CASCON Cybersecurity Workshop Toronto – 17 October 2005

CASCON Cybersecurity Workshop Toronto - 17 October 2005 Information Security 2015 Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University, Ottawa 1

A View of Internet Security Technologies A. System Integrity DNS, secure routing firewalls & filtering hardened systems access control (O/S) audit trails & logs patching & updating software protection AV, IDS, scanning tools anti-DDoS tools safe roads to drive on B. Data/Transaction Security SSL (session protection) crypto, persistent encryption,. strong authentication secure remote access, VPNs PKI / identity management PMI / authorization secure payment and banking privacy safe vehicles to carry goods A harder; and necessary for B 2

Paradigm Shifts in Computing [ SECURITY CHALLENGES] 1. mainframe 2. workstations/PC’s LANs 3. client-server gateways to external networks 4. [full] Internet connectivity (global, wireline) 5. wireless mobile computing “anywhere” remote access 6. pervasive computing (interconnected embedded devices) Add: constantly evolving software/threats from: traditional software feature upgrades ubiquitous active content downloads auto-updates P2P activity worms, viruses, spyware No one is really sure what software is running on their machine 3

ID-theft, Phishing & Key Logging ID theft is now viewed as one of the largest Internet-enabled crimes phishing kits available on Internet to create bogus websites, and use spamming software software key loggers are now common 2015: “techno-social engineering” issues still evade technical solutions for-fee “identity protection services” are profitable, commonly used 4

Trustworthiness of User Interface today’s Internet UI is not trustworthy – secure GUI is extremely hard problem users are a weak link – increasingly complex systems, inexperienced users – no time, interest, ability to learn 2015: recognition: commodity PC’s can’t provide usable and secure UI Internet access is 2-tier: commodity, trustworthy devices – higher-value services available only to 2nd-tier devices 5

Changing Rules: Cryptographic Assumptions Fundamental cryptographic assumption no longer valid in general: “end-points are secure” ( secret key is safe) 2015: cleartext transmission is rare (entirely unacceptable) – persistent protection is major focus, remains problematic DRM remains challenging; “electronic originals” technology in use 6

Computer Worms Slammer (Jan. 2003): single-packet UDP worm – 90% of vulnerable hosts infected in 10 min – scanning rate: 55M scans/sec after 3 minutes hit-lists and flash worms (10’s of seconds) – attack speed vs. limits of human intervention 2015: past lessons remain unlearned (cf. Morris worm 1988) new forms of malware continue to arise, evolve – diversity, obfuscation embraced by attackers fully-automated responses remain too risky in practice 7

Botnets compromised PCs managed over real-time channel, 10,000 devices – e.g.: 1000 PC’s, average upstream 128KBit/s 100Mbit/s – distribution of IP addresses makes filtering difficult used for: DDoS, spam, phishing, bootstrapping spread of malware 2015: historical view: a very significant evolutionary step economically-motivated malware: organized crime, espionage Internet taxed to subsidize real-world pursuit of cyber-criminals 8

Software: A Very Weak Link price of software pace of change bugs and vulnerabilities monoculture effect (O/S, applications, protocols, standards) 2015: 100’s of millions of lines of C code remain in commercial use – many exploits (e.g. memory management) remain 2015: value of diversity is broadly recognized – interoperability recognized to have significant -ve component 9

IP Convergence trend to IP convergence (e.g., VoIP) is unstoppable: – related worrisome trend: totally “open” systems 2015: – mission-critical businesses must still support non-IP phones – many customers save , but telecoms don’t – robustness of voice network decreases dramatically (openness) 10

2015: The Internet in 2015: World #1 “Mad Max Internet” [functionality continues , security issues unaddressed] malware becomes part of the eco-system – competition for desktop resources; a battle to maintain its integrity – computers are untrusted (some programs may be trusted) Internet and Internet clients viewed as “disposable” regular Internet outages due to attacks on critical infrastructures – hijacked IP addresses (BGP), poisoned DNS tables, . . . many users abandon email e-commerce dies; Internet mainly used for publishing info cheaply 11

2015: The Internet in 2015: World #2 “Banker’s Internet” [functionality is constrained; security ] stronger authentication, accountability, traceability widespread support for “private numbers” (email, web sites) tradeoffs made (e.g., anonymity) for security extreme case: fixed-functionality, specialized clients (no software) still no global PKI – because communities of trust are what is important 12

Concluding Remarks need more tools to detect ongoing mal-access (vs. intrusions in progress) must do more to remove root causes (vs. react) astounding lack of human factors research in security terrible defensive track record vs. emergent Internet threats – 0-day worms, DDoS, large-scale spam, ID theft, botnets, . . . 13

Thank you Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University, Ottawa, Canada 14

2005 Security Scorecard crypto: viruses: firewalls: spam: PKI: IDS: worms: DDoS/NDoS: passwords: A/CB C CD D D D D/A (personal view) (technology / deployment) (updates; zero-day; social engineering) (configuration; http tunneling) (spoofed From; 0wned machines) (interoperability; deployment; usability) (false /-ve; log monitoring ( ); detect-only) (progress since 1988? “gaming” DoS) (hard to win an asymmetric war) (technology / deployment; here to stay) 15

The ID-Theft Game: Players & Motives private citizen credential issuer relying party authorized data holders (employer, banks, government) credit bureaus data brokers attackers Motives of each player are some combination of: 1. to protect and selectively provide data 2. to share/sell data (or a function thereof) 3. to properly verify credentials 4. to steal/exploit data Compare: “simple” 2- and 3-party crypto protocol theory 16

Other Business & Legal Issues 2015: Possibilities: 1. enterprises liable for malicious outbound connections – IDS goals change 2. vendors liable for bad software – executives accountable for s/w shipped with known bugs (cf. autos) – valuations hurt; many small players fail 3. insurance rates depend on O/S and applications used 4. stronger domestic, international laws: limited success – jurisdictional issues (non-resident attackers) – “DMCA problem” 17

Formal Analysis and Provable Security “proofs” of security vs. real-world guarantees – assumptions and models rarely match real world (. . . even before considering software vulnerabilities) analysis tools promote “useful thinking” 2015: large gaps remain between theoretical research & practical security practical confidence still from: experience; soak-time; trial & error 18