160 likes | 330 Views
Disruptive Technologies and Cyber Security: A CRC Perspective. Jean Luc B érubé Vice-President, Network Technologies PST 2010, August 2010. Overview. An introduction to CRC Disruptive technologies as related to communications and security … …that have been, …that are,
E N D
Disruptive Technologies and Cyber Security:A CRC Perspective Jean Luc Bérubé Vice-President, Network Technologies PST 2010, August 2010
Overview • An introduction to CRC • Disruptive technologies as related to communications and security… • …that have been, • …that are, • …and that could be. • Related CRC research and development
Communications Research Centre Canada, Industry Canada • Established in 1969 • Canadian government's primary laboratory for research and development (R&D) in advanced telecommunications, and a center of excellence in information and communications technologies (ICT). • 250 engineers and scientists • Budget of over $50million CRC Core Competencies RADIO FUNDAMENTALS (propagation, antennas) CYBER SECURITY / PUBLIC SAFETY BROADCASTING & SATCOM BROADBAND NETWORKS WIRELESS TECHNOLOGIES 3
CRC Research Cognitive Radio Software defined radio Spectrum monitoring Cyber security Advanced technologies for mobile and broadband communications DTV transition, Mobile TV, 3D TV White space use Green ICT …and many more CRC Core Competencies RADIO FUNDAMENTALS (propagation, antennas) CYBER SECURITY / PUBLIC SAFETY BROADCASTING & SATCOM BROADBAND NETWORKS WIRELESS TECHNOLOGIES 4
Client-server architecture/Networking MANETs, WSNs, P2P networks, Social networks, Cloud computing, … Mainframe computer Cellular networks centralized distributed Password is hashed, hash value stored on server Embedded authentication devices, portable random generators Clear text password, stored locally Cloud authentication? Trust computing? Anonymity? Evolving Technologies, Expanding Security “The whole 20th century, because we’ve been speeding up to this point, is equivalent to 20 years of progress at today’s rate of progress...”Ray Kurzweil, "Understanding the Accelerating Rate of Change," May 2003
Disruptive technologies that have been… New communications technologies introduced unexpected security considerations at the same time as new capabilities Security was originally proprietary and centralized Disruptive technologies included Telephone (land lines) Personal Computers Internet World Wide Web Mobile telephony
Disruptive technologies that are… We are currently living in an era characterized by technology that facilitates collaboration and openness The new capabilities and methodologies bring security challenges Disruptive technologies include: Open source movement Crowd-sourcing Peer-to-Peer networking Distributed computing Social networking Mobile computing Just-in-Time processing Virtualization
Observations • Communication, collaboration and convergence are key to many disruptive technologies • On one hand, thin clients appear to be making a comeback • On the other, increasingly powerful convergent devices (often in the form of semi-disposable consumer devices - iPhone anyone?) are growing in popularity • For both, the real value lies in communication • For both, huge problems in security and privacy
Disruptive technologies that could be… • We expect continuing convergence, increasing capability, and a reduced footprint • Extant security threats remain, while new threats emerge more quickly than humans can respond • Disruptive technologies may include • MANETs • Autonomic computing • Cloud computing • Semantic Web • Mobile Code • Secured Identity • Trust Management • Green ICT
Security Research at CRC Objective is to advance science and technology to better secure information and communications Traditional approach Technology development, analysis and prototyping Interdisciplinary approach Applying natural sciences, human sciences, and network science to the security domain Pursuing understanding of both technological and human aspects of security Application areas Public Safety National Defence Industry Standards Inter- and Intra-Governmental Communications
Experimental Security R&D • Malware Analysis • Can we study malware in a contained environment? • Can we use malware behavioral properties to develop a taxonomy? • How is malware evolving through time? • How are different malware families interacting one with another? • Intrusion Detection • Can we test Intrusion Detection in a contained environment? • Can we derive Intrusion Detection Systems desirable properties from these test results? • How are existing Intrusion Detection Systems reacting in the presence of new threats? • How are these new threats affecting the development of Intrusion Detection Systems?
Using Social Norms to Unlock Complex Problems • Societal Norms have evolved over millennia to accommodate different approaches to similar situations • Complex communication technologies, autonomous and human-oriented, can learn much from how people live, work, and play together where they cannot control others • Includes Rituals, Norms, and Reasoning • Technologies at CRC include: • Computational Trust • Device Comfort • Trust-Reasoning Network Security
Mobile Network Security • More ad hoc + more mobile + more users = new generation of networks. • Security concerns: • Authenticate and trust a new user? • Secured collaboration between users?
Mobile Network Security at CRC • Existing security technologies can be adapted to the new networking context. • New authentication schemes. • New encryption key management. • Collaboration as a tool, also a motive for security research. • Tool: evaluation and propagation of the users’ trust metric. • Motive: secured collaboration between users with loose control over their identities.
Autonomic and Cloud Computing • Autonomics is about devices managing themselves • For network devices, this includes configuration, healing, optimisation and protection (i.e. security). • By providing devices with the ability to reason and react to their environment in real time they will be faster at detecting and countering security threats than operator in the loop, • BUT you have to trust the machine… • Cloud Computing is about a new utility • Companies provide computing storage and processing power (for a price) that can be accessed from anywhere, anytime. • There is then no need for clients to worry about security, • ASSUMING you trust the company…
Summary • Disruptive communications technologies create security issues and concerns • CRC pursues solutions that revolve around improved collaboration and convergence • Security considerations continue to lag communication technologies • Technology advances exponentially (Moore’s Law) while our understanding of security (and privacy) concerns advance in a more linear fashion • CRC is pursuing promising new research, including applying natural sciences, social sciences, and network science to the security domain