Presentation is loading. Please wait.

Presentation is loading. Please wait.

What can Technologists learn from the History of the Internet?

Published byCassandra Poole Modified over 6 years ago

Similar presentations

Presentation on theme: "What can Technologists learn from the History of the Internet?"— Presentation transcript:

1 What can Technologists learn from the History of the Internet?
Prof. Ravi Sandhu Executive Director and Endowed Chair Department of Computer Science University of Texas at San Antonio Munich Center for Internet Research September 22, 2016 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 What can Security Technologists learn from
the History of the Internet? Prof. Ravi Sandhu Executive Director and Endowed Chair Department of Computer Science University of Texas at San Antonio Munich Center for Internet Research September 22, 2016 © Ravi Sandhu World-Leading Research with Real-World Impact!

3 Cyberspace Characteristics
Cyberspace/Cybersecurity Ecosystem Science Engineering Business/Societal Cyberspace Characteristics Entirely human-made Evolves rapidly and unpredictably Subject to physical, mathematical and technological laws/heuristics © Ravi Sandhu World-Leading Research with Real-World Impact! 3

4 Cyberspace Characteristics
Cyberspace/Cybersecurity Ecosystem Science Engineering Business/Societal Traditional science explains the cause of observed phenomenon Cyber science facilitates the construction of future systems Cyberspace Characteristics Entirely human-made Evolves rapidly and unpredictably Subject to physical, mathematical and technological laws/heuristics © Ravi Sandhu World-Leading Research with Real-World Impact! 4

5 Internet Hourglass Model TCP/IP
© Ravi Sandhu World-Leading Research with Real-World Impact!

6 Internet Hourglass Model TCP/IP
TCP RFC 793 Sept. 1981 IPv4 RFC 791 Sept. 1981 © Ravi Sandhu World-Leading Research with Real-World Impact!

7 The TCP/IP Story A TCP/IP based Internet was not inevitable.
The Internet was supposed to be OSI based. © Ravi Sandhu World-Leading Research with Real-World Impact!

8 The TCP/IP Story TCP and IP have several well known deficiencies but are unlikely to disappear soon IPv6 not withstanding © Ravi Sandhu World-Leading Research with Real-World Impact!

9 The TCP/IP Lesson Agility trumps perfection
© Ravi Sandhu World-Leading Research with Real-World Impact! 9

10 The TCP/IP Lesson Agility trumps perfection Not quite the same as
Good enough trumps perfect © Ravi Sandhu World-Leading Research with Real-World Impact! 10

11 Agility = Good enough for now + Future-proof for uncertain future
The TCP/IP Lesson Agility = Good enough for now + Future-proof for uncertain future © Ravi Sandhu World-Leading Research with Real-World Impact! 11

12 IP Spoofing Story ALLOW GOOD GUYS IN KEEP BAD GUYS OUT
IP Spoofing predicted in Bell Labs report ≈ 1985 Unencrypted Telnet with passwords in clear 1st Generation firewalls deployed ≈ 1992 IP Spoofing attacks proliferate in the wild ≈ 1993 Virtual Private Networks emerge ≈ late 1990’s Vulnerability shifts to the client PC Network Admission Control ≈ 2000’s Persists as a Distributed Denial of Service mechanism Most of these fixes have not changed or extended IPv4 © Ravi Sandhu World-Leading Research with Real-World Impact! 12

13 Internet Security Protocols
SSL/TLS Dozens of other security protocols IPSEC © Ravi Sandhu World-Leading Research with Real-World Impact!

14 Internet Security Protocols
Half successful SSL/TLS Dozens of other security protocols IPSEC Largely failed Some successes Many failures © Ravi Sandhu World-Leading Research with Real-World Impact!

15 SSL (Secure Sockets Layer)
© Ravi Sandhu World-Leading Research with Real-World Impact!

16 1-way vs 2-way SSL Client 1-way SSL Server (Browser) Client 2-way SSL
© Ravi Sandhu World-Leading Research with Real-World Impact!

17 1-way vs 2-way SSL Client 1-way SSL Server (Browser) INSECURE Phishing
Man-in-the-middle Client (Browser) Server 2-way SSL SECURE Phishing Man-in-the-middle © Ravi Sandhu World-Leading Research with Real-World Impact!

18 1-way vs 2-way SSL Client 1-way SSL Server (Browser) INSECURE Phishing
Man-in-the-middle MASS DEPLOYMENT Client (Browser) Server 2-way SSL SECURE Phishing Man-in-the-middle MINIMAL DEPLOYMENT © Ravi Sandhu World-Leading Research with Real-World Impact!

19 The SSL Lesson Client-less trumps client-full
Start-ups (SSL) trump committees (IPSEC) © Ravi Sandhu World-Leading Research with Real-World Impact! 19

20 Summary Agility trumps perfection Client-less trumps client-full
Start-ups trump committees © Ravi Sandhu World-Leading Research with Real-World Impact! 20

Download ppt "What can Technologists learn from the History of the Internet?"

Similar presentations

Sandhus Laws of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio Chief.

Sandhus Laws of Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio Chief.
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
1 Laws of Cyber Security Ravi Sandhu Executive Director and Endowed Professor September 2010

1 Laws of Cyber Security Ravi Sandhu Executive Director and Endowed Professor September 2010
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010

1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013

1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11

1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015

1 Privacy and Access Control: How are These Two Concepts Related? Prof. Ravi Sandhu Executive Director and Endowed Chair SACMAT Panel June 3, 2015
1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair

1 Cyber Security Grand Challenges and Prognosis Prof. Ravi Sandhu Executive Director and Endowed Chair
INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.

INSTITUTE FOR CYBER SECURITY 1 Cyber Security: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012

1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011

1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, 2013 © Ravi Sandhu.

1 The Quest for Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 8, © Ravi Sandhu.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, 2013 © Ravi Sandhu.

1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.

Similar presentations

Ads by Google