1 / 19

NSF Wireless Security Workshop

NSF Wireless Security Workshop. Karl Levitt and Jie Wu Division of Computer and Network Systems Computer & Information Science & Engineering National Science Foundation klevitt@nsf.gov , jwu@nsf.gov. Outlines. NSF NeTS and CT programs Challenges and Opportunities

erek
Download Presentation

NSF Wireless Security Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NSF Wireless Security Workshop Karl Levitt and Jie Wu Division of Computer and Network Systems Computer & Information Science & Engineering National Science Foundation klevitt@nsf.gov, jwu@nsf.gov

  2. Outlines NSF NeTS and CT programs Challenges and Opportunities CNCI: A Multi-Agency Program Overview from Government Representatives Final Remarks 2 2

  3. NSF NeTS Cluster (2008) Network Ecosystems (NECO) Aware Networking (ANET) Networking at the Edge (NEDG) Future Internet Design (FIND) Exploratory Networking (XPLR) Du: NEGD, NECO Fisher: FIND, NECO Mankin: FIND, ANET Wu: NEDG, NECO All PDs: XPLR

  4. Cyber Trust Overview – FY08 Foundations (Rich Beigel): Cryptography, New models Formal methods(Rich and Karl): Verifying trustworthiness, static analysis of programs Host security architecture(David Du): hw support, new OSes, … Network security(Kevin Thompson and Karl): network security architecture, network monitoring Wireless and sensor network security(Jie and David) Intrusion tolerance(Karl and Kevin): Operate through attacks Privacy and human issues (Jim French): usable security Testbeds and experimental evaluation(Kevin and Karl): Metrics Applications that demand trustworthiness (Ralph Wachter): Telecom, E-voting, PowerGrid, Healthcare, Vehicles with wireless 4 4

  5. Cyber Trust Overview – FY09 Cyber Trust will be renamed to Trustworthy Computing The mission will not change but will place increased emphasis on: Privacy Usability Foundations 5 5

  6. Challenges and Opportunities Security Architecture Prevention vs. detection and respond Management: App. dependent/independent Integration with wired networks Foundations and Formal Methods Cryptograph: lightweight methods, key management, … Verification and validation 6 6

  7. Challenges and Opportunities Unique Security Issues for Wireless Unique security threats (e.g. jamming) Light weight methods Mobility Privacy, reputation, and trust Social networks Economic concerns Testbeds 7 7

  8. Questions What is industry doing, and how can we complement that? What are the current threats for which the research community has no solution, e.g., jamming? What are future threats to the wireless networks? What are future wireless applications? 8 8

  9. Questions What are the fundamental issues w.r.t. wireless trustworthiness? Are new design/architectures/paradigms needed? What is the role of regulation? What testbeds are needed for the future? How can different agencies work together? 9 9

  10. Comprehensice National Cyber Defense Initiative (CNCI) Research associated with CNCI, a.k.a the National Cyber Defense Initiative (NCDI) What This Talk is NOT About: The other 17 categories, one of which is the TIC • NCDI is a merge of a grass roots effortand CNCI • Current goal of NCDI: Create an actionable R&D plan • Summary of NCDI planning meetings • Why it is a daunting (but achievable) challenge to realize a secure system • Current view on on the planning process for the NCDI

  11. Baltimore Sun Article on Cyber Initiativehttp://www.baltimoresun.com/technology/bal-te.cyber24oct24,0,782050,full.story House panel chief demands details of cybersecurity plan (October 24, 2007) The chairman of the House Homeland Security Committee called on the Bush administration yesterday to delay the planned launch of a multi- billion-dollar cybersecurity initiative so that Congress could have time to evaluate it. Rep. Bennie Thompsonsaid he wants to make sure the new program is legal before it is launched. In an interview, the Mississippi Democrat said he had been told that President Bush might unveil the initiative as early as next week. Known internally as the"Cyber Initiative,"the program is designed to use the spying capabilities of the National Security Agency and other agencies to protect government and private communications networks from infiltration by terrorists and hackers. The Sun reported the existence of the program last month, but Thompson said the administration has refused to discuss the initiative with members of his committee, despite repeated requests.
a letter this week to Homeland Security Secretary Michael Chertoff, Thompson demanded that his committee receive a briefing on details of the plan. He also warned that the "centralization of power" envisioned under the initiative raised "significant questions" that should be answered before the program is launched. Thompson - whose panel oversees the Homeland Security Department, which would run the initiative - said he was unaware of the program's existence until I … A Homeland Security spokeswoman said Chertoff had received Thompson's letter, which was dated Monday, and would respond "in a timely fashion. We do agree that cybersecurity is a very important issue, and that is why since the beginning of this congressional session DHS has provided more than a half a dozen briefings to the House Homeland Security Committee on cyberthreats and related issues," said the spokeswoman, Laura Keehner.Thompson said that if the administration continues to give his panel the silent treatment, he will consider issuing a congressional subpoena. "You have to put sunshine on a program so sensitive as this," he said. The administration is saying that "'you have to believe us.' Obviously, as a nation of laws, we can't accept that.“ Thompson said that because the program involves the NSA and similar agencies, questions aboutprivacyand domestic surveillance would be of particular concern.

  12. 2006 NCDI-related Activities • DSB Net-centric Warfare Summer Study • April-August, 2006 • http://www.acq.osd.mil/dsb/reports/2007-04-IM_Vol_I.pdf • SCW (Safe Computing Workshop) Planning Meeting (DTO, MIT, NSA, NSF, Sandia, UPenn) • August 21-22, 2006, MIT CSAIL, Cambridge • NSF-DTO-NSA Safe Computing Workshop • Top US IA experts from government, industry and academia • Assessed entire computing & networking stack • November 29 – December 1, 2006, Sandia National Laboratory, NM • https://og5.csail.mit.edu/scw/dist/ • NSF-DTO-NSA Itanium STA Workshop • 25 specialists examined Itanium as platform for STA and looked at programming language verification • March 26-27 2006, MIT CSAIL, Cambridge • https://og5.csail.mit.edu/cdi/itanium/

  13. 2007 NCDI-related Activities • NSF CyberTrust PI Meeting (NCDI presentations) • 29-30 JAN 2007 in Atlanta • http://www.gtisc.gatech.edu/cybertrust2007/ • IA Leadership Workshop • (20 USG IA leaders reviewed NCDI progress to date) • 13 JUN 2007 at NGC, Reston • https://og5.csail.mit.edu/cdi/ialw/ • “Leap Ahead” Workshop • Report on gaps in current security and privacy technology • 5 OCT 2007 in Rosslyn, VA • Government-only meetings • We worked weekends to produce an initial plan • Workshop to Produce Actionable Plans • 3-7 DEC 2007 at the Naval Postgraduate School • Report under preparation

  14. Findings of NCDI • “Attackers Rule !” and Disasters are Likely • Short-term Measures Essential but Insufficient • Market Forces Will Not Change the Balance • Usability & Manageability Critical to Solution • New Technology Can Catalyze Major Changes • Research Business as Usual will Not Work Only a National Initiative Involving Researchers, Industry with Government Funding Will Make a Real Difference

  15. NCDI Vision Over the next ten years transform the cyber-infrastructure to be resistant to attack so that critical national interests are protected from catastrophic damage and our society can confidently adopt new technological advances Transformation means we must learn how to build the new infrastructure and deploy it. Learning how to execute this transformation will advance both technology and U.S. competitiveness in many ways

  16. S&T advances and new capabilities • Necessary and sufficient accountability • Trust-modulated e-commerce • Prevention of catastrophic cascading disruption • Ownership over personal data • Secure system/subsystem interoperability • Cooperative defense • Security measures and metrics • … • Critical Applications & Infrastructures • Power Grid • Telecom • Financial • EMR & Health Care • eVoting • … • Information Technologies & Components • Operating Systems • Protocols • Processors • Cryptography • …. Systems that Provide Safety, Security, and Privacy: A Possible Process • Security Shortfalls - IRC HPL • Security with Privacy • Global Identity Management • Insider Threats • Situation Understanding • Operating While Hurt • Information Pedigree • Security Metrics

  17. Overview from Government Representatives NSF: Karl Levitt and Jie Wu ARO: Cliff Wang NIST: Tom Karygiannis NSA: Steve Borbash NRL: Jason Rogers and Cathy Meadows 17 17

  18. Final Remarks Dialogue on Unique security issues in wireless What’s working and what’s not Threats of the future in wireless 18 18

  19. Government Academia Industry Interactions • Academia-Industry-Government Problems/Fund/Solutions

More Related