Security Issues - PowerPoint PPT Presentation

1 / 52

About This Presentation

Title:

Security Issues

Description:

Security Issues – PowerPoint PPT presentation

Number of Views:261

Avg rating:3.0/5.0

Slides: 53

Provided by: michelr88

Category:

more less

Transcript and Presenter's Notes

Title: Security Issues

1
Security Issues Paradigmsin Mobile Computing
Science Networking

Michel Riguidel
Tel 33 1 45 81 73 02
riguidel_at_enst.fr

2
Les exigences de QoS, mobilité et de
configurabilité
3
Information Technology evolution

Before 80 Middle Age, Computing Sc. belongs to
fiefs (IBM, ), no network
All proprietary, no flow All is parchment or
proprietary spreadsheet
80s All is transparent for a computer scientist
All is file UNIX (/dev/null, /dev/lpr, ...)
a file is a set of characters which can be
manipulated by C language
85s All is readable on a desk (or a PC) for
anybody
All is document (no more interoperability
transparency)
95s All is an available object on the network
for communication
All is document, readable everywhere (HTML page)
or executable everywhere (Java)
Privilege to information access kiosk, server
00s All is a digital, fluid live stream
distributed over networks
Nomadic user, virtual presence (user or
sw/content move), Virtual Machine JavaBeans
Ubiquitous IT (networked planet grid) Mobile
computing infrastructure (Xeo satellites)
05s All is program, alive on ad hoc networks
An entity on the network is a Java Program (Jini
Concept)
Intentional architecture

4
The new Paradigm of IT
Towards a Convergence Telecom - Multimedia -
IT For a seamless IT with mobility,
configurability in zero-administration within an
heterogeneous world
Hardware
Distributed Multimedia Data
end-user Profile, smart card software object,
Agent Application, Service Telephone, Set Top
Box, PDA PC, Server, Printer Trusted Third
Party Router, Switch Home Network, Local
Network Virtual Private Network
for Businesses, Internet
Software
Middleware Infrastructure of dynamically
configurable distributed IT
Content
Individuals
Communicating, autonomous, configurable, mobile,
automatically plugged ENTITIES onto an
interoperable secured, Plug Play, scaleable
dynamically INFRASTRUCTURE, All being
distributedly managed by various Actors,
according several point of view
5
Infrastructure of a ISUrbanization of an
Information System
Infrastructure with QoS, mobility security
Multimedia Hyperdocument
New Services Intelligent Routers
Switchers Configurability Active Ad hocNetworks
Mobile/fix, wired/wireless Extra/Inter/Intranet
Mobile Terminals Network Computers
New Services Usage biometric Authentication Adap
tive multi-modal Human Interface Speech
recognition Adaptability customization of
applications according terminal configuration
end-users services
New Services Indexation by content Protection
of digital Objects Navigation, Search
engine information filtering
6
Software Intensive SystemArchitecture is a key
issue
Broadcast Access
System Architecture
New OSI Layers
Usage, cooperation teleworking,
videoconference, real time negotiation
information documents
performance QoS interoperability security mobility
heterogeneity distribution dependability maintain
ability
applications configurable, downloadable
distribution services M2M, P2P Middleware,
XML, Corba mobile Code
communication convergence IP ATM
Multimedia Cross media, video, image, mobile
code, hyperdocument
transmission wired wireless
Content
Communication
Properties
7
Urbanization Versatility in Access
NetworksHeterogeneity, Global roaming, QoS,
Value Added Services
Access / Intermediation
IPv6
8
Global Interconnection seamless Heterogeneit
y, Multimedia, macroMobility
Common challenges to be solved . Plug play .
Configurability . Management . Quality of
Service . Upgradeability . Adaptability .
Security, privacy . Stability, safety . Costs
LANs
Interconnection of Local Networks
Private
Internet Connections
Enterprise
Telecom Operators Internet
Cooperation
Cooperative Work
Mobiles
Remote Access

More Heterogeneity
Interoperability through different networks
No Esperanto W-Corba, JavaRMI, J2EE, agents,
do not fit
M2M (middleware to middleware)
Selectivity, Resource management,

Public Networks Connections
Global Roaming
9
Dynamic Links heterogeneity mobility
WAP
GSM
Telecom Operators Internet

More Dynamicity
Changes depending upon
Policy, Traffic,
Opportunities, locations, context, resource

Global Handover
10
New Services, Contents, Middleware,Network
Service ProvidersClient-server gt intermediation
architecture
Multimedia Content-based Search Engine, Agent
Platform, etc
Content Provider
Achilles
Barbara
Personal Area Network

More Content Rich Content Cross-Content
VoIP, "QoS" real time, critical flows,
audio-video streaming
Content processing (searching, watermarking, )

QoS
11
The digital World Architecture Urbanization

Ubiquity of computing storing resources
communication anytime, anywhere, anyhow
concept of datagrid (metacomputing)
Externalization of General resources
Mips
Storage
Trust content (secret keys available everywhere)
Communicating Objects Subjects
Objects are dynamically connected
Devices are permanently connected (IP v6)
Subjects have representations over the network
(avatars)
Customization of its own Virtual Private Network
Community

Key technology Cellular Mobile Telecommunications,
Mobility, roaming Internet, Data Grid, Cache
Architecture Satellite, Broadcast
12
The digital WorldArchitecture Urbanization

Customization
of its own Virtual Private Network Community
Subjects have representations over the network
(avatars)
Devices are permanently connected (IP v6)
Layer 2 Data link
Communicating Objects Subjects
Objects are dynamically connected
Communication anytime, anywhere, anyhow
Versatile medium access
Layer 7 Bottom of Application Layer
Ubiquity of computing storing resources
concept of datagrid (metacomputing)
Externalization of General resources
Mips, Storage, Trust content (secret keys
available everywhere)
Semantic socket, pluget
Quality of communication (QoS, Security)
Nature of content
Negotiated resources

13
The past emergence of new context

Information on Years 80s 90s
Simple and it works
Not enough mips
Proprietary
Dedicated entities with specific intelligence
engine
Assumptions which are no more verified for Years
00s
Catalogues of fix Applications
Bill Gates' concept is obsolete
Dedicated Infrastructure
Need of Global Interoperability Roaming
For "Beyond 3G networks", Routes do not exist any
more
The OSI model is no more "the" reference
Herzian spectrum static allocation by ranges
Spectrum must be shared differently (new rules,
UWB, )

14
The Future Open, Smart Configurable Networks

Non Functional Properties are essential
Policy aware networks
Mobility, QoS, interoperability, security
Configurability changes versus time space
Management issues, proactive reactive mgt
Potential solution
Virtualization
Openness
Hw Trivial (not simple !) Sw Virtual
More Intelligence in the network
Pros Cons
Performance
Business models
Technological issues
Complexity reduction
Software engineering does not follow

15
Long Term Vision

Vision
Hw Sw separation and independence
Smart intelligence within the open network
Radio block (General Management of the Radio
Resource)
Lower layers (UMTS MAC layer)
Upper Layers Downloadable Applications
Relationship between the layers
Articulation between the architecture styles
Implementation of these architectures are
different
Management
subsidiarity
Orientation
Open Network (Next seism in Computing
networking)
Software radio, software Terminal, "Software
Network" Ad hoc Active Networks
New Architectures P2P, M2M,

16
Convergence Virtualization Externalization

Wireless
Mobility autonomy
Adaptation, Configurability
Depending of the context
Ambient Networks
Embedded Internet, Desegregating terminals
Disappearing computing, pervasive computing
ubiquity of access
communicating objects and devices
remote work (medicine, surgery)
Augmented reality
Data Grid MetaComputing
Global computation (Genomes, cryptography,
astrophysics, )
Managing securing Chain Value

17
Conclusions

Convergence / Divergence dialectic
Merging wired wireless
high date rate core networks
diversity of access to the network
New Content multimedia, art creation
exploration of the content cosmos
Different Scales heterogeneity
Bluetooth, WLan (802.xx), UMTS, Internet
Decentralization
Not a revolution but smooth permanent changes
migration of standards
IPv4 versus IPv6
de facto Windows towards Linux (open software)
GSM to GPRS
Etc.

18
Computing /or Networking
Computer
Network
Management of Time/Space I/O
Management of Space I/O
Semantic Turing Machine
Semantic Store Forward
Bandwidth
Router Switch
PC Server
Erlang Data rate QoS
Mips Gigabytes
Bottleneck I/O
Bottleneck the last Mile, , centimeter
Space not x,y,z but structured addresses
19
Gilders versus Moores law
2x/3-6 months
1M
1000 x
WAN/MAN Bandwidth
10,000
Log Growth
Processor Performance
100
2x/18 months
97
9
9
01
03
05
07
Greg Papadopoulos, Sun Microsystems
20
Mobile Context Digital World

More Mobility
Nomadic people (with terminals)
Mobile services, content (caches), infrastructure
(satellite constellation)
Downloading applications, agent framework, liquid
software, VHE,

Personalization
Mobility
Ambience Contextualization communication
infrastructure, equipment, environment
Localization
21
Evolution of mobile networks from vertical to
horizontal segmentation
Today Specific Network with unique service Old
Binding services with communication technology
Tomorrow Multi-service/client-server Network New
SP competition over open Infrastructure
Services
Portal Servers
Content
Content

Mobile Internet
High rate Internet
backbone network by packets
Data/IP Networks
PLMN
PSTN/ISDN
CATV
Mobile Access by packets
High rate Packets Access
Circuit Access 2G/RTC/ISDN
Clients
Access Network, Transport Switch Network
From Ericsson
22
Dynamic Provision of Services to Users
End user Private
Value Added Service Provider
Directory Services
Calling Services
Voice Services
Value Added Services
Information
Shopping
Banking
Telecom Operator ISP
Culture
Entertainment
Automation
Devices
Services
23
Quality of Service

QoS defined by UIT-T E.800 norm

Ease of use
Accessibility
Degree of satisfaction of the service user
Audrey
Continuity
Service Logistics
Security
Integrity
24
Information Flows, Streams Cachesefficiency of
the whole Loop Content Delivery Networks, ...
More Intelligence at the periphery of IS
More Knowledge and reactivity in the Loop
STREAMS
STREAMS
EXECUTION
MANAGEMENT
TRANSMISSIONS
TRANSMISSIONS
More irrigation in IS by differentiated
Information Flows
Data
lt Data Fusion Broadcast gt
Sensors Actuators
Synthesis
25
The ecology of networks

Social networks
who knows who gt Virtual Private Communities
Knowledge networks
who knows what gt Knowledge Management
Information networks
who informs what gt à la Internet
Work networks
who works where gt GroupWare
Competency networks
what is where gt Knowledge with time and space
Inter-organizational network
organizational linkages gt Semantic
Interoperability

26
Mobility InfospheresEvolution of Spaces
regular intelligent
PAN-Bluetooth-WLan-UMTS-Internet
From K. M. Carley CMU
permanent links through IPv6
As spaces become intelligent individual's
infospheres grow, changes occur in the and in
which people are embedded.
Infospheres circles interaction bold
lines knowledge network dashed line
27
The Seven OSI Layers
Dynamic
Multimode
Browser Players
Between TCP UDP, there are thousands of upper
transport protocols
Active Networks computation within Nodes Ad hoc
Networks moving nodes, No fix Routes
Turbocode
Wireless Optics
28
Communication Infrastructure Client-server is
dead gtPolicy Aware Networks
Horizontal unbalance of the semantic distribution
in networks network entities are efficient
lifts for the OSI layered model extremities
(client server) bearing the whole intelligence
Connection between A and B secure interoperable
protocols Pab Pba with adaptive QoS
A client
Towards Active Ad hoc Networks
Network infrastructure
More intelligence memory, visibility,
flexibility
B server
29
Active Network Model
APIs
Application Program Interfaces

Execution Environment
Execution Machine
Interfaces to program the network

EE 1 Java (Capsule)
EE 2 (IPv4)
EE 3 (IPv6)
EE 4 Asm Intel

Open Operating system (Node OS)
Resource management
Open APIs towards EEs
Infrastructure for Security Functions

Trivial Hw (Physical Resource)
30
Réseaux actifs défis

Ouvrir le réseau aux (fournisseurs de) services
Modification dynamique du comportement du réseau
par les utilisateurs, applications, et opérateurs
Définir une interface (API) de programmation des
réseaux

Un réseau programmable est un réseau de
transmission de paquets ouvert et extensible
disposant d'une infrastructure dédiée à
l'intégration et à la mise en uvre rapide de
nouveaux services Réseau extensible qui offre des
facilités pour changer dynamiquement son
comportement (tel quil est perçu par lusager)
Ouvrir le réseau Virtualiser les
composants Configurer dynamiquement
Le Réseau devient une machine virtuelle
programmable
31
Active Networks

To keep the Network proprietary ! over an Open
Infrastructure
To distribute intelligence within the Network
DiffServ is a straightforward Active Network !
The Java Packet program is a constant (flow
header)
MPLS is an elegant simple Active Network !
The program is a stack of constant (shim header)
which is run over the entry and exit nodes to
create Tunnels
More to come
Filtering,

32
Spontaneous Device Networking self-organizing,
ad-hoc

Wireless no route
Access control ?
Net etymology mesh, graph
How to find his own way ?
Some Issues
Service discovery
Spectrum coexistence
Management
Security

33
Ad hoc Networks

Each node can be a router and/or a terminal
Astrid cannot talk to Charlotte (hidden nodes)
Basil potential collisions
C can reach the cell A via B

A
B
C
D
Radio range
34
Ad hoc Networks

No more Routes
No more Topology
Blind search
Search with Reminiscence
Extension to Self organizing Network

35
Zimmermanns open interconnection model
End-to-end
Application
Application
Presentation
Presentation
Session
Session
Top-down
Transport
Transport
Network
Network
Link
Link
QoS
Physics
Physics
QoS
QoS

From top to bottom and from A to B
Seven layers model isotropic, no time and space
Homology to win interoperability
Vertical software engineering
To shred any content into packets, datagrams,
frames, and finally bits
We ignore content semantics

36
Theory of communicationShannon Weaver model
(1949)

Linear unidirectional model
Neither the relationship between the actors nor
the situation are taken into consideration
Eliminate semantics
J Lacan (seminar II, 1954), R Barthes (ethos,
logos, pathos)

message
37
Les exigences de sécurité dans un univers mobile
38
Security issues in a mobile world

Specification of policies compatible with the
Content and the Container
Set up of a context-oriented, plural,
configurable policy
Design of new encryption protocols
Placing cryptology and steganography in
perspective
Introducing security in an open world

39
Challenges

Years 2001
Distorting reality prism with
Internet (asynchronous messages meshes of
routers) and
GSM (voice content cellular architecture with
Base stations)
Security mobility
Use of infrastructures
Need of geographical references
Need of protecting the spatial structure
Fix infrastructure articulation of mobile part
and fix part via a cryptographic protocol
Mobile part (ad hoc networks) search for
invariant structures
Use of history of movements
Traceability of moving objects and subjects
Building alibis
Ontologies are moving in these virtual spaces
Identification and then confirming their
existence in a defined location using alibis

40
New situation no more deterrence

Before 11th September (QQ33N)
Symbolic attack no more
undetectable or discrete attack
balance between investment protection cost risk
to lose assets
After 11th September (QQ33N)
The whole communities can lose confidence
Security against on cyberwar
at a greater scale for large infrastructure
Main threat
Denial of service for a long time with multiple
accidental coincidences
Basic security
Audit, accountability (identification
authentication)

41
Classical Security solutions

PKIs, Certificates (X509), SSL, IPSec, Firewalls
Security classical cryptography model
Audrey Basil share a secret
can be used to scramble the message
(cryptography)
can be used to insert a subliminal mark in order
to leave a trace (steganography)

Point to point
Cryptography
Trusted third party
42
Security Solutions IT today 2 focal key points
S/MIME
PGP
Security with proxy
Content Security
P3P
FIPA security
WAP security
XML
SSL/TLS/LIPKEY
Articulation distributed security Infrastructure
Network Boundary
IPsec
IP
IKE/ISAKMP
BitStream Ciphering
Route Security
A lot of standard solutions Utilization often
complex One protocol does not eliminate all the
threats
43
Digital era vulnerability customized security
Buyer
01000011
011000101100
1100101001010101000011
01010101000011
00101100
01001010101000011
order
110010100101000011
Seller
0101100
1100101001010
vulnerable
1011000011101001
Mobile
only clones
payment
Bank
Intelligent can be adjusted and personalized
44
Mobility within a Convergence world

Open or closed ?
Both Möbius ribbon
Historical world footprint witness
We must authenticate the scene, the situation
We must trust a witness located at t t0 and at
x x0
Audrey Basil know each other
Local confidence
Mobility introduces new threats
a subject S is going to travel trajectory x(t)
S is not alone
S leaves traces, depends upon the ambience
S wants to trust the object O
S and O are going to create alibis depending upon
time and space
Alibis
are trusted relationships between the
infrastructure, S O
E.g. the individual is going to sign with the
station base that he/she was present in this cell

45
Security policy depending upon space time

User point of view
he/she defines his/her own security policy for
comfort
Service access if the user in inside a perimeter
One restricts on his own our mobile phone usage
inside a given zone for a certain period of time
One asks for a control from the telecom operator
Secret shared with the operator
Service Provider point of view
Creation of a cryptographic protocol to sign the
user ID with the location ID (here the base
station name)
Buyer may be anonymous but one knows that he was
here at t t0
It is no more a virtual world

46
Object traceability

Trust model
Content security (end-to-end)
Container security (depending upon operator,
Internet, etc)
The whole system has a memory
Audit function (.log files to record events)
Historical signature
Digital signature of the content integrity
Digital signature of the traces
Labeling, watermarking
Ephemeral watermarking

47
Security functions in a mobile universe

Identification
Biometry, smart card, trusted entity
Anonymous
need to find a witness for the situation
capture a secret depending upon the situation
Authentication
Of the scene
to exchange a secret with someone that we will
see again
Audit
History of the objects /subjects trajectory
Ephemeral watermarking
Data Protection
Both Cryptography steganography

48
Architecture Projection of constraints

Architecture
Expression of constraints
Design Projection of the specification onto an
implementation
The expression of the constraints (QoS, Security,
mobility, interoperability) must be incarnate and
instantiate through
The network architecture
The protocol specification
The applications
Some expressions will be through markers
In a clear world

49
Reconstruction of space, time and trust

Network models
Anarchical model
Internet, WLAN, WPAN
Master-slave
WLAN
Hierarchical
Cellular networks
Semantics of protocols
Oligarchic
PKIs
Architectures of Applications
Client server architecture model
Audrey Basil are living in an isotropic world
Producer consumer of content
Administration
management very often a bureaucracy
Others

50
The new paradigms the focal point is not IP

Computation ubiquity (bottom of layer 7)
Horizontal software engineering (M2M, P2P),
Agents
XML metalanguage
To find an Esperanto (interoperability)
Allows to describe policies, rules, intentions,
predicates
Metacomputation grid
Swarm of computers (10 6) running one single
application
Issue the semantical socket at the bottom of
the application layer
Access ubiquity (layer 2 MAC)
Vertical software engineering
High data rate Internet (digital divide)
Urbanization
Construction of an Harlequin mantle (802.11,
802.15, UMTS, )
Dialectic of usages

51
Remedies to mobility vulnerabilities

Distribution
Trusted hierarchy by subsidiarity
One can distribute secrets which are longer
Intelligence everywhere
Inside the network
Network have a better throughput
Capillarity larger larger
Security hopping (security evasion)
Classical cryptography immutable world
To zap one billions of security policy
implementations
1 single security policy but 10 9 implementations
Each solution is fallible but the whole is highly
secure
Secret contents
Delivery Content Network (DCNs), Storage Area
Networks
Flood the network with machines able to compute
secrets
Secret Content Networks huge repository of keys

52
Conclusion

Lurbanisation des systèmes de communication
Ubiquité, universalité
Complexité Structure, Architecture, Urbanisme
Les nouvelles exigences dans les futurs réseaux
QoS, mobilité, configurabilité, sécurité
Le seuil de la complexité des architectures
Performance versus intelligence
Les points de vue
opérateurs, manufacturiers, fournisseurs de
services et utilisateurs
La complexité projetée dans lurbanisme,
larchitecture, les protocoles, les extrémités et
la subsidiarité (management réparti)
Le rythme des ruptures et des évolutions
dans le cadre de la convergence et
des réajustements de la tectonique des 3 plaques
Télécoms, Informatique, Audiovisuel