1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.

Slides:



Advertisements
Similar presentations
Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
Advertisements

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Security Challenges for Future Internet Design Cybertrust PI Meeting Breakout.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Self-Managing Anycast Routing for DNS
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
GETS Transformation Kick Off Active Directory and Blackberry Migration Firewall and Network Changes 04/21/
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Security+ Guide to Network Security Fundamentals
Building a Successful Security Infrastructure
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Controlling access with packet filters and firewalls.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.
© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Challenge: Securing Routing Protocols Adrian Perrig
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.
Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Adapted from the original presentation made by the authors Reputation-based Framework for High Integrity Sensor Networks.
DTN Research Challenges Vint Cerf MCI March 1, 2005.
High-integrity Sensor Networks Mani Srivastava UCLA.
Module 11: Designing Security for Network Perimeters.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Ad Hoc Network.
Security in Cloud Computing Zac Douglass Chris Kahn.
Security fundamentals Topic 10 Securing the network perimeter.
Concerns with Network Research Funding S.Floyd & R. Atkinson, Editors Internet Architecture Board draft-iab-research-funding-02.txt.
1 INTRUSION TOLERANT SYSTEMS WORKSHOP Phoenix, AZ 4 August 1999 Jaynarayan H. Lala ITS Program Manager.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
IS3220 Information Technology Infrastructure Security
SECURE MANET ROUTING WITH TRUST INTRIGUE Prepared By: Aditya Kiran R.S Mangipudi Srikanth Gadde Varun Mannar.
Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Network Devices and Firewalls Lesson 14. It applies to our class…
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Presented by Edith Ngai MPhil Term 3 Presentation
CompTIA Security+ Study Guide (SY0-401)
Intrusion Tolerant Architectures
CompTIA Security+ Study Guide (SY0-401)
Seraphim : A Security Architecture for Active Networks
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
Session 5: Securing Home Networks Conclusions & Recommendations
Cross-layer Analysis for detecting Wireless Misbehavior
Challenges Of Network Security
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Hari Balakrishnan Hari Balakrishnan Computer Networks
Presentation transcript:

1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song

2 Everybody Understands Need for NGSI  Webby award Annual award for achievement in Web creation Recipients get five words only for their acceptance speech Vint Cerf: “We all invented the Internet”  Al Gore received Webby award this year Responsible for spearheading critical legislation and providing much-needed political support Speech: “Please don’t recount this vote” “It is time to reinvent the Internet for all of us to make it more robust and much more accessible and use it to reinvigorate our democracy”

3 Background  Internet designed for trustworthy environments Goal was to provide efficiency, scalability, robustness assuming a benign environment Fact: Internet protocols vulnerable to attacks, e.g., BGP, DNS, TCP/IP, … Hosts are even worse  Today: businesses, government, society rely on Internet  As of January 2005: 317,646,084 hosts (isc.org) Not all of them are benign!

4 Attacker/Trust Model  Any network node may be compromised Endhosts – Including network management and operations machines Routers and other network elements Different impact when a network infrastructure element is compromised  Compromised nodes may collude

5 NGSI Security Requirements  A desired outcome of this workshop is to establish list of desired NGSI security properties  Main security requirement is availability Need availability of forwarding service, configuration and management services, etc., even in face of DDoS attacks Fast recovery/convergence after perturbations  Other security properties can usually be implemented end-to-end Confidentiality (data, topology, identity, …) Integrity (data, routing info, forwarding path, …)

6 Networking Functional Planes  Control plane Function: route set up and signaling Requirement: accuracy, consistency, convergence  Data plane Function: packet forwarding Requirement: availability, resilience to control plane vulnerabilities  Management plane Function: configuration and monitoring Requirement: availability

7 Security Approaches  Prevention Harden protocol itself Eliminate attacks at design time  Detection and recovery Monitor behavior of participants Upon detection of misbehavior: eliminate malicious nodes, restore functionality  Resilience Graceful performance degradation in the presence of compromised nodes and hosts  Deterrence Provide legal disincentives

8 Sample Control Plane Design Points  [prevention] Cryptographic primitives to prevent routing information falsification  [prevention] Leveraging trusted computing technology Example: help implement secure routing  [detection] Lightweight intrusion detection  [resilience] Various redundancy mechanisms for survivability  [deterrence] Trace intrusions

9 Sample Data Plane Design Points  [prevention] Infrastructure-enforced flow regulation  [prevention] Network firewalls / network filter infrastructure  [detection] Data plane intrusion detection  [resilience] Secure source-controlled routing  [deterrence] Persistent network identity to assist forensic inquiries  [deterrence] Trace and/or identify data origin

10 Sample Management Plane Design Points  [prevention] Isolated configuration channels provide resistance to flooding and packet injection attacks  [detection] Detect password-guessing attacks on network devices (hopefully we won’t base authentication on passwords only!)  [resilience] Tolerate misconfigurations

11 Design Considerations  What design considerations should we recommend to community?  Sample guidelines Minimal trust? Small router state? Minimal network layer functionality? Favoring prevention over detection/recovery over resilience over deterrence? Facilities for deterrence, while protecting privacy?

12 Conclusion  For next-generation secure Internet, build security into every component at every level Redesign protocols with security as a central design requirement Utilize comprehensive security approach, leveraging prevention, detection/recovery, resilience, and deterrence Consider social aspects: ease-of-use, privacy

13 Workshop Report Format  Workshop goals Build community consensus for need of a next-generation secure Internet (NGSI) Establish requirements for NGSI Explore problem space Identify promising research directions Recommendations to NSF and community  Structure of each report section on topic X Properties NGSI should provide for X Challenges and design considerations Potential approaches and methods

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.