The Unwired Society: Flexible and Robust but Dangerously Vulnerable Jan A Audestad Senior adviser, Telenor Corporate Management Professor, Norwegian University.

Slides:

Advertisements

Similar presentations

Distributed Data Processing

Advertisements

Scale Free Networks.

INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

VL Netzwerke, WS 2007/08 Edda Klipp 1 Max Planck Institute Molecular Genetics Humboldt University Berlin Theoretical Biophysics Networks in Metabolism.

Internet, Intranet and Extranets

Internet Topology Caterina Scoglio KSU. Why need for Internet Topology models To evaluate performance of algorithms and protocols Realistic models at.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.

The structure of the Internet. How are routers connected? Why should we care? –While communication protocols will work correctly on ANY topology –….they.

1 Sensor Networks and Networked Societies of Artifacts Jose Rolim University of Geneva.

Peer-to-Peer and Grid Computing Exercise Session 3 (TUD Student Use Only) ‏

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Small Worlds and the Security of Ubiquitous Computing From ： IEEE CNF Author ： Harald Vogt Presented by Chen Shih Yu.

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

Overview Distributed vs. decentralized Why distributed databases

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

The structure of the Internet. How are routers connected? Why should we care? –While communication protocols will work correctly on ANY topology –….they.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Error and Attack Tolerance of Complex Networks Albert, Jeong, Barabási (presented by Walfredo)

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Chapter 10: Authentication Guide to Computer Network Security.

INTERNET OF THINGS SUBBAIYA VASU UDAYARAJAN UOTTAWA CSI 5169 WIRELESS NETWORKS AND MOBILE COMPUTING SUBMITTED TO: PROFESSOR STOJMENOVIC.

Large-scale organization of metabolic networks Jeong et al. CS 466 Saurabh Sinha.

(Social) Networks Analysis III Prof. Dr. Daning Hu Department of Informatics University of Zurich Oct 16th, 2012.

Securing Information Systems

SEC835 Database and Web application security Information Security Architecture.

NW Security and Firewalls Network Security

Information Assurance... Smart Card Interoperability Steve Haynes Phone

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

Today’s Lecture Covers < Chapter 6 - IS Security

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Clustering of protein networks: Graph theory and terminology Scale-free architecture Modularity Robustness Reading: Barabasi and Oltvai 2004, Milo et al.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

ACM 511 Introduction to Computer Networks. Computer Networks.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Lecture 10: Network models CS 765: Complex Networks Slides are modified from Networks: Theory and Application by Lada Adamic.

Ad Hoc Network.

IT 606 Computer Networks (CN). 1.Evolution of Computer Networks & Application Layer. 2.Transport Layer & Network Layer. 3.Routing & Data link Layer. 4.Physical.

Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic.

Brief Announcement : Measuring Robustness of Superpeer Topologies Niloy Ganguly Department of Computer Science & Engineering Indian Institute of Technology,

Computer Security By Duncan Hall.

Overview of Wireless Networks: Cellular Mobile Ad hoc Sensor.

Computer threats, Attacks and Assets upasana pandit T.E comp.

Challenges of Mobile ad-hoc Grids and their Applications in e-Healthcare Zhuoqun Li, Lingfen Sun and Emmanuel C. Ifeachor School of Computing, Communications.

SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Netlogo demo. Complexity and Networks Melanie Mitchell Portland State University and Santa Fe Institute.

Electronic Banking & Security Electronic Banking & Security.

Securing Interconnect Networks By: Bryan Roberts.

Algorithms and Computational Biology Lab, Department of Computer Science and & Information Engineering, National Taiwan University, Taiwan Network Biology.

Chapter 1 Characterization of Distributed Systems

Date: April. 13, Monday Evening.

Overview of Wireless Networks:

Security of a Local Area Network

Computer communications

Introduction to Networking Security

Presentation transcript:

The Unwired Society: Flexible and Robust but Dangerously Vulnerable Jan A Audestad Senior adviser, Telenor Corporate Management Professor, Norwegian University of Science and Technology Professor, Gjøvik University college

2 The grand picture 1: Size of computer infrastructure 1 billion personal computers Between 1000 and billion CPUs Most of them are autonomous –Sensors, accessories, terminals, smart cards, factories, utilities, vehicles, aircraft, infrastructure, RFIDs … They are ubiquitous –Industrial and societal management, work processes, logistics, transport, banking and finance, production and dissemination of information, entertainment … They are interconnected – directly or indirectly They are getting more and more mobile

3 The grand picture 2: The disruptive history of ICT Simplicity Transition Complexity % Dependence on ICT Interconnectivity of CPUs # of CPUs Computational power factor of increase

4 Texas Instruments: Reality – not fiction

5 The grand picture 3: Network upon network upon network ? billion? billion? Not just one network but many (web, , banking…)

6 Characteristics Vertical independence Independent growth and evolution Independent dynamics Stochastically independent Independent complexity Two things in common: Scale-freeness (or thick-tailedness) Small-worldness: short distance between pages on the web (about 20 mouse-clicks), few routers in any connection between CPUs

7 Scale-free graphs Discovered by Albert and Barabási in 1999 First comprehensive theories Natural growth algorithms –E.g., add one new node and connect it to a previous node with probability proportional to the degrees of that node Degree g  # of links (  5) Nature: metabolism, food web, sex, AIDS… Social: influence, co-ownership, co-authorship… Technical: internt, web, …

8 Characteristics of scale-free networks Degree distributed as g  (  is constant). (In ordinary random graphs, degree is Poisson distributed.)  thick-tailed distribution  large probability for large g In the previous example:   2  average degree   ! log(#) log(degree) (  ) Scale-free Ordinary random

9 Structure of scale-free graph Some nodes are more important than other: search engines on the web, companies with large address lists, large banks, politically influential people. These nodes are called hubs.

10 Random attack Take away random nodes and the network is still connected

11 Targeted attack If the hubs are attacked, the network disintegrates

12 Observations Scale-free networks are robust against random attacks –This is why they are so frequent in nature – nature is random. Internet is very robust by design Scale-free networks are very vulnerable for targeted attacks –The ICT infrastructure is vulnerable because an adversary may find out how it looks like and direct the attack against the hubs Scale-free networks are thus structurally vulnerable!!

13 Protection of society Fault avoidance –Firewalls, access control –Protects against the known but not the unknown –Does not protect the structure of the network Fault tolerance –Automatic recovery (restart, reboot, checkpointing), isolation, redundancy, degeneracy –Identify ICT dependence of infrastructures and remove/reduce structural vulnerability by –identifying the network structures at all layers –reshaping one or more of these structures

14 Structure of physical network Internet Access Fixed Mobile 100% Fixed vs mobile Access# Internet Growth

15 Effect on vulnerability Number of CPU accesses increasesMore contamination points Increasing mobility Every access is a potential contamination point More contamination relations Scale-freenessNo epidemic threshold

16 From fixed to mobile periphery Our own devices: who is inside and who is outside the local system? With whom do we communicate and how?

17 Three fundamentally different accesses CPU access to physical network –this is what we usually understand by access –Based on user and terminal characteristics CPU access to other CPUs –This is what actually happens –IP security (confidentiality) Access to software (applications) –This is what we want! –And actually gets! –User profile access screening –TCP security (confidentiality, integrity)

18 What the user wants from wireless access systems Openness –allowing easy access to as many networks and applications as possible Security –against fraud, damage, theft, misuse etc Anonymousness –access without disclosing identity –Untraceability Accountability –prove that transactions took place as specified (non- repudiation) The first easy to build into the system – the other three difficult

19 What the designer and the operator must provide Secure protocols between CPUs Tamper-resistant electronics for storing profiles and encryption/authentication keys in devices Device identification and access profiles Platforms allowing user profiles (e.g., access rights) to be stored in secure databases that are accessible by the network or remote CPUs Protocols and algorithms that ensure both anonymity and accountability This must be built into the design and not fitted afterwards!!!

20 … in an environment with these characteristics Supporting a versatile set of applications with several levels of security requirement and operating characteristics Autonomous creation and reconfiguration of network topologies Automatic presence detection, and autonomous connection and verification of devices Automatic enforcement of security profiles Automatic restoration after failures