11
New Generation of Trusted Technologies
Claire VishikMarch 2014
Outline
Connected environment
Towards trust-based technologies with built in security & privacy
Towards users with good understanding of technologies
Global environment; research & practice
2
Ubiquitous connectivity
Devices & appliances Services, infrastructure
- Shopping, education, banking, electrical systems, consumer
appliances, health, trasportation,- Organizations, etc.
Areas
Adapted from Ericsson
2009 2010 20150
2,000
4,000
6,000
8,0006,522
New Era for Computing
2009 2010 20150
500
1,000
1,500 1,300
2009 2010 20150
5001,0001,5002,0002,500 2,311
Source: Cisco Visual Networking Index
MB
/Mon
th
*Forecast
Average Traffic per
SMARTPHONE
Average Traffic per
TABLET
Average Traffic per
LAPTOPM
B/M
onth
MB
/Mon
th
*
*
*
2.5 Billion Connected
Users by 2015
>10 Billion Connected Devices By
2015
60 Exabytes Data Stored
66%Video
40% Video
2015 Mobile TrafficMobile Traffic Today
3600 PB/month
90 PB/month7M paid video
subscribers
700M paid video subscribers
~40x
New Usage Models
• Multiple uses for the same devices & process
• Identical uses for different processes
• Casual and formal environments merge
• Diverse business and economic models overlap
• Interaction increases in all environments
• Barriers to entry are reduced, but the environments and processes gain complexity
Source: Stanford (adapted)
New trust and security problems
Arising in (examples): Supply chain
Industrial systems
Internet of things
Mobile devices
Arising through (examples): New usage models
Economic developments
Geopolitical issues
“We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises.”3
—Tom Gillis, Vice President and General Manager, Cisco Security Products
Cybercrime is Funding Organized CrimeCybercrime has been so profitable for organized crime that the mob is using it to fund its other underground exploits. And U.S. law enforcement is reaching around the world to reel it in.2
Tools to perform security attacks are readily available and increasingly efficientThe tools are increasingly adapted to the intended environments
Threat Environment
Threats are more sophisticated and professional
New threats from:
• Social networking
• Drive-by downloads
• Mobile & CPS devices
• Hardware and firmware attacks
• Virtualization attacks
• Power management tools
• Home automation
Example: Home Automation Kohno & Denning, 2013
Technically savvy burglars could identify houses with expensive, easily resold items.
Adversaries can also target technologies with new capabilities,– accessing video and audio– unlocking doors– disabling home security,– tampering with healthcare – interfering with home appliances and utilities
New approaches are needed to supplement available mechanisms
Outline
Connected Environment
Towards trust-based technologies with built in security & privacy
Towards users with good understanding of technology
Global environment, research & practice
9
Trust and Trust Evidence
Research on improving trust anchors or point solutions seems no longer sufficient– Most processes today are cross-domain and dynamic, with
devices and participants leaving and joining domains– Devices, networks, and applications are increasingly
complex
If all trust anchors were implemented successfully, the ecosystem still would not be secure
We need mechanisms to produce, verify, transmit, share, and consume dynamic evidence of trust among the components of the ecosystem
Wang, Y. and Singh, M. P., 2010: Trust Definitions Trust is belief about future actions
– Reflects the trusting party’s belief that the trusted party will support it
– In computing, it affects decisions made by one or more participants, subject to two constraints:• Ability to predict each other’s behavior• It doesn’t work well in anonymous systems
Current approaches emphasize identity– E.g., by presenting a certificate, with the assumption that
the verification process is robust and valid
Reputation based trust permits us to look at graduated trust values
Other Trust Definitions
Ban Al-Ani, Erik Trainer, David Redmiles, Erik Simmons, 2012– Trust can be defined in terms of one party’s expectations
of another, and the former’s willingness to be vulnerable based on those expectations.
Jingwei Huang and Mark S. Fox, 2007– Trust is established in interaction between two entities and
any one entity only has a finite number of direct trust relationships.
– Some types of trust have to be transitive
13
What the developers need to knowif they develop for every use case
Intent of all other developers
Legacy integration
Software environment
Future device
architectures
Economic & regulatory
requirements
Composite threat picture
Usability & performance tradeoffs
Current and potential use models
Networking environments
Incomplete list of issues…
14
Trust Indicators (Trust Evidence) • Broadly applicable indicators that provide evidence
that a system, network, device or application are trustworthy and have preserved their integrity– Examples include:
– Results of certification or self-certification; data quality (for medical devices), risk parameters, development process, attestation results, device, network, and user identification, adherence to baselines
– Typically machine readable, ideally quantitative– Quantitative models for trust are reputation based or based on
statistics for deviations,e.g.,Tian Liqin et al. 2006
– Could be communicated through trust language and trust protocols
15
Potential research topics
Broadly applicable trust indicators, trust language, intent semantics, and protocols that can use them1
Dynamic discovery of trustworthy environments & related topics 2
Dynamic integrity and authenticity measurements3
Risk-based flexible policy enforcement mechanisms4
Hardware and software instrumentation for trust monitoring 5
Trust infrastructure6
Cross domain trust7
Economics of trust and economic incentives for implementers8
16
Vision for future environment
• Security & privacy become part of core functionality in hardware and software
• Designed-In-Security (DIS) process is formulated to be adapted diverse use cases and short product lifecycles
Foundational security &
privacy
• From secure elements to security & privacy view for complete systems and the ecosystem
• Deep understanding of mutual influence of components of ecosystem for all use cases
Innovative threat models
• Dynamic models for threats and mitigations that are cross-cutting and broadly applicable
• Deep understanding of societal factors
Extensible framework
and composite
view
17
…and new generation of technology professionals
• Understanding of technology and non-technical issues (law, economics, psychology, usability)
• Ability to formulate technology problems in context
Multi-disciplinary background
• Background that forms a foundation for life-long learning
• Training and education methods that can quickly pinpoint and remedy gaps
Ability to adopt new
work processes
• More flexible work processes that enable technologists to join and leave teams as needed while preserving accountability
• Ability to define and discover critical skills in the technical community in order to focus development and design processes
Lifetime skill
acquisition
Outline
Connected Environment
Towards trust-based technologies with built In security & privacy
Towards users with good understanding of technologies
Global Environment, Research & Practice
18
19
What the users need to knowif they try to understand devices and applications
Application & network
ownership
Data movements
All software on their devices
Security& privacy
features of each device
Regulatory requirements
Information they share
Optimal configuration for each device, application, activity
Security models used
Networking environments
Incomplete list of issues…
20
New approaches to user awareness: vision
• Indicators are available to detect potential security & privacy impacts of electronic activities, especially in new contexts
• No specialized knowledge required to understand implications
Consequences of activities
are clear
• Key security & privacy features are enabled by default, configuration choices are clear and linked to usage
• Configuration choices address composite view of the platform and of using multiple devices
Education systems
provide solid technical
background
• Education systems enable everyone to understand basic features and operations of ICT systems
• Mechanisms for updating knowledge and obtaining additional information are in place
Foundational features
enable security & privacy
Outline
Connected Environment
Towards trust-based technologies with built-in security and privacy
Towards users with good understanding of technologies
Global Environment, research & practice
21
22
Global EnvironmentICT environments operate globally
Cloud computing
Distributed data
International workforce
R&D collaboration
Diverseregulatory &
legal framework
Varied technology adoption models
Different education systems
Different lifestyles and living standards
ConvergentNetworks
Incomplete list of issues…
23
Practical and theoretical aspects of research• Perceived or real disconnect between “real life
problems” and theoretical research caused by (a few examples):– Differing tactical goals– Increasing specialization of research – Decreasing product development cycles– Multidisciplinary nature of many hard problems– Limited access to real life data and operational environments– Lack of broadly applicable technology transfer approaches
• Increased awareness (examples):– Commercialization and transition to practice– “Real life” conferences and workshops, e.g., real life cryptography– Funded programs to support mechanisms for industry and
academic collaboration– Industrial advisory boards– Private/public partnerships
24
Vision for future collaboration (sample ideas)
• Ability to pursue ecosystem-wide initiatives leading to broadly applicable solutions
• Ability to work on focused context-driven research
• Deep understanding of mutual influence of components of ecosystem for all use cases
Ecosystem-wide and
niche problems
(end-to-end)
• Ability to realign as needed at different stages• Ability to assess potential for adoption and
innovation impact at early stage• Ability to quickly build focused short and long
term research partnerships
Agile and responsive research
teams
• Dynamic multi-disciplinary collaboration models• Initiative and project re-alignment based on
results and innovation in other area• New usage models and technologies considered
simultaneously
Flexible mechanisms for private-
public collaboration
2525
Thank you!
• Questions?