TRUST, Washington, D.C. Meeting January 9–10, 2006 TRUST :Team for Research in Ubiquitous Secure Technologies Overview Shankar Sastry, PI and Dir. Ruzena Bajcsy, Outreach Dir. Sigurd Meldal, Education Co-Dir. John Mitchell, co-PI Vijay Raghavan, Exec Dir Mike Reiter, co-PI Fred Schneider, Chief Sci. Janos Sztipanovits, co-PI and Education Co-Dir Steve Wicker, co-PI

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry2 Technology Generations of Information Assurance 1st Generation (Prevent Intrusions) Intrusions will Occur Some Attacks will Succeed Cryptography Trusted Computing Base Access Control & Physical Security Multiple Levels of Security 2nd Generation (Detect Intrusions, Limit Damage) Firewalls Intrusion Detection Systems Boundary Controllers VPNs PKI 3rd Generation (Operate Through Attacks) Big Board View of Attacks Real-Time Situation Awareness & Response Intrusion Tolerance Graceful Degradation Hardened Core Functionality Performance Security

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry3 TRUST worthy Systems More than an Information Technology issue Complicated interdependencies and composition issues – Spans security, systems, and social, legal and economic sciences – Cyber security for computer networks – Critical infrastructure protection – Economic policy, privacy TRUST : “holistic” interdisciplinary systems view of security, software technology, analysis of complex interacting systems, economic, legal, and public policy issues Trustworthiness problems invariably involve solutions with both technical and policy dimensions (theme of Schneider’s talk) Goals: – Composition and computer security for component technologies – Integrate and evaluate on testbeds – Address societal objectives for stakeholders in real systems

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry4 Faking – An that seems to be from a legitimate source Spoofing – A Web site that appears to be “official” Phishing – Luring users to provide sensitive data From Aucsmith, Microsoft Integrative Project: Identity Theft

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry5 Most people are spoofed – Over 60% have visited a fake or spoofed site People are tricked – Over 15% admit to having provided personal data – 2780 phishing websites in March 2005 alone Target for spoofing attacks – Banks, credit card companies, Web retailers, online auctions (E-bay) and mortgage companies. Economic loss – 1.2 million U.S. adults have lost money – The total dollar impact in first 6 months of 2005: $929 million, in all of 2003 $ 1.2B. Source: TRUSTe & Gartner PHISHING Impact Stats

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry6 Software that: – Collects personal information from you – Without your knowledge or permission Privacy – 15 percent of enterprise PCs have a keylogger Source: Webroot's SpyAudit – Number of keyloggers jumped three-fold in 12 months Source: Sophos Reliability – Microsoft Watson ~50% of crashes caused by spyware Support Costs – Dell, HP, IBM: Spyware causes ~30% of calls – Estimated support costs at $2.5m+ / year SPYWARE Impact Stats

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry7 ID Protection: Client Side Tools SpoofGuard: Stanford (NDSS ’04) – Alerts user when browser is viewing a spoofed web page. – Uses variety of heuristics to identify spoof pages. – A new type of anomaly detection problem. Dynamic Security Skins: Berkeley (SOUPS ’05) – Allows a remote web server to prove its identity in a way that is easy for human to verify and hard for attacker to spoof: uses a photograph to create trusted path PwdHash: Stanford (Usenix Sec ’05) – Simple mechanism for strengthening password web auth. SpyBlock: Stanford (under development) – Prevent Spyware from capturing sensitive data.

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry8 Tech Transfer from Phishing Work SpoofGuard: – Some SpoofGuard heuristics now used in eBay toolbar and Earthlink ScamBlocker. – Very effective against basic phishing attacks. PwdHash: – Collaboration with RSA Security to implement PwdHash on one-time RSA SecurID passwords. RSA SecurID passwords vulnerable to online phishing PwdHash helps strengthen SecurID passwords

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry9 Coordinated Research Agenda The TRUST center will develop and demonstrate science and technology in real-life testbeds. NSF core funding over 5 years plus option 5 years Possible support from US Air Force for IAS for GIG Network of partnerships with industry, infrastructure stakeholders NSF/US State Department would like to make partnerships with key international partners Coordinated research: eleven challenge areas across three key topics: – Security Science – Systems Science – Social Science

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry10 TRUST Structure Privacy Computer and Network Security Power Grid Testbed Network Security Testbed Secure Networked Embedded Systems Testbed Software Security Trusted Platforms Applied Crypto- graphic Protocols Network Security Secure Network Embedded Sys Forensic and Privacy Complex Inter- Dependency mod. Model-based Security Integration. Econ., Public Pol. Soc. Chall. Secure Compo- nent platforms HCI and Security Secure Info Mgt. Software Tools Technologies Societal Challenges Integrative Testbeds - Critical Infrastructure System Science Security Science Social Science Role: Connect societal challenges to technical agenda Integrate component technologies Measure progress in real-life context Objective: Information Assurance in a Systems Context

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry11 Security Science (1) Software Security (language based) Static Code Verification Dynamic Analysis Multi-lingual Security Software Design Trusted Platforms Composition – Security and Vulnerability – Minimal Software and Hardware Configurations Applied Cryptographic Protocols Protocol design methods Protocol analysis, testing, and verification

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry12 Security Science (2) Network Security – Focused on making the Internet more secure – Challenges Denial of service attacks Spoofed source addresses Routing security – Approaches: Structured overlay networks Better infrastructure Epidemic protocols Simulation and Emulation on DETER testbed

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry13 Cyber Defense Technology and Experimental Reseach Network: DETER Inadequate wide scale deployment of security technologies Lack of experimental infrastructure – Testing and validation in small to medium-scale private research labs – Missing objective test data, traffic and metrics Create reusable library of test technology for conducting realistic, rigorous, reproducible, impartial tests – For assessing attack impact and defense effectiveness – Test data, test configurations, analysis software, and experiment automation tools

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry14 Sample DETER Topologies

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry15 System Science (1) Complex Interdependency Modeling and Analysis – Four-fold approach to reducing vulnerability of interdependent systems to disruptive failure Modeling Strategies Analysis Techniques Design Technologies Operational Tools Secure Network Embedded Systems – Present unique security concerns Conventional end-to-end approaches break down New code must be propagated throughout the network – Focus areas: Automated design, verification, and validation Secure, composable, and adaptive software – Emphasis on sensor networking technology as high-impact application

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry16 Mote Evolution

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry17 Secure Network Embedded System Testbed (577 nodes) at Berkeley Software – TinyOS – Deluge Network reprogramming – Drip and Drain (Routing Layer) Drip: disseminate commands Drain: collect data – DetectionEvent Multi-moded event generator – Multi-sensor fusion and multiple-target tracking algorithms Other testbeds at Cornell, Vanderbilt (Wicker’s talk)

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry18 System Science (2) Model-Based Integration of Trusted Platforms – Supports system integration through embedded software Model-based design Model transformation technology QoS-enabled component middle-wareSecure Information Management Software Emphasis on new software tools for monitoring and controlling large sensor infrastructures – Combines peer-to-peer protocols with epidemic algorithms Highly scalable Rigorous semantics User-friendly APIs

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry19 Sample Application:The proposed DoD NCES/GIG architecture Basis is Web Services standard, although CORBA is likely to be used on server clusters Primary application platform will be Microsoft Windows NSA and DISA are playing key roles in mapping these components to military needs

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry20 Social Science Economics, Public Policy and Societal Challenges – From privacy to personal security – Liability and insurance are critical concerns – What are the benefits and costs of security policies? – What are the nature and size of transaction costs associated with security? Digital Forensics and Privacy – Privacy cuts across the trust/security issues that are the focus of TRUST – Common interfaces are needed for specifying privacy requirements – Emphasis on strong audit, selective revelation of information, and rule- processing technologies Human Computer Interfaces and Security – Security problems may arise through the mis-configuration of complex systems – Generally, humans lack many computational abilities that are conducive to securing networks and systems Strengthening standard passwords Using biometric information Using image recognition

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry21 Healthcare Information Technology Rise in mature population - Population of age 65 and older with Medicare was 35 million for 2003 and 35.4 million for 2004 New types of technology – Sensors for elderly assisted living Increased demand for health data – Health information technology Commercial use of health data Current Responses for Technology Assisting Healthcare: – Electronic Patient Records – Telemedicine – Remote Patient Monitoring Table compiled by the U.S. Administration on Aging based on data from the U.S. Census Bureau. United Nations ▪ “Population Aging ▪ 2002” 2050 Percentage of Population over 60 years old Global Average = 21%

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry22 Patient Portal Project Vanderbilt Patient Portal – Electronic healthcare records Include real-time monitoring of congestive heart failure patients – Heterogeneous sensor network for monitoring – Data integrated into patient portal Berkeley ITALH Testbed: seniors in Sonoma – Stationary sensors: Motion detectors, Camera systems – Wearable sensor: Fall sensors, Heart rate or pulse monitors

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry23 LARGE INTEGRATIVE PROJECTS My Health Portals for Electronic Patient Records: Vanderbilt, Berkeley, Cornell (Sztipanovits’ talk) Phishing, Spyware, Identity Theft: Stanford, Berkeley (Mitchell’s talk) Secure Sensor Networks: Berkeley, CMU, Cornell, Vanderbilt (Wicker’s talk) DoD GIG IAS: Cornell, Vanderbilt, Berkeley (Birman’s talk) Cybersecurity Educational Modules: SJSU, Vanderbilt, Stanford (Meldal’s talk)

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry24 ProviderPatient PayerSociety Primary care Specialists Ancillaries Immediate Family Extended Family Community Support Friends Legally Authorized Reps Admin. Staff Claims Processors Subcontractors Clearinghouses Insurers Public Health State Licensure Boards Law Enforcement Internal QA External accreditation orgs Clinical Trials Sponsors Fraud Detection Medical Information Bureau Business Consultants National Security Bioterrorism Detection Healthcare Information Access Privacy and Security Everywhere

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry25 Sensor Networks in Public Places Protecting Infrastructure – Opportunities for embedding sensor networks Transportation Water and Fuel Power Grid – TRUST is emphasizing development of supporting technology for randomly distributed sensors Buildings – Combine surveillance with energy control – Integrate into building materials Open Spaces (parks, plazas, etc.) – Combine surveillance with environmental monitoring – Line-of-sight surveillance technologies

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry26 EDUCATIONAL INITIATIVES Meldal, Sztipanovits and Bajcsy will speak in detail about the repositories, course work development, summer school and other educational initiatives under way Policy, Technology, Psychological Motivations of Terrorism: Maurer (Berkeley), Lazowska (Washington), Savage (UCSD) and Microsoft, Fall – Lampson, “Accountability and Freedom – Varian “Economics and Computer Security” – Maurer “The Third Wave of Terrorism” – Aucsmith “Crime on the Internet” Samuelson, Mulligan, Wicker, and Goldberg: Video Privacy in Public Places? Capacity Building program for HBCU, HIS: Reiter TRUST Summer School (TSS) in June 2006

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry27 Outreach Initiatives BFOIT - Berkeley Foundation for Opportunities in Information Technology SUPERB-IT - Summer Undergraduate Program in Engineering Research at Berkeley - Information Technology SIPHER - Summer Internship Program in Hybrid and Embedded Software Research Pennsylvania Area HBCU Outreach - Historically Black Colleges and Universities Women’s Institute in Summer Enrichment (WISE) to be kicked off in July 2006

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry28 SUMMARY TRUST has been successfully launched: research, education, outreach programs under way Hallmark of TRUST: Grand Challenge Projects – Large Integrative Projects Identity Theft Secure Network Embedded Systems Secure Electronic Patient Records Portal DoD Global Information Grid Security – Education: Large Projects Repositories: Evaluation using Learning Theory Modules for existing courses TRUST Summer School – Outreach: Comprehensive BFOIT, SUPERB, SIPHER Capacity Building Program for HBCU/HSI WISE outreach to women researchers

TRUST, Washington, D.C. Meeting January 9–10, 2006 BACKUPS

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry30 Systems Science TeamsSocial Science Teams Security Technology Teams Software Security Trusted Platforms Applied Cryptographic Protocols Network Security Complex Interdependency Modeling and Analysis Secure Network Embedded Systems Model-based Integration of Trusted Components Secure Information Management Software Economics, Public Policy and Societal Challenges Digital Forensics and Privacy Human Computer Interfaces and Security Integrative Projects Patient Portals VUMC System/Sec CoDesign Boeing+Raytheon Sensor Networks ORNL Education Program Summer School Curriculum Learning Science & Technology Insertion Repository Project Structure

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry31 Example Experiment: Bandwidth-limited Scanning Worm Experiment ICSI and PSU: characterization, modeling and scale- down simulation of Slammer SQL worm’s propagation through the Internet: ICSI+PSU WORM’04 paper. Development of virtual nodes that model the response of sub-networks or whole Internet to a worm attack for the purposes of scale-down – 1/64 th scale Internet Near term activity: – Other worm attack recreations in the near term – Collaborative defenses under test – Large-scale enterprise network simulation

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry32 NEST Final Experiment: Demo

TRUST, Washington, D.C. Meeting January 9–10, 2006"Overview", Shankar Sastry33 Overview of Agenda Schneider “Technology + Policy” Sztipanovits “Patient Medical Records Portals” Wicker “Secure Sensor Networks and Network Embedded Systems Mitchell “PwdHash, Spoofguard, Spyware, Botnets” Birman “Global Information Grid” POSTERS with 3 minute introductions Meldal, Sztipanovits and Bajcsy, Education and Outreach Activities Tygar, Technology Transition Strategy