Cybersecurity R&D Themes - Current Activities
Views: 134
Replies to This Discussion
-
Permalink Reply by Russell Cameron Thomas on -
The best way to engage with current research activities and to influence future research projects is to get involved in existing conferences and workshops. I suggest that NITRD send participants or panel members to each of these conferences. Going further, NITRD might play a role as co-sponsor (see below).
Regarding Cyber Economic Incentives, I'll suggest four conferences:
1. Metricon 5.0 (organized by securitymetrics.org), Aug 10, 2010; Washington DC -- http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon5.0
2. Workshop on Economics of Information Security (WEIS) -- http://weis2010.econinfosec.org/
3. International Workshop on Security Measurement and Metrics (MetriSec), Sept 15, 2010; Bolzano-Bozen, Italy -- http://www.cs.kuleuven.be/conference/MetriSec2010/
4. Workshop on the Economics of Networks, Systems, and Computation (NetEcon '10), October 3, 2010, Vancouver, BC, Canada -- http://www.usenix.org/events/netecon10/cfp/
I can help you organize a panel for Metricon 5.0
There is a unique opportunity for NITRD to co-sponsor WEIS 2011 (June). In conversation with Ross Anderson, I learned that the WEIS organizing committee would like to locate the conference in Washington DC, but we need a host location, General Chair, and some sponsorship. I will be working to secure a location at George Mason's Arlington campus (http://arlington.gmu.edu/) at the new Founders Hall. I will also contact several GMU departments and centers for sponsorship and to seek a volunteer for General Chair. But on top of these efforts, it would be beneficial if NITRD could become a co-sponsor, particularly to help organize events during, before, or after the workshop that can successfully engage agency policy makers and technical specialists with the industry and academic researchers.
It is urgent that we act quickly. A bid should be submitted to the WEIS organizing committee by the end of June 2010. Please contact me for more details.
-
Permalink Reply by Louis R Hughes on -
The NITRD panel requested GAME CHANGING technologies to provide real trustworthiness to the digital infrastructure.
INZERO SYSTEMS, formed in 2004 and located in Herndon VA, has just introduced to the US market a truly game-changing cybersecurity technology: the INZERO SECURITY PLATFORM.
At the present time, the USG and all the major corporations of the world are using a truly medieval architecture to address cybersecurity. A large wall (firewall) is built around the city (WLAN or LAN) to supposedly protect the citizens inside (PC endpoints). We all know that these firewalls are very ineffective because a rat with bubonic plague (CONFICKER worm for example) gets in and infects everyone inside. The only way to fight this is by protecting each of the citizens inside the city wall by providing them an individual suit of armor, so to speak, to make penetration impossible
To this end, unlike conventional signature-based software solutions, InZero has created a revolutionary HARDWARE solution for each PC endpoint. We have redesigned the architecture of the PC to physically separate the networking and computing functions of the computer. The internet is connected to our Gateway module, which is in turn connected to your PC. Our device takes command of all the networking functions of your PC. Thus , when you browse on the internet, all the activity occurs within our device, which uses your PC's screen only to display the data. The PC itself is completely offline. There is no way for the hacker to penetrate.
Known as a "hardware sandbox" with a read only memory, stateful inspection firewall, encryption keys and keyboard/mouse control, our device has been shown to be exceptionally robust in protecting computer networks. In fact, since no one has penetrated our device even once since the Company's inception, we named the device InZero, meaning Zero Intrusion.
While this ultimate solution to cybersecurity would appear to be a very bold claim, we have taken great pains to have the technology rigorously tested and independently verified. Here are just a few examples of the test results:
Telos Corp: "There isn't a way to circumvent it"
Verizon ICSA Lab: "Not found to be vulnerable to attacks"
Escrypt, Inc.: "Did not find any possibilities to exploit security weaknesses"
BusinessWeek: "Many have tried, but no one has yet hacked past InZero's protective layer"
.
We believe it is extremely important that NITRD launch its own major pilot test of the InZero Security Platform technology. For the first time, Federal employees could have unprecedented ACCESSIBILITY to the Internet while at the same time having TOTAL SECURITY and minimal compromises to FUNCTIONALITY. Additionally, systems administrators in each of the USG departments and agencies will have unprecedented CONTROL over how employees use their PCs, whether at the office, at home or on the road.
This is not "Vaporware." The product is already in commercial production. The USG needs to validate it NOW and deploy is as soon as possible.
Please contact me directly for more details.
-
Permalink Reply by Tyler B on -
I'd like to know quiet a bit more about this if you have more in-depth documentation. Like what exactly do you mean by keeping the pc completely offline. Similiar to chrome os or the contents of the pc? How are internet-facing applications run, how are documents stored and retrieved, and etc.
Also, what is the situation of the tests and did other security groups turn down the testing, which is why it seems so limited in specialties?
-
Permalink Reply by Louis Savain on
-
Louis Hughes wrote:
The internet is connected to our Gateway module, which is in turn connected to your PC. Our device takes command of all the networking functions of your PC. Thus , when you browse on the internet, all the activity occurs within our device, which uses your PC's screen only to display the data. The PC itself is completely offline. There is no way for the hacker to penetrate.
It would seem that this is only a partial solution, one that is more applicable to consumer systems. Many companies and government organizations have server farms with highly sensitive information connected to the internet. These servers are not used to browse the web and do not have screens for displaying data. The servers respond to data queries from other computers connected to the internet. I don't see how your solution can protect those systems against either external attacks (e.g., malicious queries that exploit some flaw in the server software) or internal exploits (e.g., malware inserted by rogue or disgruntled employees).
-
Permalink Reply by Rob Lewis on
-
@Inzero
This is an example of why there needs to be a "clearing house" of new technologies, with appropriate pilot trials and assessment for best use cases.
There is clearly value here, but what are its limitations? Does it deliver tailored trustworthy spaces? Only partially as Louis Savain points out. A true trusted system allows one to trust the data because it does not trust the users or the applications running on it, and that includes what goes on behind a hardware gatekeeper.
Another problem is that a current goal of security in secure environments is network hardware reduction and consolidation so that it is not necessary to have two separate networks, one unclassified and one classified and two systems on every desk. Adding additional hardware is not the ultimate goal. Plus, since one DoD goal is eventually to have every weapon, warfighter, vehicle and system computerized, linked and secure, a hardware solution has obvious limits.
Although I have little faith in NITRD, following the example of Louis Hughes, I would submit our work would be as equally deserving for follow-up consideration by NITRD, as it addresses the creating tailored trustworthy spaces theme. An overview can be found in the following link and that is all I will say about it here.
http://www.afcea.org/wiki/index.php?title=Trusted_Computing_Base
-
Permalink Reply by Rob Lewis on
-
I worded one sentence poorly above and I am not trying to be critical of NITRD. It would have been better if my point had been presented as the process that NITRD is involved in is much like herding cats, but worse, dealing with people with egos and disparate groups with differing agendas and ideas, and I am dubious about the chances of real success regarding the task they are faced with. I give NITRD full marks and commend them for their efforts, despite my doubts.
-
Permalink Reply by Benjamin Gittins on
-
Introduction to Synaptic Laboratories NITRD Cybersecurity Forum Postings
NITRD has called for the community to go solve the HARD cybersecurity problems.
NITRD has called for the community to look beyond security and focus on Trustworthiness.
NITRD has called for the community to set out to make the US Nation more cybersecure.
NITRD has also called for the community to contribute ideas and share results.
Synaptic Labs has submitted a series of interrelated postings to this forum that publicly share Synaptic Labs proposals and results (and those jointly developed with our collaborators) in going after the HARD cybersecurity problems facing the global community.
Collectively, these postings to this forum represent a call for international collaboration to solve our common shared cyber security problems in a way that protects and upholds the legitimate cyber interests of all users and stakeholders, which by definition includes those of the USA. Our call for international collaboration echos those already made by the US and EU.
The purpose of this orientation posting is to briefly introduce Synaptic Labs, outline our core game-changing proposals, to show the high-level linkages between our postings to this forum and outline the cybersecurity themes we have applied in our development process.
DETAILS:
Synaptic Labs is a Private Technology Company managed by Australian citizens with Directors in Gozo, Malta (Europe) and Australia. Our website is www.synaptic-labs.com
Synaptic Labs Core business is the area of designing cutting edge cyber security solutions that address critical needs and open hard problems identified by USA and International Governments (2005-2010) that must be solved to enable trustworthy systems envisioned by them.
Synaptic Labs goes after and offers designs that fundamentally solve the HARD problems in a way that is commercially viable. Many, but not all, of our ideas and proposals have been peer reviewed by internationally recognised experts in their respective fields. Synaptic Labs has, and continues to, refine our proposals in relation to the publications made by NITRD, NIST, DHS, and our collaborative work with with others.
Drawing extensively from the broad base of cybersecurity publications from the international Academic and Government realms and our discussions with experts in various domains, Synaptic Labs has proposed a game changing, peer-reviewed, IdM/CKM architecture that is trust-worthy even if the majority of components and agents in the system are simultaneously compromised. We are now drawing together an international multidisciplinary team to help realise this architecture. Among other things, our collective goal is to ensure each module in that system is engineered and implemented in way that inspires confidence, and that the system as a whole protects the legitimate and diversified interests of all users and stake holders.
This proposal addresses many current open hard problems as identified by the Department of Homeland Security and many others as discussed in its respective posting to this forum.
Synaptic’s Global-scale IdM/CKM has itself been designed in response to needs Synaptic Labs’ identified in the design of our proposal to address an even larger open hard problem: The design of a next generation Internet architecture that integrates privacy enhancing identity management technologies.
Synaptic Labs has made the following postings to this forum:
* A call for collaboration on Synaptic Labs’ Global-scale Identity Management and Cryptographic Key Management proposal
* A call for collaboration on Behavioural Trust
* A call for collaboration on the jointly proposed Virtualizable Network Architecture and the related Virtualizable Network Substrate Proposals (aka Synaptic Labs’ Universal Network Carrier mesh network proposal)
* A call for collaboration on Synaptic Labs’ Post Quantum Secure Multi-function DES and AES proposals
* A call for collaboration based on Synaptic Lab’s proposal for protecting against over manufacturing and firmware piracy
* A call for collaboration on Synaptic Labs’ vest multifunction cipher
* A call for collaboration to manage international standards requirements in electronic form
Collectively Synaptic’s technology proposals directly address the following 2 NITRD Themes:
* Tailored trustworthy spaces
* Moving Target Defence
Collectively Synaptic Lab’s technology proposals employ the following themes which may be of interest to others:
* “Ensure no device or protocol is left behind” in the leap-ahead to the next level in collective cybersecurity.
* “Look for ways to make aging technologies that we once trust to be robust again today as quickly as possible!”
* “Ensure communications between every two integrated circuits is secured”
RECOMMENDATION
The agencies to establish and fund specialist working groups to explore, and if agreement is reached to develop the above proposals. In addition to find a higher-level working group to co-ordinate, synchronise and maximise synergies between the different working groups.
-
Permalink Reply by Benjamin Gittins on
-
Video providing high level overview of Synaptic Laboratories cybersecurity vision
- Going for the hard problems
A high definition streaming video introducing Synaptic Laboratories Limited, our Unified Cybersecurity Vision, the Technology components in our vision, and our Activities in and Relevance to European and USA Government Cybersecurity Initiatives is now available from our website.
It includes an animated slide show.
You can access this video via the following link:
http://www.pqs.io/cybersecurity_videos.html
Regards,
Benjamin Gittins
-
Permalink Reply by Benjamin Gittins on
-
A call for collaboration on Synaptic Labs’ Global-scale Identity Management with integrated Cryptographic Key Management (IdM/CKM) Proposal
RELEVANCE TO NITRD:
This proposal addresses the hard problem of Global-scale Identity Management and Cryptographic Key Management (IdM/CKM) that does its best to take into account the big picture. It is designed to work with current Internet technologies and future Internet proposals.
Synaptic Labs offers this proposal as a state-of-the-art activity and case use that can be cited to directly support the NITRD Themes of:
* Tailored trustworthy spaces
* Moving target defence
This proposal is part of Synaptics Labs’ future vision which has incorporated the above two themes.
Our proposal has been submitted into two different NITRD NCLY events. This is the third such event.
Our Global-scale IdM/CKM proposal is a core module of a LARGER holistic vision to design a new future Internet architecture (that solves many performance and scalability problems related to the current IPv4 and IPv6 architecture), that has advanced privacy enhancing identity management technologies. The combined proposal has been designed to be post quantum secure (based on symmetric key techniques).
Synaptic Labs' identity management and cryptographic key management (IdM/CKM) design specifically addresses the USA Agencies calls, and specific requirements for, new global-scale IdM/CKM solutions. We employ a federated, distributed 'layered defense' design that ALSO addresses several more of their identified “hardest problems in INFOSEC”, including:
1. continuity - the need to protect current computing and security systems in production use today from known security problems without requiring a rip-and-replace scenario
2. usable security - enabling simplified ubiquitous encryption through globally managed identifiers, such as email address (to combat intellectual property and identity theft)
3. combating insider threats and system wide single point of potential catastrophic failure
4. combating impact of malware - originally hidden in or downloaded on to hardware devices and operating systems (backdoors, kill switches, viruses, botnet, spyware)
5. removing the threat of large quantum computers - over 1 billion applications at risk
6. survivability and availability - employs a distributed 'layered defense' design to guarantee the availability and security of services to clients in the face of partial failures
7. situational awareness - Our proposal enables push/pull based event notification and can recall earlier transactions/behavior to improve service efficiency and security
DETAILS:
Drawing extensively from the broad base of cybersecurity publications from the Academic and Government realms, our discussions with experts in various domains, Synaptic Labs has proposed a game changing, peer-reviewed, IdM/CKM architecture that is trust-worthy even if the majority of components and agents in the system are simultaneously compromised. We are now drawing together an international multidisciplinary team to help realise this architecture. Among other things, our collective goal is to ensure each module in that system is engineered and implemented in way that inspires confidence, and that the system as a whole protects the legitimate and diversified interests of all international users and stake holders.
Collaborating together, this international team will complete and deploy the world's first trustworthy global IdM/CKM system for the community.
Earlier versions of our Global-scale Identity Management with Integrated Cryptographic Key management proposal has been submitted at 2 separated NITRD NCLY events, and have been systematically refined to incorporate recommendations and requirements identified by NITRD and expert participants in the NITRD process.
The postings specifically relating to Global IdM/CKM submitted into NITRD are:
* Gittins, Kelson, “Synaptic Labs Participation in the U.S. Federal NITRDʼs Call for Leap Ahead Ideas in 2009”, PDF
NCLY 2009 Particpants Ideas’ Report, Section 6.2, “Idea - Global Electronic Identity Management System”
NCLY 2009 Particpants Ideas’ Report, Section 6.3 “Idea - Global Post-Quantum Secure Cryptography Based on Identity”
Synaptic recently participated (and was a sponsor of) the US IEEE Key Management Summit held in Lake Tahoe, Nevada, 2010 ( http://2010.keymanagementsummit.org/ ).
Synaptic was accepted to present twice on the subject of global-scale identity management which is one of eight hard problems recently selected by the US Department of Homeland Security as the hardest and most critical challenges that must be addressed by the INFOSEC research community if trustworthy systems envisioned by the U.S. Government are to be built (2010). ( https://www.cyber.st.dhs.gov/docs/DHS-Cybersecurity-Roadmap.pdf )
Our presentation was also framed in the context of the US NIST CKM Project ( http://csrc.nist.gov/groups/ST/key_mgmt/ ) .
We were the only new IdM/CKM proposal presented at the 2 day IEEE KMS event. We are not aware of any new IdM/CKM proposals being submitted at the NIST CKM event.
In our game-changing presentations at IEEE KMS we made explicit reference to our solution being an example of "tailored trustworthy spaces". We were the only presentation at the IEEE KMS Summit to reference NITRD. Additionally our proposal addresses several other DHS hard problems such as battling insider threats, building scalable secure systems, situational awareness, and a few others. (These aspects are covered in video presentations currently in post production that we will talk about later in this message).
The innovative distributed decentralised architecture that forms the core of our proposal has been peer reviewed by cryptographers who are recognised experts in our field (Professors Jacques Patarin and Louis Goubin of PRISM, France). It can be derived from work proposed by Whitfield Diffie, Martin Hellman, and Leslie Lamport proposed in 1976. (See Diffie, W., and Hellman, M. E. Multiuser cryptographic techniques. In AFIPS ’76: Proceedings of the June 7-10, 1976, national computer conference and exposition (New York, NY, USA, June 1976), ACM, pp. 109–112. Available at http://doi.acm.org/10.1145/1499799.1499815 .
Furthermore, a version of our proposal was accepted and presented in April 2010 this year at the peer-reviewed Oak Ridge National Laboratory (ORNL) Cyber Security and Information Intelligence Research Workshop (CSIIRW). http://www.ioc.ornl.gov/csiirw/10/index.html .
Our two presentations at the IEEE KMS 2010 were video recorded. We are in the process of carefully post-producing them so they are in a structured and orderly form suitable as input to NITRD and its community of Agencies. These will be freely accessible, without registration, from the front page of our website ( www.synaptic-labs.com ) and will be systematically be made available over the next week or two.
However, in the interim, we also have presentations in the form of peer-reviewed papers and slide shows that were presented at various US Cybersecurity conferences this year that describe aspects of our Global IdM/CKM proposal. This can be access immediately at the following links and we kindly submit them into the NITRD process:
* Gittins, “Overview of SLL's proposal in response to NIST's call for new global IdM/CKM designs without Public Keys”, ORNL CSIIRW 2010 (Authors copy of 4 page paper and slideshow can be found here )
McCusker, Gittins, et al, "The need to consider both Object Identity and Behavior in Establishing the trustworthiness of Network devices within a smart grid", ORNL CSIIRW 2010, (Authors copy of 4 page paper and slideshow can be found here )
Gittins, “A survey and low‐level comparison of network based symmetric key distribution architectures”, IEEE KMS 2010, Slideshow, (video recording of this presentation will be online shortly)
* Gittins, “Rapidly improving Cybersecurity with a new global IdM/CKM design that does not rely on PKC”, IEEE KMS 2010, Slideshow, (video recording of this presentation will be online shortly)
We refer the reader to the above presentations for a detailed description of our global-scale IdM/CKM proposal, and its behavioral trust extensions jointly proposed with Sonalysts. http://www.sonalysts.com/
We will post again after the IEEE KMS 2010 videos come online. However, incase the forum is locked, be sure to check back on our website!
RECOMMENDATION
The agencies to establish and fund a working group to explore, and if agreement is reached to develop, the proposal for a new Global IdM/CKM architecture, preferably in combination with the virtualisable network architecture and/or in the virtualisable network substrate proposal (the later which is in fact a next generation Internet proposal designed to upgrade today’s networking protocols without modifying them.)
Synaptic sees all three proposals as being tightly related and feels best progress would be made by advancing them in parallel.
HOW THIS PROPOSAL RELATES TO OTHER SYNAPTIC PROPOSALS:
Synaptic is making several postings into the forum, outlining various aspects of our work, most of which has previously been submitted to NITRD.
This proposal relates directly to:
* our Behavioural Trust posting to this forum
* our Future Internet posting to this forum
* our PQSxES posting to this forum (support for ambient intelligence devices)
This proposal relates somewhat to our proposal to protect against over manufacturing and firmware piracy.
-
Permalink Reply by Edward L. Stull on
-
Noting the goals of NITRD, here is a brief overview of a concept under development over the last two years or so by the Internet Security Alliance (ISA: isalliance.org) -- it is called the Cyber Security Social Contract. This concept is a contemporary reformation derived from a successful early 20th century initiative wherein the government recognized that there were substantial public safety and economic benefits in having universal telephone/power service. To assure that this public need was met, government provided substantial market incentives, essentially in the form of a guaranteed rate of return for private investors who were willing to make the necessary infrastructure investment. The result was that the US became the world model for the provision of what became known as public utility service, thereby benefiting consumers with state of the art services while simultaneously, generating trillions of dollars of economic activity for the nation. This early social contract is a real world example of how a successful partnership between government and industry can be created, implemented and completed yielding not only sweeping benefits to the nation in general while spawning new industries, but also building the foundations that we enjoy today and will continue in to the future.
The Social Contract provides an effective concept to deal with the tension between profit drivers in industry and the social needs of the people and government. But, as a concept, more is required to implement Social Contract objectives and enjoy Social Contract benefits. Recognizing these issues, the Internet Security Alliance is exploring the creation of a (Cyber Security) Social Contract Laboratory (SCLab) in that a social contract laboratory environment can be a powerful facilitator by bringing together academic and private sector innovation to meet these cyber security challenges – perhaps even without the administrative, cost and national security protection burdens of “classified”/ mil-spec one-off programs. As a consequence through the SCLab, not only will technology-based issues be introduced, but so will many legal and social concerns. Together with a prudent program of industry incentives, the SCLab will encourage and empower government and industry to build a successful relationship through a range of Social Contracts to reduce the impact, and, if possible, to solve cyber security problems on a broad national scale, even considering international issues.
Indeed, the Social Contract concept with its Social Contract Laboratory strongly addresses five areas of significance to NITRD:
• Enable economic analyses and operational action by establishing trusted repositories of cyberspace data
Perhaps the most significant obstacle to influencing the technology R&D agenda of IT providers to better align with national needs and public policy is the intense pressure these companies have to address severe price/performance competition and meet short term share value expectations. If or when individual and industry users could connect the dots between high-impact cyber risk and their own share value and personal assets – in terms they understand (i.e. EPS and PE multiple factors) – in the next reporting period, they may begin to exert the competitive pressures, aided by Wall Street, that bend the curve. A Social Contract Laboratory will facilitate that insight by sharing the existing methods and tools, as well as those under new development, that can indeed quantify the short and long term consequences of cyber risk – to personal financial security, to corporate share value and to industry economic vitality.
• Develop new theories and models of cyber economics and scientific understanding of the social dimensions of cyber economics.
Many issues trade off the balance between cost/service improvements and safeguards that minimize and mitigate new vulnerabilities and their consequences. The envisioned Social Contract Laboratory as part of its program of work will consider issues that collectively impact national security, economic vitality and public confidence:
o Economic stability
o Service availability
o Public safety
o Enterprise and public information privacy
o Emergency response and disaster recovery, and
o Continuity of operation of key Government Institutions.
Note that the Internet Security Alliance has published a number of publicly available and well-received relevant studies on the economics of cyber security, one of which is the March 2010, “The Financial Management of Cyber Risk”. Survey findings are confirming what the ISA-ANSI Financial Cyber Risk Management Project determined in 2008 with its first publication, The Financial Management of Cyber Risk: 50 Questions Every CFO Should Ask. In an effort to further help organizations understand the true costs of cyber security, ISA and ANSI continued their efforts and authored the recent March 2010 publication, which:
o Articulates the need for businesses to systemically assess and manage the financial dimensions of their cyber risk.
o Outlines a procedure for getting started.
o Provides a detailed program for the functional departments of an organization to use in their development of the needed cross-departmental analysis.
Due to the success of these two documents, ISA and ANSI are considering further studies in financial cyber risk management.
• Develop a scientific framework to incentivize vendors of cyberspace-related technologies
Internet security has not yet progressed and may never progress to the point where it can prevent or detect all breaches and exploitations that affect critical control signals in real-time. The continual leap-frog activity of seeing new attacks and then developing protections to reduce future occurrence or impact is sufficient for many traditional IT applications, but not for potentially volatile control or emergency response systems, where service availability must be absolute at the time of an incident.
Until Internet security achieves the ability to preemptively prevent certain attacks and achieve sufficiently complete detection and attribution, there remain certain functions of CIP that should be designed around, not into, an Internet-centric architecture. In the current environment, industry will continue to develop near-sufficient internet security while promoting it as the state of the art, thus filling the void with solutions that may be short of the national need. Further, new commercial products and services will strengthen the Internet only to the extent that fits the budgets, priorities, and time-to-market plans dictated by competitive market conditions, thus establishing a baseline unsuitable to completely protect the national interests in CI - but establishing the only new status quo. Still even here, an organized exploitation and deployment of existing technologies can provide great social benefits in lieu waiting for new technologies to come.
A Social Contract Laboratory is needed throughout the lifecycles of this new generation of initiatives to:
o Ascertain and ensure appropriate requirements-baselines, acquisition and application of existing technologies in combination with standards and regulations in the short term
o Ensure that CI-based Enterprise Architectures have guidelines and techniques to prevent unwise use of cyber technology for any, and all, control system or incident response applications
o Provide the necessary focus and incentive for industry and academia to solve those extreme internet, information, and application security issues that are not currently at the top of industry’s development agenda.
• Promote an environment where (1) users are well informed about cyber security, so that they reward vendors that provide secure products and services, and (2) individuals have "ownership" of their personal data, are aware of its provenance, and control its authenticated and authorized distribution, use, destruction with greater understanding of the economic value of such data.
As individual and institutional users, we all need to promote better insight into the consequences of cyber risk so that we all may take “ownership” of our own information assets’ safety and security, and not rely solely on ICT HW/SW manufacturers and service providers. This not just a matter of more public education, but a matter of new ways to talk about the problem – better tailored to each community of users – in their own language. There is no single Lingua Franca that transmits the understanding and feeling that motivates people to act about cyberspace! Two dimensions of approach are:
1. Change the conversation from data protection to one of securing Information or Infrastructure Control Signals. Data is still a “geeky” concept to most people, particularly to industry executives. Dialog about adverse effects on their vital Information and their plants’ Control signals begin to align with things they understand, and with the DNA of the cyber problem.
2. Make our training and communication align with each layer of stakeholder – from desk top users, to Board members, to political policymakers – each in their own language – relating to measures they already accept as their own yardsticks.
Here again a Social Contract Lab could provide tangible personal and industrial system “test beds” from which we could promote better insights and try out new paradigms for owning our own problems (at home and at work) as well as voicing our needs to our cyber providers.
• Empower cyberspace service providers to reduce abusive or criminal behavior and to provide the means to better defend services and systems against abuses and exploitation, while offering the appropriate legal/regulatory framework (e.g., exemptions, liability protection) and law enforcement support.
Social contracts offer to be vital instruments in quickly facilitating a unified set of defensible legal and regulatory practices across agencies - across industries - and -across borders. Model legal and regulatory frameworks with global import would not only assure a baseline legal protection but also better allocate excess legal spend required to address repetitive risk issues in the current unharmonized legal and regulatory landscape of today. It would offer a clearly defined path to assure legal defensibility with compliant practices -protect global internet economies and cyber enforcement dependencies. Information privacy protection is critical component that trans-jurisdictionally could offer fast-tracked acceptance and allow for better yet compliant innovation that protects information appropriately .
Developing a legal and regulatory framework is a core social contract value proposition that would:
o recognizes certain legal practices assure a certain benefit - facilitate risk transfer financial stability
o enable cross-border jurisdictional standards for sharing and managing privacy and more effective and faster law enforcement capabilities that are politically neutral
o greater economic benefit and protections to flow to privacy sector that execute on their commitment
o grass roots education is only way to build a globally digitally diligence society in our interconnected social networked world.
o social contracts will provide a transparency and accountability to legal and regularity requirements that takes us towards more unified protections -- economic, personal and governmental
o jurisdictionally agnostic but based on valued principles and practices that will make private sector more facile in leveraging a innovation yet protecting in strength against significant risk and economic stability
In summary, the Social Contract concept with its Social Contract Laboratory have significant potential to become another game changing strategy within the NITRD program for answering the need for near-term cyber security services while also laying the foundations in the industrial base for the future. As such, the services Social Contract Laboratory are envisioned to:
• Develop broad acceptance and consensus of the Social Contract approach through confidence in the findings, through methodology, and through the outreach of the SCL and its participants
• Maximize the use of existing technology
• Embrace a sufficiently large problem scope to create useful and safe solutions through one or more well-engineered Social Contracts by empowering, and focusing, the skills and resources of industry and the government
• Discover technology gaps, including gaps in legal and social support
• Evaluate and exercise candidate models of Social Contracts for feasibility, adequacy, and cost effectiveness, especially in terms of time-to-market issues
• Educate and assist industry and government participants to implement, enter into, and perform on a Social Contract basis
The Social Contract Laboratory must cover the full lifecycle of Social Contracts regarding cyber security. As such, this laboratory will be partnering where possible with other organizations and facilities that currently have cyber security-related resources. The Social Contract Laboratory is envisioned to initially select a “model” critical infrastructure system, for example the Smart Grid, which can be readily and favorably influenced by one or more Social Contracts.
-
Permalink Reply by Benjamin Gittins on
-
Also see Synaptic Labs' related posting made on the US National Strategy for Trusted Identities in Cyberspace website (2010):
* We need to explore new distributed decentralised trust models that remove the current system-wide single point of trust failure. (link)
* NSTIC relies on cryptographic primitives known to be at risk of catastrophically breaking. ( link )
-
Permalink Reply by Benjamin Gittins on
-
A call for collaboration on behavioral trust.
RELEVANCE TO NITRD:
To quoting the NITRD webcast:
Question posed from the floor:
“How is behavioral trust addressed in the roadmap with trustworthiness R+D, and how is mapped to trust derived from identity…”
Answer from the Federal expert panel:
“These are research questions in my view, they are things we think we need to address, I would interpret this as people may have trust in someone because they know their identity, probably because they have some knowledge about them. Knowing one's identity does not normally provide very strong basis for trust unless you have some other knowledge about the individual. It probably is tied to behavior. e.g., I have known for 10 years the same person over that time.. Reputation based trust...
I think this question about how to establish trust, in relationships that are mediated by computers, and whole computer networks, is important now. And it is going to be increasingly important. We do it now on a rather ad-hoc basis, we have these reputation mechanisms built into things like ebay, but here was an interesting interview that Janete allerted us to a little while ago with the founder of craigs list, basically thinking that the next big thing was answering this question of how to establish trust ..
I don't have an answer for you, but its a very important question that we should be addressing with research".
In this posting, we call for collaboration on this research topic.
DETAILS:
Cybersecurity is an international problem and requires and international response. No where more than in the area of combatting malware and malicious network activity.
At the Oak Ridge National Laboratory (ORNL) 6th Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW) there were approximately ten presentations relating to new approaches to behavioral trust to combat malware and malicious user activity. [see a list of paper titles in this area published at the CSIIRW-6 at end of this posting.]
In our opinion the various approaches to behavioral trust offer distinctive advantages, so the various approaches and options should not be considered as a choice between either/or. Synergies clearly exist between schools of behavioral trust.
Behavioral trust models must not be studied in isolation. At ORNL CSIIRW, and also at the IEEE Key Management Summit (http://storageconference.org/2010/Presentations.html#KMS) there was only one new proposal for a global scale CKM/IdM, a model that responds to the NIST and DHS calls for such a solution.
* Gittins, “Rapidly improving Cybersecurity with a new global IdM/CKM design that does not rely on PKC”
* Gittins, “A survey and low‐level comparison of network based symmetric key distribution architectures”.
* DHS, “A roadmap for cybersecurity research”, Nov 2009 - See current hard problem “Global-scale identity management”, https://www.cyber.st.dhs.gov/docs/DHS-Cybersecurity-Roadmap.pdf
* NIST Internal report 7609, “Cryptographic Key Management Workshop Summary - June 8-9, 2009”, http://csrc.nist.gov/publications/nistir/ir7609/nistir-7609.pdf
Importantly, at ORNL CSIIRW, the author of the CKM/IdM proposal ALSO co-authored and co-presented a paper with a designer of network based sensor analysis engine (a type of behavioral trust) , that illustrated the synergistic potentials between online global identity assertion engines when and network behavioral analysis engines to effectively address the end-to-end security needs of the users of large networks (smart grids, Internet).
* McCusker et al, "The need to consider both Object Identity and Behavior in Establishing the trustworthiness of Network devices within a smart grid" Authors copy of 4 page paper and slideshow can be found here.
This concept of combining this new global scale IdM/CKM with behavioral trust models was also accepted for presentation at and prepublished by the NATO Information Assurance and Cyber Defence Symposium in Turkey 2010 ( http://ist091.ii.metu.edu.tr/index.html ) This paper titled “Combining Trust and Behavioral Analysis to Detect Security Threats in Open Environments” is listed as the last presentation in the agenda published here and can be downloaded here.
(Note: this event was cancelled due to volcanic disruption in Europe, possible reschedule date TBA).
Cybersecurity is an global problem and requires a co-ordinated international response. The authors of the new CKM/IdM model have been working closely for several months with behavioral trust model authors in the USA (and Canada), since the NCLY Summit where they met.
The CKM/IdM author has also connected with a small NATO funded project in Croatia (insert link) that is looking at smart grids and their security.
* NATO Project SFP 983805: "Emergent phenomena testbed simulator for improving SCADA performance in power system security management", link
These existing relationships and connections may provide an opportunity for some international collaboration around behavioral trust and IdM/CKM in the critical targeted area of smart grids.
RECOMMENDATION
We recommend that the Federal Agencies fund a working group comprised of all the ORNL CSIIRW behavioral trust proposal authors, to work together and go after the hard problem of creating a comprehensive, holistic model, for addressing object identity in combination with the behavioral trust of objects (both human and digital objects).
This working group should include the authors of the “ The need to consider both Object Identity and Behavior in Establishing the trustworthiness of Network devices within a smart grid” paper that combines behavioral trust with the new Global IdM/CKM model.
A SAMPLE OF THE BEHAVIORAL TRUST PUBLICATIONS MADE AT CSIIRW-6
(CSIIRW-AGENDA)
* Krings et al, "Neighborhood Monitoring in Ad Hoc Networks"
* Park et al, "Fast malware classification by automated behavioral graph matching"
* Seong-Moo Yoo, "Propagation Moedling and Analysis of Network Work Attack"
* Myers et al, "Adding Value to Log Event Correlation using Distributed Techniques"
* Chandola, "A reference based analysis framework for Analyzing System call traces"
* Overman, "High Assurance Smart Grid Architecture for Cyber Security and Reliability)
* Baird et al, "Reasing about Policy Noncompliance"
* Oehmen, "An organic model for detecting cyber-events"
* Katipally et al, "Multistage attack detection system for network administrators using Data Mining"
* McCusker et al, "The need to consider both Object Identity and Behavior in Establishing the trustworthiness of Network devices within a smart grid".
*Jackson et al, "Multi-variant program execution for vulnerability detection and analysis"
* Lagesse et al, "Augmenting Trust Mechanisms with Social Networks"
* Daly et al, "Concordia: A Google for Malware"
HOW THIS PROPOSAL RELATES TO OTHER SYNAPTIC PROPOSALS:
This proposal relates directly to:
* Global-Scale IdM/CKM posting to this forum
APPENDIX: RESUBMISSION OF JOINT GAME CHANGING PROPOSAL ON BEHAVIORAL ANALYSIS
Please find attached the original text for Sonalysts' and Synaptic's additional NCLY game change idea that was published on the internal NCLY Wikipedia on the 24th and the 25th of August 2009.
This game change proposal did not make it to the www.co-ment.net website.
I note that our joint proposal addresses at least one Capability requested by the United States "Federal Plan for Advanced Networking Research and Development" Report by the Interagency Task Force on Advanced Networking Research and Development, September 2008.
Goal 2: Secure, global, federated networks - Capabilities for security goals - Cooperative defence against cyber attacks (Page 39)
I also note our joint proposal addresses point 10 of the mid term action plan of the United States President's Cyberspace Policy Review:
10. Expand sharing of information about network incidents and vulnerabilities with key allies and seek bilateral and multilateral arrangements that will improve economic and security interests while protecting civil liberties and privacy rights. (Page 38)
Sonalysts (www.sonalysts.com) and Synaptic Laboratories kindly ask that this game change idea proposal be accepted into the NITRD NCLY process.
Yours sincerely,
Benjamin A. Gittins
Synaptic Laboratories Limited
= A Distributed Decentralised Threat Discovery System to support "Over-the-Horizon" Weak Signal Cyber Detection =
Authors: Owen McCusker (Sonalysts, Inc.), Benjamin GITTINS (Synaptic Laboratories Limited)
* '''Idea''': What does this change look like? (Phase I)
Organization such as Mitre have created very success vulnerability taxonomies to support information sharing (CVE). A threat landscape can be viewed as a spectrum going from vulnerabilities, to alerts, to threats, and finally threat behaviors. The vulnerability view of the threat landscape supports the selective sharing of valuable information associated with known problems of systems. What is needed now is a common way of discovering, describing and sharing threat behaviors in real-time used by emergent cyber threats such as botnets. The raw information needs to be stored and processed in a distributed, decentralised manner in a way that allows selective depersonalised data to be shared to identity threats, and when a clear threat signal is identified, enables administrators the option to simultaneously disclose only the detailed information required to identify and neutralise that threat.
Today's threats exhibit numerous behaviors that can be detected by a distributed set of detection nodes of possible attacks, and possibly anticipate attacks.
* '''Description''':
Threat Discovery can be greatly facilitated by flipping the alert-centric methods of detections and move to a behavioral-centered methodology. By aggregating network behaviors over multiple time periods, emergent behaviors can be detected and shared. Network Behavioral Analysis (NBA) is a relatively new concept which can be leveraged in the idea. Network behaviors would be gathered and archived from multiple ingress points using multiple sensor types. A rich behavioral feature space would be derived from the raw sensor data. The system would use knowledge discovery, data mining techniques, techniques to recognize threats, and the threat behaviors that represent them. Those threat behaviors that represent high value cyber threats would then be collected and shared to other distributed "health-inspired" system to further facilitate defense. It is anticipated that this threat behaviour information can be described at a sufficiently high level of abstraction (eg., as weighted behavioral vectors as opposed to detailed transactional information) to prevent its misuse as a privacy invasion tool. A Threat Discovery system represents an offline capability that connects to other ideas such as:
**Sharing of discovered threat behaviors to a distributed decentralised Cyber CDC
**Sharing of discovered threat behaviors to the secondary behavior system identified in Idea 4 of the Health-inspired network defense
**Leveraging/Creating a mechanism of distributed, decentralised trust with no single point of 'authority'.
**Leveraging/Creating a Threat Ontology
* '''Integration'''
* This proposal can be realised at several levels of abstraction:
** Monitoring behaviour at the 'hypervisor' level - this monitors behaviour of operating systems.
** Monitoring behaviour at the 'operating system' level - this monitors behaviour of applications and services hosted by an operating system.
** Monitoring behaviour over public networks such as the Internet - this might be achieved by integrating the sensor logic into Anagran's Flow routers.
** Network wide monitoring as part of the "strictly accountable universe" functionality of the NCLY proposal for a new Virtualisable Network Architecture. In this vision, the sensor functionality is hard wired into every VNA communications substrate node as part of that node's security monitoring circuitry. In this architecture a fixed proportion of total network bandwidth (1-2%) would be permanently allocated to communicating threat and network status information in a way that does not interact with the public network behaviour. (Simulating Out-Of-Band Signalling).
* '''Inertia''': Why have we not done this before? What would derail the change?
Parts of this approach have been implemented based on the alert-centric sensor system driven by vulnerabilities. What this approach does is "flip" the threat description model that exist today from being focused on system vulnerabilities used by the attack and instead focuses the system of the threat behaviors that represent precursors of an attack. Also, what has not been done yet, is the use of multiple types of network sensors e.g.: flow sensors, IPS/IDS, and Honeypots, combined together to created a more robust behavior view of the Internet. In order to support such an initiative, a common semantic description e.g.; an Ontology, is needed. This ontological model must be designed, published and peer-reviewed to ensure the information cannot be used to invade individual users privacy without sufficient collective consensus (a vote that yes, this behaviour appears to be a legitimate threat to the community). Furthermore, the idea of distributed decentralised trust (preferably secure against single point of trust compromise) is needed to create a Community of Interest between systems engaged in selective information sharing. This proposal could leverage the NCLY proposals for "global post quantum secure cryptography based on Identity" and "a global electronic identity management system" to manage sensitive trust and identity issues.
* '''Progress''': Why technically is this feasible now? Why environmentally is this feasible now? What would mitigate our doubts?
This idea is technically feasible today. What is needed is the creation of more complex behavior engines used to drive the discovery of cyber threats. The environment would support the creation of such as system in that there are already ways through which information is shared. Leveraging abstract network behaviors in information sharing would break down privacy walls as it will be based on the built-in anonymity of the behavior data and the models would be designed with input from civil libertarian groups and recognised experts in weak-signal analysis.
* '''Action Plan''': What are reasonable paths to this change? What would accelerate this change?
The goal of the Action Plan is to create an open architecture and an incremental development process that allows multiple distributed organizations to work together creating various enabling technologies supporting the development of early warning cyber detection capability. The plan will leverage existing technology and capabilities establishing ground truth to be leveraged in the creation of a multi-scale and distributed behavioral analysis system.
**Create a community of interest to work on knowledge discovery, distributed decentralised trust, and Information Sharing
**Perform basic research creating various enabling technologies, and connect with other groups
***Define and open architecture that promotes multiple teams/organizations to develop a threat discovery system
***Establish ground truth threat behavior by leveraging existing threat data e.g.: Predict.org, and collecting live sensor data events and data from multiple sensor types to establish ground truth
***Establish a set of knowledge discover (data mining) algorithms to learn both normal and abnormal behaviors (self, non-self)
***Create a data warehouse used for knowledge discovery of threat behaviors
***Create and/or work with other teams, to define a common threat behavior language used for real-time information sharing
***Scale the system to leverage high performance computing platforms
***Define and create a behavioral-based Human Computer Interface that allows analysts to realize threat (human in the loop), and drill into raw sensor data
***Create/Define an SOA that allows 3rd party system to receive/exchange threat behavior data e.g.: subscription based, publish/subscribe
**Implement a proof of concept to test out those enabling technologies
**Deploy a prototype into a test bed
* '''Jumpstart Plan''': (Pieces of the action plan that can be started now)
90 days: Perform basic research to create distributed decentralised knowledge discovery system identify threat behaviors.
*Who can help:
** NITRD, Sonalysts, Northrop Grumman, Synaptic Laboratories Limited, Jeff Jonas of IBM for weak signal analysis, Naval Research Laboratory, University of Memphis, Anagran, BT Counterpane (Managed Security Systems), Electronic Freedom Foundation, EU Think Trust and many very knowledgeable people from the NCLY Summit 09, and other recognised experts in related fields (such as data depersonalisation research).
© 2012 Created by NITRD Cyber Security.
