Dec 14 th, 2005Telecom Italia Strategy Meeting TRUST :Team for Research in Ubiquitous Secure Technologies Strategic and Implementation Plan overview Shankar Sastry (Berkeley), Anna Gatti (myQube), Giuliano Tavaroli (Telecom Italia, Pirelli)

December 14th 2005 Telecom Italia Meeting 2 TRUST worthy Systems More than an Information Technology issue Complicated interdependencies and composition issues – Spans security, systems, and social, legal and economic sciences – Cyber security for computer networks – Critical infrastructure protection – Economic policy, privacy TRUST : “holistic” interdisciplinary systems view of security, software technology, analysis of complex interacting systems, economic, legal, and public policy issues Goals: – Composition and computer security for component technologies – Integrate and evaluate on testbeds – Address societal objectives for stakeholders in real systems

December 14th 2005 Telecom Italia Meeting 3 Coordinated Research Agenda TRUST center will develop and demonstrate science and technology in real-life testbeds. TRUST has long term research objectives but immediate delivery of royalty free tools and testbeds available today. NSF seed funding of $ 19 M (39 M) over 5 (10) years Expected additional support from US Air Force NSF/US State Department would like to make partnerships with key international partners Coordinated research: eleven challenge areas across three key topics: – Security Science – Systems Science – Social Science

December 14th 2005 Telecom Italia Meeting 4 Security Science (1) Network Security – Focused on making the Internet more secure – Challenges Denial of service attacks Spoofed source addresses Routing security – Approaches: Structured overlay networks Better infrastructure Epidemic protocols Simulation and Emulation on DETER testbed (key area for collaboration with Telecom Italia)

December 14th 2005 Telecom Italia Meeting 5 Security Science (2) Trusted Platforms – Composition – Security and Vulnerability – Minimal Software and Hardware Configurations Software Security – Static Code Verification – Dynamic Analysis – Multi-lingual Security – Software Design

December 14th 2005 Telecom Italia Meeting 6 DETER: Cyber Defense Test and Evaluation Research Network Created by National Science Foundation and Department of Homeland Security for testing of network (DDOS, BGP, DNS) attacks and worm defenses in a vendor and user neutral framework

December 14th 2005 Telecom Italia Meeting 7 DETER Testbed Goals Established by Department of Homeland Security and NSF to facilitate scientific experimentation – Establish baseline for validation of new approaches – Made available to industry such as BT, Bell South – Provide a safe platform for experimental approaches that involve breaking network infrastructure – “Real systems, Real code, Real attacks!” Provide access for wide community of users – Create researcher- and vendor-neutral environment (Juniper, Cisco, HP, Foundry, IBM, Sun) – Potential to simulate effects of network attack for Telecom Italia

December 14th 2005 Telecom Italia Meeting 8 Long Term Objectives Create reusable library of test technology for conducting realistic, rigorous, reproducible, impartial tests – For assessing attack impact and defense effectiveness – Test data, test configurations, analysis software, and experiment automation tools Provide usage examples and methodological guidance – Recommendations for selecting (or developing) tests and interpreting results – Test cases and results, possibly including benchmarks Facilitate testing of prototypes during development and commercial products during evaluation

December 14th 2005 Telecom Italia Meeting 9 System Science (1) Complex Interdependency Modeling and Analysis – The nation’s critical infrastructure is intertwined and interdependent. Will begin Power systems, Financial Systems, and SCADA (Supervisory Control and Data Acquisition) networks – Four-fold approach to reducing vulnerability of interdependent systems to disruptive failure Modeling Strategies Analysis Techniques Design Technologies Operational Tools

December 14th 2005 Telecom Italia Meeting 10 System Science (2) Secure Network Embedded Systems – Present unique security concerns Conventional end-to-end approaches break down New code must be propagated throughout the network – Focus areas: Automated design, verification, and validation Secure, composable, and adaptive software – Emphasis on sensor networking technology as high-impact application Berkeley motes, Tiny OS used by hundreds of groups Motes being used by Pirelli for tire monitoring

December 14th 2005 Telecom Italia Meeting 11 The Sensor Network Challenge applications service network system architecture data mgmt Monitoring & Managing Spaces and Things technology MEMS sensing Power Comm. uRobots actuate Miniature, low-power connections to the physical world Proc Store

December 14th 2005 Telecom Italia Meeting 12 Building Comfort, Smart Alarms Great Duck Island Elder Care Fire Response Factories Wind Response Of Golden Gate Bridge Vineyards Redwoods Soil monitoring Instrumenting the world

December 14th 2005 Telecom Italia Meeting 13 NEST Final Experiment: Demo

December 14th 2005 Telecom Italia Meeting 14 Social Science Security vs. Privacy Digital Forensics and Privacy – Privacy cuts across the trust/security issues that are the focus of TRUST – Common interfaces are needed for specifying privacy requirements Allows privacy properties to transfer as information crosses compositional boundaries – Emphasis on strong audit, selective revelation of information, and rule-processing technologies – Research will develop framework for privacy-preserving data mining, identify theft, and privacy-aware sensor networking.

December 14th 2005 Telecom Italia Meeting 15 Sample Application: Use of IT for health in the home Embedded, intelligent sensors as event monitors: – Provide private monitoring and alerting – Can also enable telemedicine functions – Can be used as A personal system: electronic patient records belong to the user! Or integrated with a health care provider system – Smart sensors can/will be easy to install and operate – Will be modular and upgradeable: Learning and/or assimilation technologies that will customize the devices to individuals.

December 14th 2005 Telecom Italia Meeting 16 Health Care Security and Privacy Testbed EECS Network (http) Device being deployed Laptops for emulation of other sensors RS232-Bluetooth “Cable Replacers” Telos Motes Camera phone – Nokia 6670 Communicator – Nokia 9500

December 14th 2005 Telecom Italia Meeting 17 Social Science: Usability Human Computer Interfaces and Security – Security problems may arise through the mis-configuration of complex systems – Generally, humans lack many computational abilities that are conducive to securing networks and systems Research Emphases – Strengthening standard passwords – Using biometric information – Using image recognition

December 14th 2005 Telecom Italia Meeting 18 Some Concluding Remarks TRUST is an excellent point of leverage for Telecom Italia to develop cyber security and trust solutions for wired/wireless infrastructures, emerging critical infrastructures. Long term investment by US Federal Agencies. Initial points of collaboration could be in Network Defense, secure wireless networked embedded systems, trusted privacy, authentication and anti-phishing solutions TRUST software and solutions are available as royalty-free to partners TRUST offers technologists, economists, social scientists and public policy researchers and teachers. Telecom Italia can influence strategic directions and testbed development.