in real systems "Overview", Shankar Sastry

Faking Spoofing Phishing Integrative Project: Identity Theft An e-mail that seems to be from a legitimate source Spoofing A Web site that appears to be “official” Phishing Luring users to provide sensitive data From Aucsmith, Microsoft "Overview", Shankar Sastry

PHISHING Impact Stats Most people are spoofed People are tricked Over 60% have visited a fake or spoofed site People are tricked Over 15% admit to having provided personal data 2780 phishing websites in March 2005 alone Target for spoofing attacks Banks, credit card companies, Web retailers, online auctions (E-bay) and mortgage companies. Economic loss 1.2 million U.S. adults have lost money The total dollar impact in first 6 months of 2005: $929 million, in all of 2003 $ 1.2B. Source: TRUSTe & Gartner "Overview", Shankar Sastry

SPYWARE Impact Stats Software that: Privacy Reliability Support Costs Collects personal information from you Without your knowledge or permission Privacy 15 percent of enterprise PCs have a keylogger Source: Webroot's SpyAudit Number of keyloggers jumped three-fold in 12 months Source: Sophos Reliability Microsoft Watson ~50% of crashes caused by spyware Support Costs Dell, HP, IBM: Spyware causes ~30% of calls Estimated support costs at $2.5m+ / year "Overview", Shankar Sastry

ID Protection: Client Side Tools SpoofGuard: Stanford (NDSS ’04) Alerts user when browser is viewing a spoofed web page. Uses variety of heuristics to identify spoof pages. A new type of anomaly detection problem. Dynamic Security Skins: Berkeley (SOUPS ’05) Allows a remote web server to prove its identity in a way that is easy for human to verify and hard for attacker to spoof: uses a photograph to create trusted path PwdHash: Stanford (Usenix Sec ’05) Simple mechanism for strengthening password web auth. SpyBlock: Stanford (under development) Prevent Spyware from capturing sensitive data. "Overview", Shankar Sastry

Tech Transfer from Phishing Work SpoofGuard: Some SpoofGuard heuristics now used in eBay toolbar and Earthlink ScamBlocker. Very effective against basic phishing attacks. PwdHash: Collaboration with RSA Security to implement PwdHash on one-time RSA SecurID passwords. RSA SecurID passwords vulnerable to online phishing PwdHash helps strengthen SecurID passwords "Overview", Shankar Sastry

Coordinated Research Agenda The TRUST center will develop and demonstrate science and technology in real-life testbeds. NSF core funding over 5 years plus option 5 years Possible support from US Air Force for IAS for GIG Network of partnerships with industry, infrastructure stakeholders NSF/US State Department would like to make partnerships with key international partners Coordinated research: eleven challenge areas across three key topics: Security Science Systems Science Social Science "Overview", Shankar Sastry

TRUST Structure Objective: Information Assurance in a Systems Context Societal Challenges Privacy Critical Computer and Infrastructure Network Security Integrative Testbeds - Role: Connect societal challenges to technical agenda Integrate component technologies Measure progress in real-life context Network Security Testbed Power Grid Secure Networked Testbed Embedded Systems Testbed Technologies System Science Security Science Social Science Software Security Complex Inter - Dependency mod. Secure Info Mgt. Software Tools Trusted Platforms Secure Network Embedded Sys Econ., Public Pol. Soc. Chall. Applied Crypto - graphic Protocols Model - based Security Integration. Forensic and Privacy Network Security Secure Compo - nent platforms HCI and Security Objective: Information Assurance in a Systems Context "Overview", Shankar Sastry

Software Security (language based) Security Science (1) Software Security (language based) Static Code Verification Dynamic Analysis Multi-lingual Security Software Design Trusted Platforms Composition Security and Vulnerability Minimal Software and Hardware Configurations Applied Cryptographic Protocols Protocol design methods Protocol analysis, testing, and verification "Overview", Shankar Sastry

Security Science (2) Network Security Focused on making the Internet more secure Challenges Denial of service attacks Spoofed source addresses Routing security Approaches: Structured overlay networks Better infrastructure Epidemic protocols Simulation and Emulation on DETER testbed "Overview", Shankar Sastry

Cyber Defense Technology and Experimental Reseach Network: DETER Inadequate wide scale deployment of security technologies Lack of experimental infrastructure Testing and validation in small to medium-scale private research labs Missing objective test data, traffic and metrics Create reusable library of test technology for conducting realistic, rigorous, reproducible, impartial tests For assessing attack impact and defense effectiveness Test data, test configurations, analysis software, and experiment automation tools "Overview", Shankar Sastry

System Science (1) Complex Interdependency Modeling and Analysis Four-fold approach to reducing vulnerability of interdependent systems to disruptive failure Modeling Strategies Analysis Techniques Design Technologies Operational Tools Secure Network Embedded Systems Present unique security concerns Conventional end-to-end approaches break down New code must be propagated throughout the network Focus areas: Automated design, verification, and validation Secure, composable, and adaptive software Emphasis on sensor networking technology as high-impact application "Overview", Shankar Sastry

Mote Evolution "Overview", Shankar Sastry

Secure Network Embedded System Testbed (577 nodes) at Berkeley Software TinyOS Deluge Network reprogramming Drip and Drain (Routing Layer) Drip: disseminate commands Drain: collect data DetectionEvent Multi-moded event generator Multi-sensor fusion and multiple-target tracking algorithms Other testbeds at Cornell, Vanderbilt (Wicker’s talk) "Overview", Shankar Sastry

System Science (2) Model-Based Integration of Trusted Platforms Supports system integration through embedded software Model-based design Model transformation technology QoS-enabled component middle-wareSecure Information Management Software Emphasis on new software tools for monitoring and controlling large sensor infrastructures Combines peer-to-peer protocols with epidemic algorithms Highly scalable Rigorous semantics User-friendly APIs "Overview", Shankar Sastry

Sample Application:The proposed DoD NCES/GIG architecture Basis is Web Services standard, although CORBA is likely to be used on server clusters Primary application platform will be Microsoft Windows NSA and DISA are playing key roles in mapping these components to military needs "Overview", Shankar Sastry

Social Science Economics, Public Policy and Societal Challenges From privacy to personal security Liability and insurance are critical concerns What are the benefits and costs of security policies? What are the nature and size of transaction costs associated with security? Digital Forensics and Privacy Privacy cuts across the trust/security issues that are the focus of TRUST Common interfaces are needed for specifying privacy requirements Emphasis on strong audit, selective revelation of information, and rule-processing technologies Human Computer Interfaces and Security Security problems may arise through the mis-configuration of complex systems Generally, humans lack many computational abilities that are conducive to securing networks and systems Strengthening standard passwords Using biometric information Using image recognition "Overview", Shankar Sastry

Healthcare Information Technology Rise in mature population Population of age 65 and older with Medicare was 35 million for 2003 and 35.4 million for 2004 New types of technology Sensors for elderly assisted living Increased demand for health data Health information technology Commercial use of health data Current Responses for Technology Assisting Healthcare: Electronic Patient Records Telemedicine Remote Patient Monitoring Table compiled by the U.S. Administration on Aging based on data from the U.S. Census Bureau. United Nations ▪ “Population Aging ▪ 2002” 2050 Percentage of Population over 60 years old Global Average = 21% "Overview", Shankar Sastry

Patient Portal Project Vanderbilt Patient Portal Electronic healthcare records Include real-time monitoring of congestive heart failure patients Heterogeneous sensor network for monitoring Data integrated into MyHealth@Vanderbilt patient portal Berkeley ITALH Testbed: seniors in Sonoma Stationary sensors: Motion detectors, Camera systems Wearable sensor: Fall sensors, Heart rate or pulse monitors "Overview", Shankar Sastry

LARGE INTEGRATIVE PROJECTS My Health Portals for Electronic Patient Records: Vanderbilt, Berkeley, Cornell (Sztipanovits’ talk) Phishing, Spyware, Identity Theft: Stanford, Berkeley (Mitchell’s talk) Secure Sensor Networks: Berkeley, CMU, Cornell, Vanderbilt (Wicker’s talk) DoD GIG IAS: Cornell, Vanderbilt, Berkeley (Birman’s talk) Cybersecurity Educational Modules: SJSU, Vanderbilt, Stanford (Meldal’s talk) "Overview", Shankar Sastry

Healthcare Information Access Privacy and Security Everywhere Provider Patient Payer Society Primary care Specialists Ancillaries Immediate Family Extended Community Support Friends Legally Authorized Reps Admin. Staff Claims Processors Subcontractors Clearinghouses Insurers Public Health State Licensure Boards Law Enforcement Internal QA External accreditation orgs Clinical Trials Sponsors Fraud Detection Medical Information Bureau Business Consultants National Security Bioterrorism Detection "Overview", Shankar Sastry

Sensor Networks in Public Places Protecting Infrastructure Opportunities for embedding sensor networks Transportation Water and Fuel Power Grid TRUST is emphasizing development of supporting technology for randomly distributed sensors Buildings Combine surveillance with energy control Integrate into building materials Open Spaces (parks, plazas, etc.) Combine surveillance with environmental monitoring Line-of-sight surveillance technologies "Overview", Shankar Sastry

EDUCATIONAL INITIATIVES Meldal, Sztipanovits and Bajcsy will speak in detail about the repositories, course work development, summer school and other educational initiatives under way Policy, Technology, Psychological Motivations of Terrorism: Maurer (Berkeley), Lazowska (Washington), Savage (UCSD) and Microsoft, Fall 05 http://www.cs.washington.edu/education/courses/csep590/05au/lectures/ Lampson, “Accountability and Freedom Varian “Economics and Computer Security” Maurer “The Third Wave of Terrorism” Aucsmith “Crime on the Internet” Samuelson, Mulligan, Wicker, and Goldberg: Video Privacy in Public Places? Capacity Building program for HBCU, HIS: Reiter TRUST Summer School (TSS) in June 2006 "Overview", Shankar Sastry

Outreach Initiatives BFOIT - Berkeley Foundation for Opportunities in Information Technology http://www.bfoit.org/ SUPERB-IT - Summer Undergraduate Program in Engineering Research at Berkeley - Information Technology http://www.eecs.berkeley.edu/Programs/ugrad/superb/superb.html SIPHER - Summer Internship Program in Hybrid and Embedded Software Research http://fountain.isis.vanderbilt.edu/fountain/Teaching/ Pennsylvania Area HBCU Outreach - Historically Black Colleges and Universities http://is.hss.cmu.edu/summer.html Women’s Institute in Summer Enrichment (WISE) to be kicked off in July 2006 "Overview", Shankar Sastry

SUMMARY TRUST has been successfully launched: research, education, outreach programs under way Hallmark of TRUST: Grand Challenge Projects Large Integrative Projects Identity Theft Secure Network Embedded Systems Secure Electronic Patient Records Portal DoD Global Information Grid Security Education: Large Projects Repositories: Evaluation using Learning Theory Modules for existing courses TRUST Summer School Outreach: Comprehensive BFOIT, SUPERB, SIPHER Capacity Building Program for HBCU/HSI WISE outreach to women researchers "Overview", Shankar Sastry

BACKUPS

Project Structure "Overview", Shankar Sastry Security Technology Teams Systems Science Teams Social Science Teams Integrative Projects Education Program Software Security Complex Interdependency Modeling and Analysis Economics, Public Policy and Societal Challenges System/Sec CoDesign Boeing+Raytheon Summer School Trusted Platforms Sensor Networks ORNL Curriculum Secure Network Embedded Systems Digital Forensics and Privacy Applied Cryptographic Protocols Human Computer Interfaces and Security Patient Portals VUMC Learning Science & Technology Insertion Model-based Integration of Trusted Components Network Security Repository Secure Information Management Software "Overview", Shankar Sastry

Example Experiment: Bandwidth-limited Scanning Worm Experiment ICSI and PSU: characterization, modeling and scale-down simulation of Slammer SQL worm’s propagation through the Internet: ICSI+PSU WORM’04 paper. Development of virtual nodes that model the response of sub-networks or whole Internet to a worm attack for the purposes of scale-down – 1/64th scale Internet Near term activity: Other worm attack recreations in the near term Collaborative defenses under test Large-scale enterprise network simulation "Overview", Shankar Sastry

NEST Final Experiment: Demo "Overview", Shankar Sastry

Overview of Agenda Schneider “Technology + Policy” Sztipanovits “Patient Medical Records Portals” Wicker “Secure Sensor Networks and Network Embedded Systems Mitchell “PwdHash, Spoofguard, Spyware, Botnets” Birman “Global Information Grid” POSTERS with 3 minute introductions Meldal, Sztipanovits and Bajcsy, Education and Outreach Activities Tygar, Technology Transition Strategy "Overview", Shankar Sastry