Federal Cybersecurity R&D Forum

NITRD Cyber Security

Cybersecurity R&D Themes - Current Activities


Focus Questions for this Section: What state-of-the-art activities and use-cases can be cited in support of the three themes? How would your organization’s future vision support or incorporate the three themes?

Views: 138

Reply to This

Replies to This Discussion

Owen McCuskerPermalink Reply by Owen McCusker on June 21, 2010 at 10:10am
Weak signal distributed cyber and insider attacks have become a significant threat to our national infrastructure. In order to scale to the needs of these new threats innovative technologies and operations are required in creating enabling technology that allows for connecting dots over very long time periods and at the same time creating a level of abstraction that fosters the ability to share actionable information in near/real-time.

Today data and events created from existing intrusion detection/prevention technology are non-numerical, proprietary, and difficult to measure relative to the security policies of a given institution. In order to combine raw sensor data it must be semantically aligned and transformed. We require innovative metrics and models that transform the volumes of data into a reduced perspective and also provides a privacy enhancing capability for collaboration over enterprises involved in supply chains.

One of the major challenges with behavioral trust is its subjective nature, relative to object identity. Novel methodologies are needed to map the policies of a enterprise to be factor in when developing models of trust.
A common behavioral language (Ontology) is needed that fosters the develop of a distributed defense capability. There are a number of research areas that can be leveraged here including the Threat Agent Library (TAL) created by Intel. As a community, and as the bioinformatic community has already done, we need to assemble an Ontology that facilitates a consistent way through which a threat can be described in terms of their behaviors.

Behavioral analysis, behavioral trust, and ultimately risk, can offer levels of abstraction that can be used to reduce data, and also enhance privacy and provide business management and mission planners with a clearing understanding of risk.

Recommendations:

We also recommend research that focuses on behavioral analysis that leads to the development of behavioral trust models and metrics that can be ultimately used to define risk. We also recommend creating a common behavioral language used to described and classify carious threat behaviors. We must fuel our risk management operations with data that can move from quarterly interpretations of risk to defining risk up to the minute/second.

Who else can help:
Intel (Threat Agent Library)
Benjamin GittinsPermalink Reply by Benjamin Gittins on July 19, 2010 at 5:27am
Also see Synaptic Labs' related posting made on the US National Strategy for Trusted Identities in Cyberspace website (2010):

* The Need to Consider Both Object Identity and Behavior in Establishing Trustworthiness. ( Link )
Benjamin GittinsPermalink Reply by Benjamin Gittins on June 18, 2010 at 3:48pm
A call for collaboration on the jointly proposed Virtualizable Network Architecture and the Virtualizable Network Substrate Proposals (an earlier version which was submitted as Synaptic Labs’ Universal Network Carrier mesh network proposal)

RELEVANCE TO NITRD:

NITRD has made a call to the community to “go after the hard problems”.

This posting outlines Synaptic Labs’ current efforts to address the open hard problem of creating a secure network architecture with integrated privacy enhanced identity management technologies.

DETAILS:

At the NITRD NCLY 2009 Summit six proposals authored by Synaptic Laboratories Limited CTO Benjamin GITTINS made it through to the Participants Ideas Report.

Extracts made from the NITRD NCLY 2009 Summit websites and publications relating to Synaptic’s 6 proposals can be found in the following link.

In this posting we focus on the game-changing idea that was co-authored with Dr Larry D Wagoner of the NSA for a new virtualizable network architecture (VNA) and how it relates to our earlier proposals submitted into NITRD processes. The VNA proposal is found in section 6.1 of the Participants Idea Report on page 100 and is titled “Idea - Virtualisable Network Architecture”. It can also be found in the above link.

The VNA proposal is an exciting example of the new 2010 NITRD theme: “Tailored trustworthy spaces”.

To briefly summarize that proposal, the virtualizable network architecture (VNA) is a secure overlay network that rides on the current Internet that offers advanced identity management including but not limited to: authentication, non-repudiation, attribution and network introspection. Access to the VNA may be limited to hardened thin client running on a hardened hyper-visor complemented by a hardware token. To enter an accountable virtual network domain, a multiple-attested federated identity will be employed. The ID would be issued by a nation-state or other recognized entity. Further details can be found in full proposal text above.

The VNA architecture proposal has received some important expressions of support for the idea during the public comment phase of the NCLY Summit:
* Dr Lawerence G Roberts, CEO of Anagran, and a Founder of the Internet (1969)
* John Leiseboer, CTO of QKD company QuintessenceLabs, formerly a technical director at RSA Security.

This is one of the very few proposals submitted by any other individual / organisation on the NITRD website that solicited support from internationally recognized security experts seeking to participate in a collaborative effort!

The VNA proposal is also an example of Commercial sector (Synaptic Laboratories) and Government sector collaboration (an employee of the NSA).

-----
To explain why the commercial author could collaborate with the NSA staffer to make such a proposal, it is probably helpful to take a step back and discuss the context.

Synaptic Labs, a foreign research and design company, was accepted into the NITRD NLCY Summit 2009 summit based on the strength of their 3 proposals into the NITRD “Call for leap ahead ideas” in 2009. Those three interrelated proposals outlined Synaptic’s vision to “attack the critical, very hard problem” of solving:
* Global-scale Identity Management in the context of integrating it into
* a new Future Internet proposal (that solves many performance and scalability problems related to the current IPv4 and IPv6 architecture) while ensuring that the combined proposal is
* post quantum secure.

These 3 proposals form the kernel of a singular holistic vision that has since evolved in direct response to requirements identified in publications from US Federal Cybersecurity Initiatives and as a result of collaboration with two different American organisations.

You can read our three interrelated submissions here:

* Gittins, Kelson, “Synaptic Labs Participation in the U.S. Federal NITRDʼs Call for Leap Ahead Ideas in 2009”, link

Synaptic is offering a bold, global, game-changing vision that ensures the continuity of production environments, while improving both security, performance and functionality across multiple axis. It is designed to protect the legitimate interests of all users.

Unfortunately the 2009 Summit had a very crowded agenda, so we did not have any time to present our new Future Internet model in any detail at all. This was also unfortunate because as the “US Cyberspace policy review: Assuring a trusted and resilient information and communications infrastructure” (May 26, 2009) stated:

A number of efforts exist to define visions for some technology or infrastructure sectors. … An advisory group for the Defense Advanced Research Project Agency (DARPA) describes defense of current Internet Protocol-based networks as a losing proposition and calls for an “independent examination of alternate architectures,” leading to experimentation and evaluation of the best candidates. According to a March 2009 briefing, DARPA is proceeding with a six-month analysis of alternatives.

LINK


Susan D. Alexander, who was responsible for initiating the NCLY, stated that the NCLY 2009 Summit was not about achieving consensus opinion, but about finding leap-ahead game-changing solutions. Even so, our forward looking, proposal for a Future Internet protocol was quickly pushed aside by attendees at the Summit, as there was a feeling that Future Internet had been attempted before without success (presumably, the limited success of the ATM protocol [Lawrence Roberts was heavily involved in this proposal] to penetrate the market) and they did not want to try again. However, the majority opinion clearly was not in complete alignment with perceptions within at least certain segments of DARPA and the NSA.

Taking a side step to briefly answer the criticism of the ATM protocol. It is true, ATM did not achieve its target in the market place. However, it has since been public acknowledged that forcing the market to ‘change’ protocols was not a successful “get-to-market” strategy for ATM. This is why Synaptic Labs is proposing a new protocol that is hidden to users and acts as a “universal network carrier” for IPv4, ATM, ISDN, and so on as will discuss below. This is also why Lawrence Roberts and Anagran is now adapting some key ATM principles back into the Internet IPv4 protocols with good results. Our virtual network architecture proposal is designed to synergistically graft with Anagran’s technologies for the Internet Protocols.

-----

So drawing our attention back to the VNA proposal, we wish to stress that both Dr Larry D. Wagoner of the NSA and Benjamin Gittins of Synaptic Labs brought to the table several concepts that were unique to each party, and also brought to the table several concepts that were shared. Working together that they were able to synergistically align the full set of ideas and create the innovative VNA proposal.

Synaptic and Dr Wagoner have explored the possibility of further collaboration. After exploring his options, Wagoner advised us because our company is foreign owned with no U.S. presence, it would be very difficult for him to collaborate on anything beyond the NCLY work already performed. He felt that our company has a lot of interesting and innovative ideas.  He remained interested in what our company has to offer, but could not enter an NDA.

This is one area we hope that the NITRD can help change the game of “business as usual”.

In support of the VNA proposal, Synaptic rapidly refined and aligned our original Universal Network Carrier proposal submitted to NITRD to fully support and enhance this commercial and government collaborative vision of a Virtualisable network architecture with a “substrate layer” based on our universal network carrier proposal.

This substrate layer proposal, submitted into NITRD, details how to integrated enhanced privacy-enhancing identity management functionality ( A US Cyberspace policy objective ) and to achieve performance characteristics that cannot be obtained using IPv4 or IPv6. This proposal was submitted as an additional NCLY game change idea proposal into the NITRD process as permitted by, and in accordance with, the letter by Martin Ross dated 25th of August 2009. It was titled: “Purpose Built Communications Substrate for the Virtualizable Network Architecture (VNA)” and was published to subscribers of the NCLY 09 discussion list. We have attached the original text to this proposal as an appendix.

The VNA substrate proposal is another good example of the new 2010 NITRD theme: “Tailored trustworthy spaces”

Synaptic Labs has been researching and designing various aspects of our Future Internet vision for more than 10 years. We settled on the basic network model, a mesh model designed as a ‘secure universal network carrier’ that was explicitly designed to carry all todays networks and, conversely, could itself be carried by all todays major public network protocols. In fact we are sure that we resolved the fundamental problems preventing a global mesh UNC (routing and congestion management). Independent advances openly published by Lawrence Roberts in this area confirm our opinion about that.

However, 5 years ago we shifted focus away from the networking infrastructure when it became apparent that there needed to be a radical shift in cybersecurity, particularly with respect to Identity Management and Cryptographic Key Management. As our design was being built as a cryptographic security project from the ground up, these issues could not be ignored and had to be addressed so they could be integrated into the networking protocols. It was obvious that serious critical weaknesses in the current identity management and cryptographic key management as found in today’s Internet would negatively impact on our secure networking model if we used them. ( Read Peter Gutmann's draft book "Engineering Security" to learn more about the current state of PKI)

Today, we have now settled on a basic identity management model AND cryptographic key management model which is based on a distributed decentralised architecture as proposed in our other postings. This architecture has been peer reviewed in several places. This proposal has been designed to protect today’s interest and be suitable for future networks. Based on a wide reading of the lieterature, we were able to successfully predicted many of the issues, needs and calls that have been determined by Federal agencies such as NIST, DHS and the NITRD program in 2009 and 2010. We have also refined our proposal in response to those calls.

And so our research and design process has been to systematically address the fundamental issues in secure networking from the ground up. As mentioned above, Two key features of Synaptic Labs new Future Internet design that have been present form the onset is that it is being designed to be a Universal Network Carrier, and being built as a cryptographic project from the ground up.

It has been carefully engineered so it will be able to securely carry all existing networks (unsecured isochronous, packet and cell protocols) while ensuring uniform and improved quality of service. The new universal network carrier protocol itself is designed to operate efficiently when it is operative over mainstream public networks (IPv4, IPv6, and ALL isochronous protocols). This is to ensure full interoperability with todays Internet, telephone systems etc. and to enable incremental deployment and reuse of existing investments in telecommunications infrastructure.

The VNA proposal is a new network protocol that can be directly supported by our Unviersal Network Carrier as described in our VNA Substrate proposal.

RECOMMENDATION

The agencies to establish and fund a working group to explore, and if agreement is reached to develop, the proposal for a new virtualisable network architecture and/or in the virtualisable network substrate proposal (which is in fact a next generation Internet proposal designed to upgrade today’s networking protocols without modifying them). Synaptic sees the two proposals as being tightly related and feels best progress would be made by advancing them in parallel with Synaptic’s peer-reviewed Global IdM/CKM proposal.

HOW THIS PROPOSAL RELATES TO OTHER SYNAPTIC PROPOSALS:

This proposal relates directly to:
* Global-Scale IdM/CKM posting to this forum
* PQSxES posting to this forum (support for ambient intelligence devices)
* VEST posting to this forum (link-level encryption)


APPENDIX: RESUBMISSION OF SYNAPTIC’S GAME-CHANGING PROPOSAL


=== Purpose Built Communications Substrate for the Virtualizable  Network Architecture (VNA)  ===
Author: Benjamin Gittins (CTO of Synaptic Laboratories Limited)

This proposal relates to the "Virtualizable Network Architecture" (VNA) proposal submitted by Benjamin Gittins (Synaptic  Laboratories Limited) and Larry D. Wagoner (NSA).

While the VNA proposal above acts virtually on top of the existing Internet, this proposal is for a Purpose Built Communications Substrate (PBCS) that is a physical network architecture that delivers the full feature set envisaged for the VNA without compromise. This PBCS proposal is for achieving advanced identity management and network capabilities such as up to terrabit/s flows with 1 second round trip latencies between end-users over a global public federated mesh network using conventional semiconductor technologies without requiring the use of expensive optical routing or optical switching technologies and exploiting existing transceiver technologies.

Similar to the US NSF NeTS FIND Initiative (Future Internet Design), the VNA substrate proposal is based on a clean-slate approach that Synaptic began researching 10 years ago.  We took a long-range perspective, to consider what we ideally would like our global network to look like today, and how to build networks that meet the future requirements. We asked many of the same questions asked by the FIND Initiative: How can we design a network that is fundamentally more secure and available than today's Internet? How would we conceive the security problem if we could start from scratch? How might such functions as identity management best fit into a new network architecture? What will be the long-term impact of new technologies such as advanced wireless and 100 gigabit/s optics?

We have also addressed questions such as: how can we achieve massive scalability using low cost commodity equipment in both developed and developing nations with the one networking architecture? Most importantly we asked, how can we secure the control and data plane of existing networks and network protocols while simultaneously leveraging existing investments in communications infrastructure?  In this regard we may be different to the approach envisaged by FIND, we sought to transcend existing limitations while keeping the constraints and requirements of the existing infrastructure firmly in mind.  We have taken the existing Internet, wireless networks, and telephone requirements into account at all times, which has resulted in a solution designed to work over existing network infrastructure, and also designed to carry existing networks with improved security and performance characteristics.  Therefore the PBCS can also be seen as a Post Quantum Secure Universal Network Carrier.

Specifically, this proposal is to build a Purpose Built Communications Substrate to support the NCLY new Virtualizable Network Architecture (VNA) proposal that provides an abstraction of the essential data routing and congestion management services required to support implementation of the VNA as a semi-regular lattice/mesh based network topology.  Simply speaking each home/building/office would have a VNA node, that node is connected to the VNA nodes in each neighbouring building. (Other topologies are clearly possible.)  This communications substrate should support rapid incremental deployment over all existing telecommunications infrastructure (ISDN, ATM, IPv4, IPv6, ADSL) and over a network infrastructure built using commodity high speed low cost short range Ethernet technologies.  All links between VNA nodes and users will always be cryptographically secured using post quantum secure techniques.  The VNA communications substrate will exploit next generation flow technologies and would be designed to host packet, cell and isochronous network protocols and be optimised for both short-lived (web-surfing) and long-lived (video streaming) applications.  The VNA PBCS protocols should also be suitable for low cost Ambient Intelligence/Network of Things devices.

Unlike today's networks, each VNA substrate node would implement the full spectrum of identity management, security and quality of services functions that are selectively enforced in different combinations for different VNA sub-domains it hosts. The VNA substrate would act as a type of hypervisor that ensures service level agreements and quality assurance is maintained within and between sub-domains.  The VNA substrate would allow sub-domains to enforce policies that require the network layer to provide complete introspection of the identity, origin, path and destination of all traffic within that sub-domain. The VNA substrate would also allows other sub-domains the ability to enforce strict anonymity, preventing the discovery of the very same characteristics. Anonymity functions would be performed as a first class function within each of the VNA substrate nodes and within end-user access nodes (increase the number of participating autonomous organisations), and allow for locality of repeaters to be exploited.
  
Mandatory quality of service functionality within the VNA substrate would ensure fair-use of bandwidth for each sub-domain according to the requirements of the regional/organisation network operator.  (For example peer-to-peer traffic sub-domains are optimised for bulk data transfer at low priority, where as medical sub-domains are optimised for low-latency high-priority data transfers).  We anticipate that the VNA substrate can be realised so as to support it’s use in Industrial Control Systems, Financial systems, and remote aged care at home/NIH/Medical network applications which require priority transport, low latency, low jitter, high availability, fault tolerance, privacy and advanced identity management and access control functionalities.

The features in the last paragraph are in line with the following text of page 33 of the US Cyberspace Policy Review: "Identity management has the potential to help individuals and organizations form trusted communities based on varying degrees of identity exposure and mutually agreed accountability, while helping exclude unwanted intruders or inappropriate membership.  Identity management also has the potential to enhance privacy through additional protection against the inappropriate release of personal identifiable information."

* '''Alignment with US 2008 Advanced Networking Research and Development Agenda'''
This proposal is aligned with many of the capabilities requested by the "Federal Plan for Advanced Networking Research and Development" Report by the Interagency Task Force on Advanced Networking Research  and Development, September 2008.  This includes but is not limited to:

* Goal 1: Secure Network Services anytime, Anywhere
** Capabilities for Design Goals:           Transport for  heterogeneous mix of demands
** Capabilities for Foundations Goals:  Distributed, self-organizing services.
** Capabilities for Foundations Goals:  Architectures for Future Services
** Capabilities for Foundations Goals:  Service Virtualization

* Goal 3: Manage Network Complexity and Heterogenity
** Capabilities for Fundations Goals:    Architectures for Future Networks

* Goal 4: Innovation through advanced technologies
** Capabilities for Security goals:           Algorithmic cryptography that is secure even with quantum computers
** Capabilities for Foundation Goals:    Transport protocols category
** Capabilities for Foundation Goals:    Routing Schemes
** 'Capabilities for Useability Goals:      Adjustable Autonomous Networks

This proposal is also aligned with many of the European Network of the Future requirements.

* '''Inertia''':
** Why have we not done this before?
*** Mesh based network topologies are used extensively in the back-bone of the current telephone and Internet infrastructures but the data routing technologies did not previously exist (until recently) to support a global network built entirely using a mesh topology.
*** ARPANET and INTERNET protocols were designed under the assumption of relatively high speed general purpose cpu's and expensive memory. The networking community has been slow to design new protocols that are explicitly designed for efficient execution in hardware, that exploit massive parallelism, can take advantage of abundant amounts of  memory, and are designed to enforce security properties.

* What would mitigate our doubts?
** Management of QoS and packet routing of flow based technologies has now matured
** Ad-hoc wireless mesh networking technologies have matured
** Anonymizing technologies have matured (e.g, The onion router)
** Virtualisation of sub-domains allows separation of Anonymity from Accountability, allowing an unbound number of sub-domains to select the appropriate balance of function and disclosure as appropriate for its target community, minimising conflicts of interest.
** There is an appreciation that today's Internet infrastructure is not suitable for high assurance or high security applications. A network designed for security from the ground up enables efficient commercial and government communications.
** Knowledge that the ARPANET and INTERNET protocols were designed by very small teams of developers.

* '''Action Plan''':
** 60-90 days
*** Identify a first team of stake holders interested in participating
*** Develop a short-term action plan and secure funding
*** Implement rapid proof of concepts to mitigate concerns of stake holders
**** prototyping of mesh routing and packet switching
**** prototyping of mesh congestion management protocol
**** prototyping of authenticated key exchange techniques
** >90 days.
*** Identify a wider team of stake holders interested in participating
*** Develop a medium-term action plan and secure funding
*** Develop a draft high level Requirements document
*** Bring a conference together to integrate stake holder variations of the proposal
*** First team Develop a proposed network architecture document - network architecture to achieve global lattice based mesh network communications infrastructure - design of a cryptographic protocol that can host and be hosted by popular network protocols.
*** Development of full active congestion management protocols for mesh networks
*** Development of full packet routing technologies for mesh networks
*** Large scale network behaviour simulations.
*** Implementation of low-level network protocol specifications for Ethernet / IpV4 / ISDN.
*** Prototype IPv4 over a UNC / Implementation
*** Integrate large scale flow routing architecture.

* Who can help ( in no order )
** NITRD, DoE, US State Department, Synaptic Laboratories Limited  (Mesh protocols, Mesh network architecture, key exchanges), Larry Roberts of Anagram (flow technologies), ICSA Labs (protocols), Paul Syverson of the US Naval Research Laboratory (anonymization), Paul A. Karger of IBM (High Assurance Hypervisors), DARPA's Ultraperformance Nanophotonic Intrachip Communications program, Kotura, NIST ATP Terabit Photonic Integrated Circuits, Global Environment for Network Innovations,  EU Think-Trust, FIND, ... and other organisations and experts of equivalent stature and capabilities from across the globe representing a wide spectrum of socio/political interests
Benjamin GittinsPermalink Reply by Benjamin Gittins on June 18, 2010 at 3:52pm
A call for collaboration on Synaptic Labs’ Post Quantum Secure Multi-function DES and AES proposals

RELEVANCE TO NITRD:
This cipher proposal was created to support the hard problem of Global-scale Identity Management and Cryptographic Key Management (IdM/CKM) in the context of ensuring post quantum secure operations for smart card and ambient intelligence / network of things / sensor network devices.

It illustrates how Synaptic Laboratories has sought to considered “the big picture” as part of our Global-scale IdM/CKM proposal, “ensuring no device is left behind”.

Synaptic Labs' theme: “Ensure no device is left behind” may be an interesting theme to NITRD, as it emphasises that we need continuity in business and in the global community. Nobody in the commercial space wants to throw aware their massive research, development and tooling costs in the high volume commodity price-sensitive devices found in the market today.

The proposal also employs another theme that we quickly describe as: “Look for ways to make aging technologies that we once trust to be robust again today as quickly as possible!”


DETAILS:

As we all know, DES and AES are the world’s most studied block ciphers. They are also the most popular ciphers with regard to hardware dedicated implementations and hardware acceleration through CPU instruction set optimization. This took a HUGE amount of investment in many segments of the community. These groups are looking to continue ensuring a return-on-investment.

A huge number of smart cards have DES (thanks to the financial industry) and hardware acceleration for AES-128 is now finding its way into ambient intelligence sensor devices (ZigBee, et al).

As we know, the US NIST has recommended a global shift away from DES. It is also recognized that the use of AES-128 will probably have to be abandoned with the arrival of code breaking quantum computers.

At Synaptic Labs, we take the theme: “ensure no device or protocol is left behind” very seriously. Our Universal Network Carrier proposal is designed to protect EVERY network protocol by transcoding it on a protocol designed to carry the 3 classes of network (isochronous, packet and cell). Our Global-scale IdM/CKM proposal is designed to leave all “known at risk” public key infrastructure in place while wrapping around and protecting it’s output.

Along similar lines, we clearly identified the need to ensure our UNC and Global IdM/CKM visions could interface with (almost) every commodity device in the market. This required considering how to achieve credible 50-to-100 year security in those devices.

PQSDES and PQSAES is our targeted research agenda to address this problem head on.

We argue that it is possible to retain and breath new life into both the DES-56 and AES-128 ciphers so as to retain them in a way that is highly suitable for the long term future.

We are in the final stages of a new software protocol for the standards based full-round
DES and AES ciphers that enhances their functionality and security. The result will be a new variable 112 to 256-bit candidate post quantum secure family of software ciphers that we call Post Quantum Secure DES (PQSDES) and PQSAES.

The ciphers can each be accurately described as a family of mode-of-operations for the full-round DES and AES ciphers respectively.

These ciphers offer up to 512-bit key single pass authenticated encryption with up to 512-bit MAC and up to 512-bit collision resistant hashing modes of operation. (These configurations are sufficient to offer 256-bit security against quantum computer attacks).

The PQSDES/AES design should be much easier to study then most ciphers, as the round-function (either DES or AES) is already extensively studied. The cryptographic study then becomes one of drawing together known results for DES and AES and using that huge body of knowledge in the context of studying the new construction.

Our new construction is based on a new class of unbalanced incomplete source-heavy Feistel networks that updates two blocks of output for every block of output. (You might describe it as a hybrid of the structures of XXTEA and RC6).

The SHA-3 NIST process is targeting the design of for-free high performance 32-bit / 64-bit efficient hash algorithms that are compatible with 8-bit processors.

Our design has a different, commercially orientated, focus that is not addressed by SHA-3. Furthermore, our design was limited from entering into the NIST process due to its commercial origins (intellectual property rights).

PQSDES/AES has been carefully targeted for highly constrained embedded micro environments that have a tiny 8/16/32-bit CPU and a very fast, power efficient, DES or AES hardware coprocessor. This includes environments such as the billions of smart cards currently manufactured and the emerging ambient intelligence market. This symbiotic design leverages the readily available SRAM present in the CPU to store the state of the cipher, use the CPU to perform simple linear operations (Read, Write, XOR) and use the block ciphers as the complex non-linear operation in the round function.

This configuration enables the creation of a conservative hardware accelerated collision resistant hash function in commercially important environments that cannot be upgraded to run SHA-2 / SHA-3 or cannot afford the additional circuit area. Hardware accelerated hash functions in constrained environments will also enable the deployment of Lamport-Merkle digital signature schemes, such as the candidate post quantum secure Coronado Merkle Signature Scheme (CMSS), in low cost smart cards.

Our software upgrade to DES hardware can perform high speed candidate post quantum secure privacy operations and this will also be useful for billions of devices in our key exchange technologies which I will be introducing shortly.

As for performance PQSDES single pass authenticated encryption requires two invocations of DES (under fixed keys) and a few linear operations for every 64-bits processed. The number of DES invocations for every 64-bits of message processed during hashing operations is 4. The number of rounds for the sealing operation before releasing a message digest is yet to be determined but is expected to be low because of the message digest generation process where each 64-bits of output of the collision resistant digest also results in 2 invocations of DES.

More information on PQSxES can be found here.

RECOMMENDATION
Synaptic would like the agencies to establish and fund a working group to confirm the need, explore the basics of the design, and if agreement is reached, to complete the development of these conservative modes of operation for the NIST DES and AES ciphers.

As stated at the start of this posting, these ciphers were commercially driven to fill a need to ensure “no commodity device is left behind” in the move to a post quantum secure cybersecurity universe. This in itself is a game-changing idea.

HOW THIS PROPOSAL RELATES TO OTHER SYNAPTIC PROPOSALS:

This proposal relates directly to:
* Global-Scale IdM/CKM posting to this forum
Benjamin GittinsPermalink Reply by Benjamin Gittins on June 18, 2010 at 3:54pm
A call for collaboration based on Synaptic Lab’s proposal for protecting against over manufacturing and firmware piracy

RELEVANCE TO NITRD:
This proposal addresses the hard problem of battling over manufacturing and firmware privacy. Our proposal addresses the DHS 2009 current hard problem of protecting against insider attacks. Specifically, this proposal addresses that concern in the context of protecting the intellectual property of software and hardware circuit designs.

This proposal applies techniques and principles found in Synaptic’s Global-scale Identity Management and Cryptographic Key Management (IdM/CKM) proposal to protect against a wide range of different insider attacks that are relevant in that context.

An outline of our proposal has been submitted into the NITRD 2009 NCLY summit event and was published as section 6.6 of the Participants Ideas’ report, titled “Idea - Semiconductor Intellectual Property Protection”

DETAILS:
Synaptic Labs has made a proposal designed to protect:
* against circuit reverse engineering and IC over production;
* protect against the piracy/modification of firmware; and also
* protect against the piracy/modification of some software by binding the intellectual property with an IC or family of ICʼs.

These designs have been invented by Benjamin Gittins working in collaboration with Howard Landman. Howard Landman led the logic synthesis and physical design team for the processor of the worldʼs first 128-bit commercial processor in the Sony Playstation 2 and recently led the design team of Ageiaʼs (recently bought out by NVIDIA) 125 million gate gaming chip.

The Synaptic proposal for a modified semiconductor design flow is intended to increase the protection of intellectual property of a digital circuit from reverse engineering and overproduction starting at its source code implementation right through to deployment in the field. A combination of techniques are employed as appropriate for each of the different life cycle stages. These techniques increase the probability of achieving the production of a trusted hardware platform with specific features.

By leveraging the features in this trusted hardware platform and through a set of associated design flows and cryptographic techniques it is possible to offer a similar level of security for firmware and associated software. Protection of the firmware and software intellectual property from IP theft and reverse engineering starts during the implementation phase and carries through to the production and deployment into the field. The distinguishing feature between firmware and software is that firmware is bound to a given device and software is bound to a given family of processes. Software developed by groups other than the hardware designers can begin to be secured against reverse engineering by the hardware designers in Synaptic’s proposal. 


In this suite we combine highly efficient combinatorial IC locks and remote fast unlocking of ICʼs with innovative business processes to provide a higher level of assurance against IP theft of the circuit design and its firmware from attacks inside and outside of the design company during its development, production, and deployment in the field. For example, our software anti piracy protection technique can be targeted at gaming platforms where software provided on CDROM, DVD, or transmitted over the internet, can be bound to a game processor by a single vendor.

One aspect of our design proposal involves injecting key material at various stages during the manufacturing process. We note that this requirement can be met by existing IC manufacturing flows and that the cost of key injection may be amortised within the normal product development life cycle itself. According to Certicom Corporation, ‘when a semiconductor chip is fabricated, it typically goes through more than 25 different points in the chip development life cycle, including processing, testing and packaging - often involving many different vendors’. Each chip is electronically tested at several different stages. Certicom have proposed to use these testing stages to perform incremental code and key-injection as part of their asset management system. In this way we could integrate our proposal into that manufacturing flow.

Our proposal considers the security risk that a geometry file may be modified to trivially circumvent the loading of the information used to complete a design. We propose to protect against this by employing two relatively low-cost tamper checks within the design flow in a way that respects the intellectual property rights of both chip designer and the foundry that generates the masks and wafers.

RECOMMENDATION
The agencies to establish and fund a working group to perform an independent evaluation of the techniques. If validated, work with a company like Synplicity to modify EDA tools, and develop a complete process for working with fabrication facilities. Work with companies such as Certicom who offer chip programming facilities for supporting per-chip enabling.

Who can help:
NITRD, DOE, Intel, Certicom, Synplicity, Universities of Michigan and Rice (EPIC).

HOW THIS PROPOSAL RELATES TO OTHER SYNAPTIC PROPOSALS:

* This proposal relates to, and uses concepts in our Global IdM/CKM posting to this forum
Benjamin GittinsPermalink Reply by Benjamin Gittins on June 18, 2010 at 4:01pm
A call for collaboration on Synaptic Labs’ VEST multifunction cipher

RELEVANCE TO NITRD:
The VEST multifunction cipher was created to support our proposal to solve the hard problem of secure next generation Internet routers and to mitigate certain classes of insider attacks in secure processing environments. In short VEST was purpose built to protect all forms of chip-to-chip communications. Our cipher is intended for use in a layered-defensive system where the integrated circuits supporting the secure execution of software applications employs hardware-dedicated encryption. (NIST software efficient ciphers for securing communications between software applications, VEST hardware efficient cipher for securing communications between integrated chips).

We still see our 2005 vision as a game changing proposal that would significantly address a large range of low-cost attacks. It would be highly desirable if all integrated circuits employed an interoperable link-level hardware authenticated encryption algorithm to mitigate information leakage as a result of broadcasting sensitive application data across the unprotected data bus between chips (a wide range of very low cost side channel attacks) and from low-cost invasive attacks conducted at the bus level.

Specifically the VEST multifunction Cipher was engineered to address the need for 50-to-100 year secure, high-speed, power-efficient, link level authenticated encryption between chips, be they on the same motherboard or embedded in different nodes on a network, on both FPGA and ASIC environments. We also designed our proposal to support hashing modes of operation so they could be used to perform post quantum secure digital signatures and other cryptographic functions at high speed and lower power.

Our cipher proposal was a game-changer in 2005, because to achieve our domain-specific requirements of maximum efficiency in hardware, we broke the #1 cardinal rule of popular cipher design: “ciphers must be extremely fast in software, and achieve faster speeds when accelerated in hardware”. By exploiting massive parallelism in combination with bit-level addressing, we created a cipher that was entirely unsuited for execution on 32-bit word based processor architecture. We traded the performance losses in software to improve performance in hardware.

VEST was also a game-changer in 2005, because at that time, only light-weight, marginally secure hardware dedicated ciphers were being seriously considered. Synaptic’s VEST cipher was competing on the basis of achieve the requested security ratings with double-length keys (so they could offer the requested security ratings secure against classical AND quantum computer attacks). We designed our cipher this way because we envisaged it's use to support link-level protection of long-lived public telecommunications infrastructure, an environment where you may need to secure data for the "life time of the human/contract + 7 years" by law.

VEST is a useful case study in showing how “game-changing” ideas intended to satisfy the pressing cybersecurity requirements of a large but under-represented application specific domain requirements into the future can face fierce resistance to its realization by those who have unrelated interests competing for the same community resources. To be clear, this is not a criticism of what has happened, but a call to study to find out how better to address this type of natural resistance for future game-change proposals.

VEST fits into Synaptic Labs’ theme of “Ensure communications between every two integrated circuit is secured”.

VEST is another illustration on how Synaptic Laboratories has sought to considered “the big picture” as part of our next generation future internet proposal.


DETAILS:

Due to the massive parallelism and bit-level addressing, VEST has approximately 3 to 6 times power efficiency per bit of ciphertext than equivalent NIST approved modes of operations for encryption / authenticated encryption. The stream cipher mode of operation is also designed to reduce latency which is important in inter-chip applications.

In 2005 VEST was a new design having recently been submitted to ECRYPT. At the time, other designs employed minimal combinatorial effort per bit of output. This meant they could only be used as stream ciphers and generally could not perform message authentication or single pass authenticated encryption.

A single digit typographic error was indeed found in the VEST design by cryptographers from the University of Versailles. This error was easily corrected and the correction is proven to be mathematically correct against that vulnerability. The correction is acknowledged as fixing the error by the authors of the original attack and also the eSTREAM organisers. Professors Jacques Patarin and Louis Goubin from the University of Versailles have since undertaken evaluation work on another Synaptic technology with positive results. There have been no other attacks against the VEST cipher. We are currently only recommending the encryption and authenticated encryption modes of operation on this generation of the cipher for chip-to-chip applications.

The European Patent EP 1820295 was awarded to Synaptic in 2008 over the core technology in the VEST design that enables its unique blend of hardware efficiency and complexity.

In July 2007 Timo Gendrullis, Timo Kasper and Professor Christof Paar, Chair of Communications Security at Bochum University in Germany published a paper called "A Lightweight Hardware Implementation of the stream cipher VEST-4" at WEWoRC 2007. The team found that VEST-4 with authentication and 160 bit key is as efficient or more efficient than ultra-low power implementations of AES-128, Grain or Trivium ciphers without authentication or large keys. They concluded: "Although the lightweight implementation of VEST-4 supports authenticated encryption and a message authentication code (MAC) it can compete with low-power implementations without these features or even outperform them."

RECOMMENDATION

Synaptic would like the Agencies to establish and fund a working group to confirm the need for chip-to-chip encryption (including link level network encryption), including the consideration for 50-to-100 year security durations. If such a game changing need is confirmed, we would like the working group to consider the state of the art with respect to hardware dedicated ciphers, including our current and next generation VEST designs. If an agreement is reached as to need and suitability, we would like that working group to complete the development of the VEST family of multi-function ciphers ready for commercialization.

As stated at the start of this posting, these ciphers were commercially driven to fill a need to “ensure communications between every two integrated circuits is secured” in the move to a post quantum secure cybersecurity universe. We feel this goal in itself is a game-changing idea.
Benjamin GittinsPermalink Reply by Benjamin Gittins on June 19, 2010 at 6:52am
Further discussion on VEST and side-channel attacks

Synaptic Labs seeks to combine a range of classical cryptography (NIST standard symmetric ciphers and hash functions) and information theoretic techniques (secure initialisation of symmetric key systems) to win security for the long term, even against quantum computer attacks, without ever needing quantum cryptography.

Our cybersecurity vision spans Internet design, integrated circuit protection, CKM/IdM and even reaches to our own cipher design for certain hardware specific applications, called VEST. In our earlier posting about VEST we mentioned that (four sizes of) the VEST cipher were published for global scrutiny in 2005 by the European Union funded ECRYPT eStream project.

For those who may be interested in this design and the role it may play in our wider cybersecurity vision, I wanted to add a comment about side channel attacks. Protecting against these types of attack, against ciphers implementations in both software and hardware is now very common.

These "side channel attacks" exploit information gained from the physical implementation of a cryptosystem. Design choices in a cipher algorithm can increase or decrease the resistance to a variety of side channel attacks. There are also a variety of other techniques that attempt to protect a given cipher algorithm from side-channel attacks at the point of implementation, for example by enclosing the device running the cipher in an TEMPEST electromagnetic shielding enclosure. There are also various other popular implementation countermeasures such as the masking of logic.

On the importance of side channel protection, it is not hard to find an example of a side channel attack against an unprotected NIST AES hardware implementation. For example, see the paper (K. Schramm, G. Leander and P. Felke and C. Paar, "A Collision-Attack on AES: Combining Side Channel- and Differential-Attack", CHES 2004, page 163-175.) where they show that the entire 128-bit AES key can be recovered in as little as 40 measurements.

Concerning VEST, when I stated that "There have been no other attacks against the VEST cipher" I should have made it clear that I was speaking in the context of traditional cryptographic attacks, not side channel attacks.

VEST has continued to receive some external analysis and testing. The study mentioned in my earlier VEST posting, performed by (Bochum University in Germany), was not solicited by Synaptic Labs. There was also an interesting side channel analysis performed on VEST that was also not solicited by Synaptic Labs. This was performed in (2008) by the French cryptographers Pascal Delaunay (Thales Land and Joint Systems) and Antoine Joux (Université de Versailles Saint-Quentin-en-Yvelines). VEST ciphers have a counter module and a primary accumulator module. They identified that the counters in the cipher (composed of 16 short-length non-linear feedback shift registers NLFSR that are independent updated) were susceptible to side channel attacks. The fix: the authors of the side channel analysis made the expected recommendation, that implementers take the usual precautions against side-channel attacks, such as using masked logic when implementing VEST.

We have taken on board this analysis. However, we have also been applying what we have learnt since 2005 to create the next generation of our cipher design. We want to retain the designs resilience against cryptographic attack and improve the designs resilience against side channel attacks. The side channel analysis authors did not present any attacks against VEST's bijective accumulator module, a module which has a highly complex interrelationship between bits (instead of a stand-alone 11 bit NLSFR module that has one bit updated nonlinearly every clock, we have up to a 583 bit bijective accumulator module that has every bit updated nonlinearly every clock). In our next generation of the design we replace the vulnerable 16 simple independent NLFSR and replace them with a single monolithic module. This new module is based on the techniques used in VEST’s bijective accummulator. We believe that this will reduce the susceptibility of VEST to side-channel attacks.

All this is probably surplus reading for most of this Forum audience, and I apologise for that, however, I thought it was worth mentioning as an example of the breadth and depth of the research Synaptic Labs has undertaken as we pursue a unified cybersecurity vision that reduces current exposure to attacks across a broad range of vulnerabilities including hardware, software and cipher design.
Benjamin GittinsPermalink Reply by Benjamin Gittins on June 18, 2010 at 4:08pm
A call for collaboration to manage international standards requirements in electronic form.

RELEVANCE TO NITRD:

This proposal was created to address the open hard problem of managing and adopting US Federal and International cybersecurity standards.

DETAILS

Robert Morris, a prior chief scientist for the National Computer Security Center, once said: “Systems built without requirements cannot fail; they merely offer surprises – usually unpleasant!”
- Brian Snow, We Need Assurance!

Today there are many significant and important cybersecurity standards that could significantly improve the security levels in commercial off the shelf software, if we could find ways to increase their adoption. In additional to optional standards there are also several mandatory cybersecurity standards depending on the countries that you operate and the types of business you conduct.

Synaptic Labs, as part of our development efforts, has identified that there exists a need for the US, EC, and other countries to fund the development of an electronic requirements management process and deliverables to support existing standards, existing policy guidelines and existing laws of several nations simultaneously in a unified model that also supports national and regional variations.

Such a process could also include new standards requirements and best practice recommendations as they become available.

The process and deliverables would reduce the costs and duplication of effort across American and European organisations and remove the existing discriminatory barrier that all micro and SME face when attempting to create innovative solutions that satisfy legislative, standards and best practice for the American, European and global markets.

This is a game-changing proposal as it would lower the barrier for all organisations to achieve higher levels of information assurance.

The US National Institute of Standards and Technologies Computer security Division has 17 active Federal Information Processing Standards (FIPS), and over 100 active Special Publications that all Federal Information Processing systems must comply with. These standards and special publications relate to information assurance risk management processes, identity management, cryptographic security standards, configuration of security hardware, business survivability, achieving high availability, auditing, physical access controls and other important subjects relating to information processing.

The NIST FIPS and SP documents are freely available to the public and can be used as a basis for creating IT processing systems by non US Federal organisations. This body of work represents many best-practices that could be adapted for use internationally and if adopted, would result in a more secure global IT infrastructure. Corresponding documents are known to exist for the UK and Europe.

Unfortunately, it is exceedingly difficult for a new software project (such as an e-commerce web-site, b-2-b application, ...) to know that it has met these requirements. This difficulty is compounded because the requirements are not readily defined in an exploitable format.

There is currently no mechanism available for a new project to import all the legislative requirements and best practice recommendations on data privacy into a requirements management tool in a managed and well uniform way. Each project must individually identify, and read the relevant laws, manually extract the requirements (imperfectly), so that they can then begin to show traceability of requirements satisfaction down to the executable, test suite and business processes. These requirements will need to represented in open standards based formats so they can be imported by most of the project management and requirement management tools. For example the process should generate deliverables that can be imported by tools like Borland Calibre and IBM Rational DOORS and their open source equivalents.

Synaptic has compiled our recommendations on this issue into a publication that was written for and submitted into the European THINK-TRUST D3.1 Consultation process.

The full proposal can be downloaded here and is supplied as input into this process.

We have forwarded the above proposal in full to our contacts at NIST and Miles Smid (Orion Security, formerly the manager of the NIST Security Technology Group) had this to say, and we quote with permission:

“I think that this is an interesting idea and indicates how standards requirements will need to be managed in the future.”

This proposal was also submitted and accepted into to the USA National Telecommunications and Information Administration (NTIA) call for public comment on "Information Privacy and Innovation in the Internet Economy" (2010) and can be found at this link.

RECOMMENDATION

Synaptic would like the agencies to establish and fund a US working group to confirm the need, establish a larger international working group co-ordinated (possibly by NITRD in collaboration with INCO-TRUST?) to begin a permanent and ongoing collaboration effort to create an electronic requirements management solution that addresses both US, EU and International cybersecurity requirements.
Deb FrinckePermalink Reply by Deb Frincke on June 18, 2010 at 8:42pm
I'd like to suggest the IEEE Security and Privacy meeting in Oakland/Berkeley as a place for a workshop. We normally take two-ish workshops, and there is space for one or two new ones this coming year if we get a 'bid' or prospectus. It worked very well to have the NITRD presentation after the IEEE meeting, I thought - and if there were a research-oriented workshop using panels and papers to get ideas out around the theme, it would be even better :)
Owen McCuskerPermalink Reply by Owen McCusker on June 21, 2010 at 10:17am
Our nation, as a member of the global community, faces profound challenges that must be addressed by our National, and the global, cyber security community. Core to these challenges are the need to change our overall research activities to address an increasingly complex threat.

Today the threat is distributed, decentralized, and operates over large time intervals, yet our technology is still rooted in models based on the notion of a threat as a single hackers and non-coordinated malicious software; that is we are assuming singular point source strategies pointed at our perimeters.


To deter threats like these we need to compliment current technologies with capabilities that are able to connect disparate data over increasing large time intervals and share this data system to system. You might think of this as a national (and even global) distributed decentralized immune system that considers the behavior of nodes and users on the Internet.


In doing so we must live more with uncertainty and operate at higher-levels of abstraction. We need to develop new models that use broad indicators that can be used to identify malicious agents. We want to burn the hay-stack using broad indicators to make finding the needle easier.

Behavioral Analysis is a key “state of the art” approach that can address some of these needs. Another key need is to create a truly distributed detection strategy that flips the current model from focusing less on studying the “impact crater” site, and focus more on identifying the source of the “missile”.

I feel we must build on top of the great work done already with vulnerability analysis and taxonomies (CVE), and create a shared semantic understanding of threat behaviors using Ontology, in the same way that Ontology has been applied to bioInformatic community.

We must develop privacy enhancing ways of sharing these threat behaviors without tripping legal triggers or unduly invading privacy. We must develop high-level abstract languages for efficiently communicating and reasoning about the patterns of malicious network behavior (are you running a DoS attack, controlling a botnet, exfiltrating data), as opposed to talking about what specific IP address or particular website or webpage you visited (did you visit CNN today?).

Lastly, we need some common metrics to manage risk, and the threat within our community. Computational trust can be a key aspect to this need and can be used to derive risk to mission and business process within an enterprise. For example, how much confidence can i have that a particular computer on the network has not been compromised by malware? Has that computer exhibited behaviors typical of a computer compromised with malware?

Combining identity and and an identities behavior can provide a basis for a metric that provides both an objective point of view of trust, and a subjective view of an objects behavior. For example:

* we need to move away from "singular cryptographic assertion" saying an object is trustworthy. and 
* moving towards combining static assertions about an objects identity and access rights made from multiple independent organizations, combined with a subjective view of that objects behavior within the system or on the network.  

There can be many more ideas here for metrics.
jome johnPermalink Reply by jome john on September 21, 2010 at 11:22am
I'd like to know quiet a bit more about this if you have more in-depth documentation. Like what exactly do you mean by keeping the pc completely offline. Similiar to chrome os or the contents of the pc? How are internet-facing applications run, how are documents stored and retrieved, and etc.

Also, what is the situation of the tests and did other security groups turn down the testing, which is why it seems so limited in specialties?
Frank GerlachPermalink Reply by Frank Gerlach on November 2, 2011 at 4:07pm

As far as I understand their concept, it is similar to Google Chrome, except that the rendering and JavaScript engine runs inside a dedicated hardware box. Whether that really properly isolates multiple HTTP sessions/HTML windows from each other is unclear, but it certainly isolates the HTML renderer, the JavaScript engine and all the other plumbing (HTTP, SSL/TLS code etc) from the host machine. Which is in general a good concept, because the Google Chrome Engine cannot be completely isolated in Windows (it can still access FAT file systems (e.g. USB memory sticks), for example).

I am not sure this solution provides any benefits compared to a good AppArmor profile on Linux, though.

RSS

© 2012   Created by NITRD Cyber Security.

Badges  |  Report an Issue  |  Terms of Service