Panel Presentation: (Future) Practices for Protecting Your Digital Assets

1. Panel Presentation: (Future) Practices for Protecting Your Digital Assets Prof. Gene Tsudik Associate Dean of Research & Graduate Studies Donald Bren School of Information & Computer Sciences University of California, Irvine gts@ics.uci.eduhttp://sconce.ics.uci.edu

2. (my) Research • Group security • Membership control, key management • Database Security • Database-as-a-Service model • Authenticity/Integrity in outsourced databases • Privacy in outsourced databases • Ad hoc, mobile network security • Key management • Multicast Security

3. Current: DSL/Cable/Satellite to home / business Ethernet or 802.11 within home / business Emerging: hi-bw wireless (e.g., beamed from light-pole-mounted Access Points) might replace cable & DSL/phone wires Embryonic: powernet/sewernet/waternet Communication Technologies

4. Threats 1 • Really unsophisticated users • Access Point impersonation, traffic tinkering • Malicious Code propagation • Viruses, Worms, Email Bombs, Snoopers • SPAM • Phishing  ID theft • DoS attacks • trivial in wireless settings • not difficult with wired either

5. Threats 2 ? • Eavesdropping • clearly much easier with wireless • from both inside and outside the site • Allows anyone (e.g., voyeurs, criminals, big brother) to snoop on communication • Also, possible to inject “incriminating” traffic that seems like it came from the inside the site • Traffic Analysis – for marketing, SPAM, plain snooping, criminal (e.g., burglary) purposes • type, distribution, size, frequency, timing • host/device characteristics, # of hosts, location, types of devices, etc.

6. What technology is needed? 1 • Secure tunneling within residential/corporate networks • intelligently “pad” traffic, both in space and time • lots of prior work on traffic analysis counter-measures • Secure tunneling between home and ISP • DoS-resistant wireless networking • Survivable, affordable access devices (combining multiple technologies: cable, DSL, satellite, local wireless, etc.) • New SPAM-fighting technologies! • New payment instruments

7. What technology is needed? 2 Providers need techniques to detect/inhibit subscribers who are wittingly or unwittingly "split” bandwidth, e.g., provider-supplied devices may need to police/inhibit out-of-perimeter incoming (wireless) traffic. Would be nice if: • residence perimeter could be demarcated • sensors placed at strategic points along the perimeter • wireless traffic coming in from the outside could be tagged as such and purged or routed to single point: firewall? honeypot?

8. Phishing & related fraud:How to make things better? • Eliminate SSNs as “confidential” identifier • Stop using DLs as IDs • Introduce National ID cards • Make them SMART • Allow tiered information release • Foster smart credit (and debit) cards • Trivial, technology already exists! • Credit card # changes after each use • Or, after a pre-set time interval • Or, after certain $ amount is exceeded • Hijacked credit card # becomes useless or of limited use • Promote anonymous buying/shipping

9. SPAM • Modern-day plague • Email is essentially a free commodity • True sources are hard to trace • Current email model has to change! • Two “schools-of-thought”: • Change email processing at end-points • Make sender solve a puzzle? • Make sender pay for email • Change SMTP wholesale • Verify path taken by email

10. DoS/DDoS attacks • Another plague • IP traffic hard to authenticate/trace • IP addresses trivial to spoof • IPSec far from being universally adopted • Two “schools-of-thought”: • Traceback (tough w/out router vendor support) • Application-level remedies, e.g., puzzles • Doesn’t work against IP or TCP-level attack traffic