1 / 13

Next-Generation Secure Internet: Security Overview and Context

Next-Generation Secure Internet: Security Overview and Context. Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song. Everybody Understands Need for NGSI. Webby award Annual award for achievement in Web creation

Download Presentation

Next-Generation Secure Internet: Security Overview and Context

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Next-Generation Secure Internet:Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song

  2. Everybody Understands Need for NGSI • Webby award • Annual award for achievement in Web creation • Recipients get five words only for their acceptance speech • Vint Cerf: “We all invented the Internet” • Al Gore received Webby award this year • Responsible for spearheading critical legislation and providing much-needed political support • Speech: “Please don’t recount this vote” • “It is time to reinvent the Internet for all of us to make it more robust and much more accessible and use it to reinvigorate our democracy”

  3. Background • Internet designed for trustworthy environments • Goal was to provide efficiency, scalability, robustness assuming a benign environment • Fact: Internet protocols vulnerable to attacks, e.g., BGP, DNS, TCP/IP, … • Hosts are even worse • Today: businesses, government, society rely on Internet • As of January 2005: 317,646,084 hosts (isc.org) • Not all of them are benign!

  4. Attacker/Trust Model • Any network node may be compromised • Endhosts • Including network management and operations machines • Routers and other network elements • Different impact when a network infrastructure element is compromised • Compromised nodes may collude

  5. NGSI Security Requirements • A desired outcome of this workshop is to establish list of desired NGSI security properties • Main security requirement is availability • Need availability of forwarding service, configuration and management services, etc., even in face of DDoS attacks • Fast recovery/convergence after perturbations • Other security properties can usually be implemented end-to-end • Confidentiality (data, topology, identity, …) • Integrity (data, routing info, forwarding path, …)

  6. Networking Functional Planes • Control plane • Function: route set up and signaling • Requirement: accuracy, consistency, convergence • Data plane • Function: packet forwarding • Requirement: availability, resilience to control plane vulnerabilities • Management plane • Function: configuration and monitoring • Requirement: availability

  7. Security Approaches • Prevention • Harden protocol itself • Eliminate attacks at design time • Detection and recovery • Monitor behavior of participants • Upon detection of misbehavior: eliminate malicious nodes, restore functionality • Resilience • Graceful performance degradation in the presence of compromised nodes and hosts • Deterrence • Provide legal disincentives

  8. Sample Control Plane Design Points • [prevention]Cryptographic primitives to prevent routing information falsification • [prevention] Leveraging trusted computing technology • Example: help implement secure routing • [detection] Lightweight intrusion detection • [resilience] Various redundancy mechanisms for survivability • [deterrence]Trace intrusions

  9. Sample Data Plane Design Points • [prevention] Infrastructure-enforced flow regulation • [prevention] Network firewalls / network filter infrastructure • [detection] Data plane intrusion detection • [resilience] Secure source-controlled routing • [deterrence] Persistent network identity to assist forensic inquiries • [deterrence]Trace and/or identify data origin

  10. Sample Management Plane Design Points • [prevention] Isolated configuration channels provide resistance to flooding and packet injection attacks • [detection] Detect password-guessing attacks on network devices (hopefully we won’t base authentication on passwords only!) • [resilience] Tolerate misconfigurations

  11. Design Considerations • What design considerations should we recommend to community? • Sample guidelines • Minimal trust? • Small router state? • Minimal network layer functionality? • Favoring prevention over detection/recovery over resilience over deterrence? • Facilities for deterrence, while protecting privacy?

  12. Conclusion • For next-generation secure Internet, build security into every component at every level • Redesign protocols with security as a central design requirement • Utilize comprehensive security approach, leveraging prevention, detection/recovery, resilience, and deterrence • Consider social aspects: ease-of-use, privacy

  13. Workshop Report Format • Workshop goals • Build community consensus for need of a next-generation secure Internet (NGSI) • Establish requirements for NGSI • Explore problem space • Identify promising research directions • Recommendations to NSF and community • Structure of each report section on topic X • Properties NGSI should provide for X • Challenges and design considerations • Potential approaches and methods

More Related