information security research in india - ministerio economía · disclaimer • this presentation...
TRANSCRIPT
Indo-Spain, MICINN-DST Joint Workshop on Information and Communication Technologies
June 3-4th, 2010, IISc Bangalore
Information Security Research in India
N. Balakrishnan and CE Veni MadhavanIndian Institute of Science
Bangalore
DISCLAIMER• This presentation is based on the
combined contributions of the teams from Academia and Government Research Laboratories in India
• It is not exhaustive nor is it a complete list of achievements
• Any omission is unintentional• Purpose is to seek more inclusive
participation from every one.
3
Key Initiatives• Security Policy, Compliance and Assurance
– IT Act, 2000– IT (Amendment) Bill, 2006 , 2008– Data Protection &
Computer crimes– Best Practice ISO 27001– Security Assurance Framework for IT Industry
• Security Incident – Early Warning & Response– CERT-In National Cyber Alert System– Information Exchange with international CERTs
• Security training / Capacity building– Skill & Competence development– Domain Specific training – Cyber Forensics– Awareness
• Creation of the Data Security Council of India• Creation of National Internet Exchange• Research & Development
Cyber Security Strategy – India
Information Security Education and Awareness Activities:
MCIT, DSCI, CDAC, IISc, IITs and other academic Institutions
Capacity Building Activities
Leading to Starting of
Outcome related
activitiesOutcome
Introduction of Information Security Curriculum (Long-Term & Short-Term Courses) & Education Exchange Programme
Capacity building activities:Identify RCs/PIs & sign MoUCourse design, Syllabus design Setting up of Information Security
Labs at RCs/PIs Conducting Faculty Training
ProgrammesPhD Scheme Travel Fellowship Scheme for
attending conferences, paper presentation, workshops, etc.
Learning Material Development on specified topics.
Organising International Conferences Bilateral cooperation with foreign
institutes Accreditation of Courses offered by
RCs and PIs with Foreign Universities/ Institutes
Outcome related activities: Launch of courses by RC/PI
i) Introduction of Information Security Curriculum viz.:New course on M.Tech. in Info. SecurityM.Tech. in Computer Science with specialisation in Info.
SecurityM.Tech. in Electrical/ Electronics/ Communication/
Computers disciplines retrofitted with Info. Security courses
B.Tech. in Electrical/ Electronics/ Communication/ Computers disciplines retrofitted with Info. Security courses
PhD programme in Info. Security ii) Training of System Administrators:
2-Semester Post Graduate Diploma in Info. Security1-Semester Certificate Course in Info. Security6-week Short-Term training programme in Info.
Security (by RCs only)2-week Short-Term training programme in Info.
Security (by PIs)
Outcome:
Qualified IT security professionals for Industry/ Government.
Process of Implementation for Academic Activities
Capacity Building/ Initial
ActivitiesLeading to Starting of
Outcome related
activitiesOutcome
Process of implementation for Government Officers Training
Capacity building activities:• Sign MoU with Implementing Agencies• Train Master trainers at ISTM, IISc & CMU-USA• Create Infrastructure for training• Course design, Syllabus design• Development of Modular Learning Material
Outcome related activities:Launch of courses byImplementing Agencies
Outcome:Secured IT environment in Government offices.
CERT-IN Vision
• To become the premier Reference and Specialist Centre in Security of Communications and Information Technology in the Asia-Pacific Region.
Mission
• To enhance the security of India’s Communications and Information Technology Realm through proactive action and competent collaboration.
9
CERTIN roles
• Track attacks
• Work with the vendors to develop speedy remedies
• Work with the sys admins and CIOs to create awareness
• Send out periodic advisories
• Empanel vendors for certification
• International collaboration
• Developed extensive capabilities in analysis of individual attacks
• Generate statistics and trends in Cyber attacks on Indian Websites
• Analyze and create awareness about DDOS, BOTS, Phishing etc
Int’l Co-op: Cyber Security DrillJoint International Incident Handling Coordination
Drill
• Participated APCERT International Incident Handling Drill 2006
• Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs
• Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack
• Participated APCERT International Incident Handling Drill 2007
• Participants: 13 APCERT Members + Korean ISPs
• Scenario: DDoS and Malicious Code Injection• To be Model: World Wide Cyber Security
Incidents Drill among security agencies
DATA SECURITY COUNCIL OF INDIA (DSCI)
Vision• India as the Most Secure Country for Data and Intellectual Property.Mission statement: • To enable Indian IT/ITES organizations to provide high standard of
security and data protection for customer information • To create awareness among industry professionals and other
stakeholders about security and privacy issues• To develop an appropriate security and data protection standard for
the Indian IT/ITES industry • To build capacity to provide security certification for organizations • To create a platform for promoting sharing of knowledge about
information security and foster a community of security professionals• To create an emergency response team for any crisis affecting IT
systems in the Indian industry
Research on Social And Anti-Social Network Analysis-Machine Learning and IS
Question :1
Can you track the Social Network of Hackers and establish their Modus
Operandi
Approach
• Track all hackers• Classify the attacks based on the Hacker Group,
the Operating System, Sophistication of the Attacks, Sophistication of the web administrator, messages left by the hackers after defacement.
• Clear modus operandi leading to the understanding of ability of the hacker groups, their sophistication levels, preference to the OS, motives for attack
• Possible link of the attacker groups to the social groups through event analysis- Question- 2
Gforce Attack: An example of extremely offensive and threatening messages
QUESTION 2:CAN WE PREDICT THE
RELATIONSHIP BETWEEN THE SOCIAL NETWORKS IN THE CYBER SPACE WITH THE SOCIAL NETWORK IN
THE REAL WORLD ?
Question3: Can we track the formation of Social Networks in the real world through
Open source intelligence
• May 13, 2008 – 9 bomb blasts – Jaipur• July 25, 2008 – 8 bomb blasts - Bangalore• July 26, 2008 – 17 bomb blasts – Ahmedabad• September 13, 2008 – 5 bomb blasts - Delhi• September 29, 2008 – bike blasts in Malegaon• October 30, 2008 – Assam bomb blasts• November 26, 2008 – Coordinated attack in
Mumbai
Approach• Mine the data for all information about the
terrorist groups• Mine the open source data for all information
about the persons involved with the incidents• Draw the temporal Social Network• Understand the Transitions• Establish the complete Social Network for
visualization• Establish the hierarchy of social networks• Compare with what is available officially• Great correlation !!
Question 4:Can you predict the Crisis in a
Social Network ?
Applications of Social Network Analysis to Community Dynamics
has become an important topic for tracking of the formation of
socially relevant and important as well as anti-social elements
Organizational Crisis Detection from Email Communication
• Objective– Does the e-mail communication reflect the
escalating crisis in Enron?– Does the change in informal networks reflect the
events leading to crisis?
• Suitability of Enron– Real world organization– Faced a survival threatening crisis– Temporal record of email communication– Identification of critical events leading to the crisis
Monthly Performance of SNC Vs Enron Events
Research Goals• Study of informal networks along with the structural
hierarchy can provide a signature to the e-mail communication patterns during a crisis
• Developing dynamic models can lead to a better understanding of the causes of and response to an organization failure or its dynamics or the onset of crisis
• One could identify the formation of socially relevant or anti social networks and their life span
• Evolution, Crisis and sustenance of social and anti social networks in the cyber space, in real world through the cyber activity and their inter relationship
Why do we study these ?
• Can we extend these ideas to detect the evolution of hacker communities
• Can we extend these to understanding their modus operandi and the inter relationship between hacker communities and Social groups- between Social groups in the real world and in the cyberspace
PREY- PREDATOR THEORY TO UNDERSTAND THE ECOSYSTEM OF ATTACKERS AND SECURITY TECHNOLOGIES.
ESTABLISH THE MINIMUM ACCURACY NEEDED FOR THE INTRUSION DETECTION SYSTEM
USE ML TO IMPROVE IDS ACCURACY
BUILD IDS BASED ON SENSOR FUSION
Improving the Accuracy of IDS- the need and the approach
• Machine Learning for anomaly Detection
• Use of Collocation Kernel and Sequence Kernel for Intrusion Detection
• Modeling Attack- Detector Scenario using Predator-Prey Models to establish the need for improved performance IDS
• Data Skewness in Traffic• Combining Multiple IDSs using Sensor
Fusion to enhance performance using Modified Dempster-Shafer Theory
Intrusion Detection Systems
Data-Dependent Decision fusion
• Computation of thresholds couples the choice of the local decision rules
• System-wide performance is optimized, rather than the performance of the individual detector.
IDS2
Input (x)
Output (y)IDS1 IDSn
Neural Network Learner
Fusion
UnitS1 S2 Sn w1
w2
wn
Enhanced Performance with fusion IDS
Anomaly detection with Collocation kernel
• More challenging than intrusion detection with system call traces– Unix shells provide a very rich interface– Highly noisy data– Users change their behavior
• Straightforward application of previous techniques lead to bad results.
• Augmented the collocation kernel.
Anomaly detection with user profiling
Indian R & D 1. Indian Statistical Institute, Kolkata:
– very strong group of 4 faculty and 10 scholars working in design and analysis of stream ciphers, boolean functions, hash fucntions, combinatorial design based crypto, visual cryptography, provable security, elliptic curve pairing theory Responsible for bringing the now established Indocrypt conference series since 2001 (comparable to Crypto and Eurocrypt conferences)
2. Institute of Mathematical Sciences, Chennai:– computational number theory, algebraic geometry and their implications to
cryptography, computational complexity theory3. IIT Kanpur
– arithmetical and algebraic algorithms; the famous "Primes is in P" result showing that there is an elegant deterministic polynomial time algorithm for primality testing of integers secure o/s standards for smart cards
4. IIT Chennai– secure multi-party computations, distributed secret sharing secure hardware
implementations of block, stream ciphers5. IIT Kharagpur
– hardware (FPGA, VLSI) implementations resistant to side-channel cryptanalysis such as power, fault attacks; elliptic curve, cellular automata in hardware
R & D Continued1. C-DAC Bangalore : cryptanalytic computations on grid
environments2 DRDO - SAG: cryptanalysis of stream and block ciphers,
DRDO - CAIR : design, implementation and interfacing of crypto to military communication systems
3. C-DAC Kolkata : steganalysis4. university departments - Coimbatore (PSG Tech)-
genetic algorithms for analysis of text based ciphers5. IIT Kanpur on Secure OS for Smart card and E-Passport
applications
• IISc- survivable and secure storage systems
• IISc- IDS, IPS, Network traffic monitoring and analysis, Wireless Security, Social Networks, Fused Analysis, Sensor Fusion
• C-DAC Bangalore - intrusion detection systems
• C-DAC Noida - print and paper security -digital watermarking
• C-DAC Trivandrum - cyber forensics
Payment(s)
Authorization
Payment System Provider (PSP)
Deposit(s)
Highly Suited for India
Micro-payment
46
Prototypes
SMSCrypt – secure exchange of messages between mobile handsetsMicroPay – m-commerce on a micro level using secure communications and NFCSecuVoice – encrypted voice communication via VoIP on mobileLanguage-independent information dissemination using NFCLocation based services in tourism
• Non Cooperatve Cell phone location Identification
The national InitiativeBy
the Department of Science andTechnology (GOI)
• There are five tracks that are covered :They are1. Technologies for Material Detection2. Sensors for Homeland Security3. Information Security4. Observational and surveillance Technologies5. Large Scale Data MiningWe welcome the Participation by Spain
CONCLUSIONS• The Indian Security problem has many challenges• With the Spain, we would like to collaborate to learn
about the challenges and most suitable standards and practices
• Techniques for securing, pre testing, assurance of safe to connect paradigms of Hardware, Software and IT Products that could not only inter operable, tamper proof but also misuse proof.
• Analysis of Intrusions, Annihilating Botnets and Social Malware are of interest
• Secure Processor Design, Certification and Training