1 / 112

Year 1: Research – Education – Outreach Overview

Year 1: Research – Education – Outreach Overview. John Mitchell and Janos Sztipanovits. Research Goals. Address pressing issues of the day Why are computer systems vulnerable to attack? Will Internet fraud, worms, viruses … be with us forever?

loring
Download Presentation

Year 1: Research – Education – Outreach Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Year 1: Research – Education – OutreachOverview John Mitchell and Janos Sztipanovits

  2. Research Goals • Address pressing issues of the day • Why are computer systems vulnerable to attack? • Will Internet fraud, worms, viruses … be with us forever? • Can malicious groups take down critical infrastructures? • How can we make systems more secure? • In ways that are acceptable and desirable to their users? • What new problems of societal significance can be solved? • Medical applications? Manage energy and natural resources? • Deep and lasting scientific progress • Advance the science of computer security • Understand its intersection with system design • Recognize and utilize interdependence w/ other disciplines • Leverage the scale of the TRUST center effectively • Collaboration, education, develop career paths Year 1 Research Overview

  3. Research Organization • Five research projects + • Web authentication and online identity theft • Electronic medical records • Sensor nets and embedded systems • Trustworthy systems • Network security and defenses + Education (managed through same process) • Each research project combines • Faculty and students from several (3-5) sites • Security, Systems and Software, Social Sciences • Education and outreach activities • Some activities contribute to several projects Year 1 Research Overview

  4. TRUST Research Vision Econ., Public Pol. Soc. Chall. Software Complex Inter - Security Dependency mod. Trusted Secure Network Platforms Embedded Sys Applied Crypto - Forensic Model - based and Privacy Security Integration. graphic Protocols HCI and Secure Compo - Network Security nent platforms Security Societal Challenges Details have changed but spirit of this vision remains Privacy TRUST will address social, economic and legal challenges Computer and Critical Infrastructure Network Security Integrative Efforts Identity Theft Specific systems that Project represent these social Secure Networked Electronic Medical challenges. Embedded Systems Records Component Technologies Secure Info Mgt. Software Tools Component technologies that will provide solutions Year 1 Research Overview

  5. Problem 1: Online Identity Theft • Password phishing • Forged email and fake web sites steal passwords • Passwords used to withdraw money, degrade trust • Password theft • Criminals break into servers and steal password files • Spyware • Keyloggers steal passwords, product activation codes, etc. • Botnets • Networks of compromised end-user machines spread SPAM, launch attacks, collect and share stolen information • Magnitude • $$$ Hundreds of millions in direct loss per year • Significant Indirect loss in brand erosion • Loss of confidence in online transactions • Inconvenience of restoring credit rating, identity • Challenge for critical infrastructure protection Year 1 Research Overview

  6. TRUST team • Stanford • D Boneh, J Mitchell, D Dill, M Rosenblum, Jennifer Granick (Law School) • A Bortz, N Chou, C Jackson, N Miyake, R Ledesma, B Ross, E Stinson, Y Teraguchi, … • Berkeley • D Tygar, R Dhamija, ,,, • Deidre Mulligan (UC Berkeley Law), Erin Jones, Steve Maurer, … • CMU • A Perrig, D Song • B Parno, C Kuo • Partners and collaborators • US Secret Service, DHS/SRI Id Theft Tech Council, RSA Securities, … • R Rodriguez, D Maughan, … • And growing … Year 1 Research Overview

  7. TRUST ID Theft Team (+ more) Year 1 Research Overview

  8. Phishing Attack password? Sends email: “There is a problem with your eBuy account” Password sent to bad guy User clicks on email link to www.ebuj.com. User thinks it is ebuy.com, enters eBuy username and password. Year 1 Research Overview

  9. SpoofGuard browser extension • SpoofGuard is added to IE tool bar • User configuration • Pop-up notification as method of last resort Year 1 Research Overview

  10. Berkeley: Dynamic Security Skins • Automatically customize secure windows • Visual hashes • Random Art - visual hash algorithm • Generate unique abstract image for each authentication • Use the image to “skin” windows or web content • Browser generated or server generated Year 1 Research Overview

  11. CMU Phoolproof prevention password? • Eliminates reliance on perfect user behavior • Protects against keyloggers, spyware. • Uses a trusted mobile device to perform mutual authentication with the server Year 1 Research Overview

  12. Tech Transfer • SpoofGuard • Some SpoofGuard heuristics now used in eBay toolbar and Earthlink ScamBlocker. • Very effective against basic phishing attacks. • PwdHash • Collaboration with RSA Security to implement PwdHash on one-time RSA SecurID passwords. • RSA SecurID passwords vulnerable to online phishing • PwdHash helps strengthen SecurID passwords • New browser extensions for privacy • SafeCache and SafeHistory • Client-side architecture for spyware resistance • SpyBlock: virtualization, browser extension, trusted agent Year 1 Research Overview

  13. Botnets: detect and disable • Botnet - Collection of compromised hosts • Spread like worms and viruses • Platform for many attacks • Spam forwarding, Keystroke logging , denial of service attacks • Unique characteristic: “rallying” • Bots spread like worms and trojans • Centralized control of botnet is characteristic feature • Current efforts • Spyware project with Stanford Law School • CMU botnet detection • Based on methods that bots use to hide themselves • Stanford host-based bot detection • Taint analysis, comparing network buffer and syscall args • Botnet and spyware survival • Spyblock: virtualization and containment of pwd Year 1 Research Overview

  14. Research Spotlight Lisa Schwartz Stanford Cyberlaw Clinic Henry Huang Spyware Litigation Project Law, CS faculty, Law students, Many CS grad, undergrad students Jennifer Granick Year 1 Research Overview

  15. Cyberlaw Clinic: PacerD • Backdoor Trojan spyware • distributed via misleading pop-up • installed even if user clicked the pop-up’s “close” button • Users’ computers transformed into “marketing machines” • Up to 7 pop-ups/minute, … • Who is behind PacerD? • Seychelles P.O. box, Seattle voice mail number, Russian ISPs Spyware bundle will install unless user takes complex or difficult action “Pyramid of Deception” • Oct. ’05 • CS team sets up testing environment • Nov. ’05 • CS team creates videos depicting PacerD installation, …, removal • Rootkits detected inside PacerD • Dec. ’05 – Feb. ‘06 • Cyberlaw Clinic drafts lawsuit • March – April ‘06 • Over 300 PacerD victims contacted • Litigation plan being developed CPM Media KVM Media PacerD Exfol Year 1 Research Overview

  16. Cyberlaw Clinic: Enternet • Enternet Media (EM) • Internet ad firm in CA • EliteBar a.k.a. Elite Toolbar • distributed through websites • no notice of installation • prevents uninstallation • collects personal information • EULA: unconscionable terms Gov’t Suits Against Enternet • Enternet hides EULA and uninstaller: • FTC filed against Enternet 11/4/05 • injunction froze assets • stopping distribution of EliteBar • City of L.A. also sued Enternet • alleging unfair competition, deception • Criminal charges: In LA, March 2006 • Incl false advertising, consumer fraud • Uninstaller purposely fails to remove EliteBar Year 1 Research Overview

  17. ID Theft: Future challenges • Criminals become increasingly sophisticated • “In 25 years of law enforcement, this is the closest thing I’ve seen to the perfect crime” – Don Wilborn • Increasing interest at server side • Losses are significant • Need improved platform security • Protect assets from crimeware • Need improved web authentication • Basic science can be applied to solve problem: challenge-response, two-factor auth, … • Social awareness, legal issues, and human factors • Studies with Law Clinics; user studies, how are users fooled? • Technology transfer • More free software, RSA Security, … Multi-campus project developing technology, evaluation, social impact Project meetings this spring. Public workshop at Stanford in June. Year 1 Research Overview

  18. Problem 2: Healthcare Information 2050 Percentage of Population over 60 years old Global Average = 21% Table compiled by the U.S. Administration on Aging based on data from the U.S. Census Bureau. United Nations ▪ “Population Aging ▪ 2002” • Rise in mature population • Population of age 65 and older with • Medicare was 35 million for 2003 and • 35.4 million for 2004 • New types of technology • Electronic Patient Records • Telemedicine • Remote Patient Monitoring • Empower patients: • Access to own medical records • Control the information • Monitor access to medical data • Regulatory compliance Year 1 Research Overview

  19. Privacy and regulatory issues • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • HIPAA Privacy Rule (2003): gives US citizens • Right to access their medical records • Right to request amendments, accounting of disclosures, etc. • HIPAA Security Rule (2005): requires healthcare organizations to • Protect for person-identifiable health data that is in electronic format • Complexity of privacy • Variable levels of sensitivity; “sensitive” in the eye of multiple beholders • No bright line between person-identifiable and “anonymous” data • Complexity of access rights and policies • Simple role-based access control is insufficient • Governing principles: “need-to-know” and “minimum disclosure” Year 1 Research Overview

  20. Healthcare Information Access Roles Community Support Internal QA External accreditation orgs Primary care Friends Legally Authorized Reps Specialists Ancillaries Clinical Trials Sponsors Immediate Family Extended Family Patient Provider Admin. Staff Claims Processors Public Health Payer Society Fraud Detection Subcontractors State Licensure Boards Clearinghouses National Security Medical Information Bureau Law Enforcement Insurers Bioterrorism Detection Business Consultants From: Dan Masys: “The nature of biomedical data” Year 1 Research Overview

  21. TRUST and MyHealth Teams (Faculty) • Vanderbilt • J Sztipanovits, G Karsai, A Ledeczi • Stanford • J Mitchell, H Garcia-Molina, R Motwani • Berkeley • R Bajcsy, S Sastry, M Eklund • Deidre Mulligan (UC Berkeley Law) • CMU • M Reiter, D Song • Cornell • J Gehrke, S Wicker, F Schneider • VU Medical Center Collaborators • D Masys, M Frisse, D Giuse, J Jirjis, M Johnson, N Lorenzi, D Mays, Year 1 Research Overview

  22. Year 1 Research Overview

  23. Patient Portal Project • Vanderbilt MyHealth Patient Portal • Enrolled 8000 patients and grows at the rate of over 1000 new enrollees per month • Secure messaging, access to medical records, appointments • Include real-time monitoring of congestive heart failure patients • Heterogeneous sensor network for monitoring • Data integrated into MyHealth@Vanderbilt • Berkeley ITALH Testbed: seniors in Sonoma • Stationary sensors: Motion detectors, Camera systems • Wearable sensor: Fall sensors, Heart rate or pulse monitors Year 1 Research Overview

  24. Technical Challenges (1/2) • Access ControlUnique problems: • Policy languages • Policy validation • Distributed policy enforcement • Data PrivacyUnique problems: • Learning from data while keeping individual data private • Publishing data without possibility to link back to individuals • Information flow through data access: “leaking secret data” • Incorporating background knowledge • Interaction between privacy and policy languages Year 1 Research Overview

  25. Technical Challenges (2/2) • Distributed trust managementUnique problems: • Maintaining trust across multiple players with conflicting interests and policies • Information architecture modeling and analysisUnique problems: • Technical and organizational heterogeneity • Major role of legacy systems • Scale and complexity • Benchmarking • Creation of synthetic patient data • Real-life patient data • Societal Impact of Patient Portals • What privacy policy would make patients comfortable with contributing data to research study? Year 1 Research Overview

  26. Approaches • What solutions are possible? Some examples: • Policy languages (Stanford) • Data privacy (Cornell, Stanford) • Information architecture modeling and analysis (VU, Berkeley) • Distributed trust management (Cornell, Stanford) • Societal impact (Berkeley) • Use MyHealth (VU) as demo system • Put TRUST research thrusts in MyHealth contexts Year 1 Research Overview

  27. Initial Steps • Discussions with VU Medical Center in September, 2005 • Prof. Bill Stead, Director, Informatics Center • Prof. Dan Masys, Chair, Department of Biomedical Informatics • Design Workshop for Integrative Project on Patient Portals • December 16, 2005 at Vanderbilt Center for Better Health (http://dbmi.mc.vanderbilt.edu/trust/#Output) • Identified two project candidates and a joint White Paper topic. • Detailed project planning between TRUST and VU MyHealth • We have a joint memo of collaboration management structure and research agenda for the next year • Workshop on Trust and Privacy in Electronic Medical Records • April 28th at Berkeley Year 1 Research Overview

  28. Meeting at Vanderbilt Year 1 Research Overview

  29. Milestones (Year 1) • Policy languages • HIPAA policy representation and validation • Data Privacy • Assemble sample medical database for evaluating privacy mechanisms, other mechanisms • Information architecture modeling and analysis • Modeling aspects and language specifications • MyHealth architecture modeling and analysis methods • Distributed trust management • Societal impact • Organizational impacts, changes in the decision processes • Unintended consequences study Year 1 Research Overview

  30. Research Spotlight Mike Eklund Berkeley ITALH Testbed Ruzena Bajcsy Electronic Medical Record Project Tanya Roosta Marci Meingast Edgar Lobotan EECS Faculty, Grad, Undergrad,and SUPERB students Shankar Sastry Adeeti Ullal Rustom Dessai Willy Cheung Albert Chang Year 1 Research Overview

  31. Berkeley ITALH Testbed ITALH System • Biomedical sensor systems • Can monitor for acute and chronic conditions and emergency events • Can be kept locally or transmitted to healthcare professional and EMRs • Storage in medical record • Potential very useful • Currently ad-hoc and manually performed Access Control Privacy Data Aggregation Security • Oct ’05 – Mar ’06 • Development and testing of fall sensor system joint with Tampere, Finland and Aarhus, Denmark • Mar – Apr ‘06 • Commitment from Telecon Italia • Evaluation of EMR system for integration in Sonoma • Apr – May ‘06 • Preparation of lab for experimentation and EMR integration • Jun – Jul ‘06 • SUPERB program focus ITALH/EMR Development Use Berkeley Motes, Fall sensors with accelerometers Year 1 Research Overview

  32. Berkeley ITALH Testbed • Initial Focus: Fall Detection • Falls are the leading cause of fatal and nonfatal injuries to older people in the U.S. • Each year, more than 11 million people over 65 fall – one of every three senior citizens • Treatment of the injuries and complications associated with these falls costs the U.S. over 20 billion annually Daily Activity Identification: Sitting, standing,walking • Secondary Foci: • The devices reveal significant information about the user • This provides significant additional opportunities for health monitoring • It also creates a potential threat to the users privacy • Requirements of such a system: • Privacy of data and user activity, location, etc • Accuracy and robustness • Interoperability as it will form only one component of a broader system Year 1 Research Overview

  33. Berkeley ITALH Testbed • Being able to measure and analyze a patients activity, enables: • Accurate feedback for at home treatment, • e.g. osteoporosis, where a clear negative correlation has been shown between activity level and bone density loss • Rapid and automated response to critical and emergency situations • Protocols and policies must be established for the inclusion of automated data collection • A test system is being developed to integrate the ITALH testbed with an open source EMR system • This will be integrated with the Vanderbilty myHealth system following initial development • This benefit can only be had on a societal scale if such devices can be integrated in the EMR systems, so that: • Data acquisition is at least semi-autonomous • The data can be guaranteed to be accurate • The system is secure ITALH/EMR Development Target implementation Development and testing Year 1 Research Overview

  34. Summary • Excellent integrative project candidate • Strong interest inside TRUST and in the medical community • We have teamed up with VUMC, which has the strongest research program and operational testbed • Rapid start-up Year 1 Research Overview

  35. Problem 3: Embedded Secure Sensor Networks • TRUST is engaged in the development of embedded secure sensor networks • Integrated center R&D at all levels • Sensor Technology • Networks • Applications • Policy/Legal Issues • Activity at all TRUST sites + collaborators • Oak Ridge National Laboratory, … Year 1 Research Overview

  36. Societal Relevance • Health Care • Urban Infrastructure • Utilities • Energy production and transport (e.g. SCADA) • Energy utilization monitoring in homes • Search and Rescue • Disaster response • Heavy Industry Process Control • Oil refineries, chemical, etc. • Chevron is an interested player • Border Control and Monitoring Year 1 Research Overview

  37. Year 1 Research Overview

  38. Sensor Technology - The Mote Year 1 Research Overview

  39. Sensor Technology Example:Sensors for Bio-Defense • Bi-layer lipid membrane used to create designer bio-sensors • When target analyte binds to protein, ion channel conductivity increases. • Currently considering use in water supply protection. • Sensor performance statistics used to define networking requirements. • Outside Player: NY Dept of Health/ WadsworthLaboratories Year 1 Research Overview

  40. Sensor Platform Technologies • CU Asynchronous Processor • Event-driven execution is ideal for sensor platforms • Clockless logic • Spurious signal transitions (wasted power) eliminated • Hardware only active if it is used for the computation • MIPS: high-performance • 24pJ/ins and 28 MIPS @ 0.6V Year 1 Research Overview

  41. Designer OS for Sensor Networks • Tiny OS • Large, active open source community: • 500 research groups worldwide • OEP for DARPA Network Embedded Systems Technology • Thousands of active implementations - the world’s largest (distributed)sensor testbed • MagnetOS: Provide a unifying single-system image abstraction • The entire network looks like a single Javavirtual machine • MagnetOS performs automatic partitioning • Converts applications into distributed components that communicate over a network • MagnetOS provides transparent component migration • Moves application components within the network to improve performance metrics MagnetOS Rewriter Year 1 Research Overview

  42. Sextant: Node Localization • Use of large numbers of randomly distributed nodes creates need to discover geographic location • GPS is bulky, expensive, power-hungry • Set up a set of geographic constraints and solve it in a distributed fashion • Aggressively extract constraints • Use just a few landmarks (e.g. GPS nodes) to anchor the constraints • Can determine node location with good accuracy, without GPS or other dedicated hardware Year 1 Research Overview

  43. SHARP: Hybrid Routing Protocol • Two extremes in routing • Proactive: disseminate routes regardless of need • Reactive: discover routes when necessary • Neither are optimal for dynamic sensor networks • SHARP adaptively finds the balance point between reactive and proactive routing • Enables multiple nodes in the network to optimize the routing layer for different metrics • Outperforms purely reactive and proactive approaches across a range of network conditions Year 1 Research Overview

  44. Securing the Sensor Network Security issues • Develop Taxonomy of Attacks • Attacks with and without defined defenses • Generic basis on which to evaluate new networks • Characterizing Worst-Case Results • Statistical learning proposed as a means for determining what can be inferred from data • Evaluate privacy concerns • Ties into privacy road map • Security thrusts • Secure building blocks • Secure key distribution • Secure node-to-node and broadcast communication • Secure routing • Secure information aggregation • Real-time aspects and security • Secure middleware • Secure information processing • Sensing biometrics • Sensor database processing • Internet-scale sensor networks Year 1 Research Overview

  45. Application Projects (Examples) • Patient Monitoring • Remote monitoring of cardiac patients • See Vanderbilt/Cornell/Berkeley poster • Museum Project • Expressive AI projects using sensors to monitor patrons at public demonstrations • Home Sensor Network Development • Energy monitoring beyond metering • Opportunities for local information fusion • LA Water Supply Protection • BioSensors + Networking + Civil Infrastructure Year 1 Research Overview

  46. Research Spotlight Yuan XueISIS-VU TRUST-ORNL TuFNet Federated Sensor Networks Project Akos Ledeczi ISIS-VU TRUST researchers, graduate students, ORNL researchers ORNL Year 1 Research Overview

  47. Dirty Bomb Detection Demo in VU Stadium April 20, 06 Outside the window Jumbotron: automatic camera feed Jumbotron/Screen: Tracking info inside Google Earth • Security is guard walking around the stadium with a cell-phone connected radiation detector and an XSM mote. • His position is continuously tracked using a radio interferometric technique running on the motes. • A camera automatically tracks his position using the geolocation info from the mote network. • When the radiation level crosses a threshold the detector sends an alarm and the camera zooms in on the position. Year 1 Research Overview

  48. System Vulnerabilities Mote network Nextel/ Internet Internet Sensor network vulnerabilities • Bogus tracking results • Tracking command • Spoofing • Battery consumption • attack Tracking service and user interface Rad detector, mobile phone mote Rad level servlet and camera glue code Application/Service • Packet dropping • Mis-forwarding • ID spoofing • Forging routing • Information • Disclosing/modifying • /replaying tracking results VGA to NTSC adapter Camera control node (Linux) Jumbotron controller Network • MAC DoS • Eavesdropping Traditional network/system vulnerabilities Mac/Link • Denial of Service Attack • Information disclosing/modification/replaying • Address Spoofing • etc.. • Jamming Physical Year 1 Research Overview

  49. Security Support Overview Jamming Attack Ranging and Tracking using Multiple Frequencies Bogus Tracking Result Majority-based Voting to Filtering outrange result Peer Authentication among Sensors False Tracking Command Injection of Tracking Result from Spoofed Sensors Peer Authentication among Sensors Security Support Implemented • Group-based Peer Authentication • Objective • Provide efficient, effective, and flexible peer sensor authentication • Solution • Symmetric-key based (SkipJack in TinySec) • Each sensor node has a different set of keys through a pre-key distribution scheme • Multiple MACs are generated for each message from a sensor node • MACs are verified at the receiver sensor using its common keys with the sender • Results • computation: 5.3 ms; • verification: 2.5 ms (2 common keys), 1.3~1.4ms (1 shared key), < 0.1 (no keys in common) Year 1 Research Overview

  50. Privacy Issues • Policy instruments often lag technology development • Proposed development of Privacy Road Map that will frontload policy development • Map sensor capabilities and network mission into deployment and data use rules • Key near-term: RFIDs, broad-based visual surveillance • Raises issue of impact of network configuration and heterogeneity on road map • Approach: Extend fair information practices to cover sensor nets at regulatory or legislative level • Consent enablement is an important issue Year 1 Research Overview

More Related