1 / 43

報告者 : 陳志昇

Self-Measurement of the Information Security Level in a Monitoring System Based on Mobile Ad Hoc Networks. 報告者 : 陳志昇. Outline. Ad-hoc network security overview (background) Security Metrics Security Measurement Self-Measurement of the Information

leeellis
Download Presentation

報告者 : 陳志昇

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Self-Measurement of the Information Security Level in a Monitoring SystemBased on Mobile Ad Hoc Networks 報告者:陳志昇

  2. Outline • Ad-hoc network security overview (background) • Security Metrics • Security Measurement • Self-Measurement of the Information Security Level in a Monitoring System • Compare with IDS (Intrusion Detection System) • Conclusions and future work • References

  3. Ad-hoc network security overview (background)(1/4) 為什麼Ad hoc network更需要做好 security • Ad hoc network是分散的情況下,用互相合作以來達到網路連結溝通的目的,但也就是因為需互相合作,而容易有自私帶來的問題,進而對網路安全產生危害。 • 資訊會隨ad hoc network的高流動率(因為可移動性高)而加速傳播,所以病毒、謠言等更要加以防範。 • Wireless的環境是使用一公開的媒體來通訊傳輸。這樣的媒體雖然可公開自由使用,相對的也帶來嚴重的威脅。

  4. Ad-hoc network security overview (background)(2/4) Ad-hoc network比wired network更難做security 的原因: • 每個點都可能有價值而被當做目標(Routing、resources) • 沒有可信任的點(缺少中控管理) • 做像一整個網路的網安防範公共配備(防火牆),不能用在自已可隨時形成網路的狀態下 • 網路裡各自用自己的入侵防護,但總會有一、二個防護特別弱而形成漏洞。 • 睡眠和省電模式對於ad-hoc network來說是很重要的,因為可移動性的特點需要電力維持,故產生了睡眠剝奪攻奪的新型攻擊方式。

  5. Ad-hoc network security overview (background)(3/4) Table 1. Types of attacks targeted at MANETs

  6. Ad-hoc network security overview (background)(4/4) MANETS recent popularity • Self-configuration • Self-maintenance

  7. Security Metrics(1/20) • The most widely used of these maturity models is the Systems Security Engineering Capability Maturity Model SSE-CMM (ISO/IEC Standard 21827) • Another well-known model, Trusted Computer Security Evaluation Criteria (TCSEC, The Orange Book) ,expresses the security engineering process using classes and divisions as evaluation levels • Technical security metrics can be used to describe, and hence compare, technical objects

  8. Security Metrics (2/20) Technical security metrics can be used in the following ways: • Goal establishment; • Prediction: the security level can be predicted before implementation or in an implemented system; • Comparison of the security level of technical objects; • Monitoring or scanning the security level of an object; • Enabling analysis: for example, in the case of fault injection method, metrics enable analysis.

  9. Security Metrics (3/20) The high-level security metrics will be a composition of a number of security metrics concentrating on different aspects of security. A technical security metrics model consists of three components: • The object being measured, • The security objectives, i.e. the “measuring rod” the object is being measured against • The method of measurement.

  10. Security Metrics (4/20) • Table 3. An Example metrics Repository Structure

  11. Security Metrics (5/20) A compositional approach can be used to define security metrics for MANETs, with the following: • Define security objectives: the security objectives can be defined based on the knowledge of the security environment, assumptions and threats. Among other things, they should determine the required security level; • Select component metrics based on the security objectives; • Compose integrated security level information: the final composition mainly depends on the method of measurement. The composition can be used for both quantitative and qualitative security metrics.

  12. Security Metrics (6/20) Some critical component metric areas that can be used in estimating the security level in mobile ad hoc networks: • Critical Control Information Distribution in Network • Cryptographic Algorithm Metrics • Human Factors • Product Quality • Other Factors

  13. Security Metrics (7/20) Critical Control Information Distribution in Network • Trust information (e.g. keys, certicates, signatures) • Routing information • Mobile entity identity information A concept of friends to the establishment of security associations

  14. Security Metrics (8/20) Trust information The way to distribute trust can vary between two extreme cases: • Single Certification Authority (CA): there is a single authority domain (a trusted entity), that issues certificates and/or keys • Full self-distribution of trust: in this case security does not originally rely on any trusted entity. There is no distinction between a CA and an end user (node)

  15. Security Metrics (9/20) Trust information • Trust management in mobile ad hoc networks is currently the most critical and complex technical security challenge, having a strong impact on the overall security level

  16. Security Metrics (10/20) Routing information • 惡意節點可以修改routing資訊來瓦解routing協定的功能正確性,或假冒其他節點來製造錯誤的routing資訊。 • 自私的節點會故意丟掉資料封包,或者操作routing的資訊來使其它節點不能使用他們來當傳送路徑裡居中的節點。 • 這種自私背後的理由是”對他們而言,這樣作資源耗費比較少”,這些資源有電池電力、CPU或是網路頻寬。

  17. Security Metrics (11/20) Cryptographic Algorithm Metrics • Attack steps metric: attack steps is defined as the number of steps required to perform “the best known attack”; • Attack time metric: attack time is defined as the time required to perform the fastest known attack; • Rounds metric: rounds are important to the strength of some ciphers;

  18. Security Metrics (12/20) Cryptographic Algorithm Metrics • Key length metric: the security of a symmetric cryptosystem is a function of the length of the key. However, adding an extra bit does not always exactly double the effort required to break public key algorithms; • Algorithm strength metric: we can use algorithm strength as a name of a scale developed for expressing the overall measurement of a cryptographic algorithm’s strength.

  19. Security Metrics (13/20) Human Factors • An enormous impact on the global security level of mobile ad hoc networks • Metrics such as usability metrics, and performance metrics form the baseline for metrics representing human factors • Performance issues have a strong influence on the usability of mobile ad hoc networks • In general, systems with a poor usability design tend to evoke a greater degree of user resistance

  20. Security Metrics (14/20) Product Quality • It must be noted that there are a lot of situations when the requirements of the different quality attributes and security conflict. (In the case of MANETs, the “product” is both a node in the network and the whole network.) • software product quality can be evaluated by measuring internal attribute or by measuring external attributes or by measuring quality in use attributes

  21. Security Metrics (15/20) Product Quality • measuring internal attributes : typically,static measures of intermediate products • Measuring external attributes : typically, by measuring the behavior of the code when executed • The characteristics of the ISO/IEC 9126 quality model for external and internal quality is depicted are Table 2

  22. Security Metrics (16/20) Product Quality Table 2. External and internal quality

  23. Security Metrics (17/20) Product Quality • Quality in use consists of effectiveness, productivity, safety, and satisfaction. The reader is referred to the above-mentioned standards for more information.

  24. Security Metrics (18/20) Other Factors • The wireless environment uses an open medium for communications. This medium is freely available and is a serious threat • the bigger the network, the more tempting it is for the attackers • The level of protection affects the level of security

  25. Security Metrics (19/20) Challenges in Metrics Development • 測量網安技術未成熟: 許多需警戒範圍,目前公制衡量(metrics)的定義和使用仍有問題。 • 缺乏發展者的貢獻: 在發展一些網路新技術的草圖裡,網安問題常被放在往後的日子才來決定對應方法。 • 缺乏相同及不含糊的記號: 如果沒有相同的記號來描述網安,則不太可能被廣泛提倡。 • 使用主觀評估: 如果大家都普遍主觀的話,公制衡量(metrics)將很難被廣泛使用,大家應該多多使用客觀評估。

  26. Security Measurement (20/20) The methods of security measurement into the following techniques: • Risk analysis is an estimation of the probability of specific threats, vulnerabilities and their consequences and costs – it can be thought of as a trade-off to the corresponding costs for protection; • Certification is the classification of the system in classes based on the design characteristics and security mechanisms; • Measures of the intrusion process is a statistical measurement of a system based on the effort it takes to make an intrusion.

  27. Security Measurement (1/2) The objectives for the mechanism include the following: • No central database can be used, • Local monitoring in each node, • Statistical knowledge of the security level is utilized, • Measurement should be independent of the routing mechanism, and • Decision mechanism to revocate the trust of suspicious nodes based on the observations of more than one node.

  28. Security Measurement (2/2) Clearly, there are two separate goals in the estimation process: • Estimation of the security level of a node • Estimation of the security level of the network

  29. Self-Measurement of the Information Security Level in a Monitoring System(1/12) 此監控系統裡與IDS很相像,故能參考左圖的IDS Agent架構 。

  30. Self-Measurement of the Information Security Level in a Monitoring System (2/12) 入侵偵測系統(Intrusion Detection System)主要可偵 測三種網路攻擊行為: • 1. 網路探測偵察:例如未經授權的探測系統及服務上的漏洞與弱點,如SATAN,NMAP,NESSUS 等軟體工具 。 • 2. 非法存取:例如系統入侵使得竊取權限提昇等,工具如Brate force或利用系統管理者缺失及Protocol 弱點。 • 3. 阻斷服務攻擊:使得系統服務或者網路無法正常提供服務或遭受破壞,例如ping floods、 SYN flood 、 UDP bombs 等。

  31. Self-Measurement of the Information Security Level in a Monitoring System (3/12) The estimation approach the key elements of the architecture are: • A Measurement Entity (ME) attached to each node, and • A Voting Entity (VE). • A Countermeasure Entity(CME) is also used for the Intrusion Detection functionality.The estimation is carried out in a mobile ad hoc network by co-operation between MEs and VEs

  32. Self-Measurement of the Information Security Level in a Monitoring System (4/12) Each ME in the network maintains a private metrics repository with the following information for each metric: • Metric objects: a collection of measurable objects to be measured, e.g. a property in routing information messages; • Metric methods: methods associated with the metrics; • Metric measuring rod: a database associated with the metrics that consists of reference information classified according to the level of security. The classification in the reference information may be based on quantitative or qualitative (using thresholds) reasoning.

  33. Self-Measurement of the Information Security Level in a Monitoring System (5/12) • The measuring rod database can include security level data that is either generally known or gathered from statistical data • Downloadable updates for measuring rod information can be arranged. It could be also possible to develop a learning mechanism for the node, making it capable of learning about the security level and updating the measuring rod information itself.

  34. Self-Measurement of the Information Security Level in a Monitoring System (6/12) • A Voting Entity (VE) contains the same functionality as ME. In addition, it has an organizer role in case that that several MEs are going to make decisions concerning the security level and trustworthiness of a node. In an ad hoc network, certain trusted nodes can act as VEs. • A Countermeasure Entity (CME) acts on the results obtained from the voting process. Certain trusted nodes can act as CMEs. • Because critical information is distributed among MEs, VEs, and CMEs, a trust establishment and distribution mechanism is needed to enable the estimation and voting processes.

  35. Self-Measurement of the Information Security Level in a Monitoring System (7/12) Estimation Process • ME用存放在公制安全衡量(security metrics)和名聲儲存處(reputation repository)的資料,來評估出從他所擁有的自己觀點的正確安全等級(security level ) 。 • VE用節點改變的主要資訊訊息來更新自己的ME,如些才能知道要向哪些周圍的點做通訊。 • ME主要的名聲儲存處(reputation repository)之資訊更新,能用來支援評估網路安全等級(security level ) 。 • VE可以從其它位於網路不同部份的VE那裡取得資訊更新。

  36. Self-Measurement of the Information Security Level in a Monitoring System (8/12)

  37. Self-Measurement of the Information Security Level in a Monitoring System (9/12) Table 4. An Example Reputation repository

  38. Self-Measurement of the Information Security Level in a Monitoring System (10/12) Voting Process • 單個ME也可以向VE回報他評估某物件之安全等級(security level ) 。而投票處理(voting process)可以用來做與其他ME對同一物件的意見比較。 • 投票處理(voting process)的過程: 1.一ME偵測到鄰居的可疑活動 ; 2. 此ME則將發現報告給他的VE。 3. 該VE通知他的所有ME;且每個ME都回報他們對於該可 疑點的意見給VE; 5. VE將聚集完所得的結果送到CME,且回送給所有ME。; 6. CME依投票出來的結果做出決策。比如是一個重大威 脅的話,則可以收回發配給被懷疑的點之IP,以做到 隔離。 7. 每個ME的關於此被懷疑的點之信任等級(trust level), 將可依投票結果做更新。

  39. Self-Measurement of the Information Security Level in a Monitoring System (11/12)

  40. Self-Measurement of the Information Security Level in a Monitoring System (12/12) Challenges in Estimation of the Security Level • Trust management is also needed to enable the communication between the VEs, MEs and CMEs • Suitable estimation algorithms should be developed for the metrics framework. This is a challenging task and requires a rigorous analysis of the metrics to be used • As a long-time goal, general-level statistical knowledge has to be collected on: security algorithms, network products, user behavior, applications, experiences from virus and worm attacks, etc

  41. Compare with IDS 通訊架構和IDS很相像,不過有重大不同點: • 這評估是依據一堆公制安全衡量(security metrics),能反應出全方面的網路安全等級(security level ), 而典型的IDS則集中在偵測入侵部份。 • 這安全等級(security level )分類資訊是由不同的技術物件之統計資料所組成。 • 每個點主要由自己完成安全等級(security level )的論據;而安全等級的資訊是可由評估程序(estimation process) 得到,這種安全等級的資訊可用來當這個點的決策參考。此方式與IDS的只有入侵偵測和一些決策有著極大不同。 • 每個點所收到的不同種類物件之安全等級(security level ) 資訊、民主公投(democratic voting ),這2樣在決策是否要讓令一點加入網路和決定新加入的點的可信賴度時,都是非常珍貴而IDS所沒有的。

  42. Conclusions and future work • Network-level security is increased due to the democratic voting mechanism of independent measurement entities, each independently aiming at a higher security level in the network • Our future work will include further exploration of component metric areas and identification of the dependencies between them

  43. References • [1]Savola, R.; Holappa, J. Self-measurement of the information security level in a monitoring system based on mobile ad hoc networks. In Measurement Systems for Homeland Security, Contraband Detection and Personal Safety Workshop, 2005. (IMS 2005) Proceedings of the 2005 IEEE International Workshop on 29-30 March 2005 Page(s):42 – 49. • [2] 資安人科技網,http://www.isecutech.com.tw/ • [3] Zhang, Y., and Lee, W. Intrusion Detection in Wireless Ad Hoc Networks. In Proceedings of the 6 th Annual International Conference on Mobile Computing and Networking (MobiCom). Aug. 2000, 275-283. • [4] Savola, R. Estimation of the Security Level in Wireless E-Commerce Environment based on Ad Hoc Networks. In Proceedings of the 5 th European Conference of E-Learning, E-Business, E-Government, EWork, E-Co-operation E-COMM-LINE 2004, Bucharest, Romania, 21- 22 Oct. 2004. 6 p.

More Related