1 / 25

New Generation of Trusted Technologies

New Generation of Trusted Technologies. Claire Vishik March 2014. Outline. C onnected environment Towards trust-based technologies with built in security & privacy Towards users with good understanding of technologies Global e nvironment; research & practice. Ubiquitous connectivity.

ata
Télécharger la présentation

New Generation of Trusted Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Generation of Trusted Technologies Claire Vishik March 2014

  2. Outline • Connected environment • Towards trust-based technologies with built in security & privacy • Towards users with good understanding of technologies • Global environment; research & practice

  3. Ubiquitous connectivity Services, infrastructure Areas • Shopping, education, banking, electrical systems, consumer appliances, health, trasportation, • Organizations, etc. Devices & appliances Adapted from Ericsson

  4. New Era for Computing Mobile Traffic Today 2015 Mobile Traffic Average Traffic per SMARTPHONE MB/Month 40% Video 66% Video * ~40x Average Traffic per TABLET 90 PB/month MB/Month 7M paid video subscribers * 3600 PB/month 700M paid video subscribers Average Traffic per LAPTOP 2.5 Billion Connected Users by 2015 >10 Billion Connected Devices By 2015 60 Exabytes Data Stored MB/Month * *Forecast Source: Cisco Visual Networking Index

  5. New Usage Models • Multiple uses for the same devices & process • Identical uses for different processes • Casual and formal environments merge • Diverse business and economic models overlap • Interaction increases in all environments • Barriers to entry are reduced, but the environments and processes gain complexity Source: Stanford (adapted)

  6. New trust and security problems Arising in (examples): • Supply chain • Industrial systems • Internet of things • Mobile devices Arising through (examples): • New usage models • Economic developments • Geopolitical issues

  7. Threat Environment Tools to perform security attacks are readily available and increasingly efficient The tools are increasingly adapted to the intended environments Cybercrime is Funding Organized Crime Cybercrime has been so profitable for organized crime that the mob is using it to fund its other underground exploits. And U.S. law enforcement is reaching around the world to reel it in.2 “We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises.”3 —Tom Gillis, Vice President and General Manager, Cisco Security Products • New threats from: • Social networking • Drive-by downloads • Mobile & CPS devices • Hardware and firmware attacks • Virtualization attacks • Power management tools • Home automation Threats are more sophisticated and professional

  8. Example: Home Automation • Kohno & Denning, 2013 • Technically savvy burglars could identify houses with expensive, easily resold items. • Adversaries can also target technologies with new capabilities, • accessing video and audio • unlocking doors • disabling home security, • tampering with healthcare • interfering with home appliances and utilities • New approaches are needed to supplement available mechanisms

  9. Outline • Connected Environment • Towards trust-based technologies with built in security & privacy • Towards users with good understanding of technology • Global environment, research & practice

  10. Trust and Trust Evidence • Research on improving trust anchors or point solutions seems no longer sufficient • Most processes today are cross-domain and dynamic, with devices and participants leaving and joining domains • Devices, networks, and applications are increasingly complex • If all trust anchors were implemented successfully, the ecosystem still would not be secure • We need mechanismsto produce, verify, transmit, share, and consume dynamic evidence of trust among the components of the ecosystem

  11. Wang, Y. and Singh, M. P., 2010: Trust Definitions • Trust is belief about future actions • Reflects the trusting party’s belief that the trusted party will support it • In computing, it affects decisions made by one or more participants, subject to two constraints: • Ability to predict each other’s behavior • It doesn’t work well in anonymous systems • Current approaches emphasize identity • E.g., by presenting a certificate, with the assumption that the verification process is robust and valid • Reputation based trust permits us to look at graduated trust values

  12. Other Trust Definitions • Ban Al-Ani, Erik Trainer, David Redmiles, Erik Simmons, 2012 • Trust can be defined in terms of one party’s expectations of another, and the former’s willingness to be vulnerable based on those expectations. • JingweiHuang and Mark S. Fox, 2007 • Trust is established in interaction between two entities and any one entity only has a finite number of direct trust relationships. • Some types of trust have to be transitive

  13. What the developers need to knowif they develop for every use case Incomplete list of issues… Legacy integration Software environment Intent of all other developers Future device architectures Networking environments Current and potential use models Economic & regulatory requirements Usability & performance tradeoffs Composite threat picture

  14. Trust Indicators (Trust Evidence) • Broadly applicable indicators that provide evidence that a system, network, device or application are trustworthy and have preserved their integrity • Examples include: • Results of certification or self-certification; data quality (for medical devices), risk parameters, development process, attestation results, device, network, and user identification, adherence to baselines • Typically machine readable, ideally quantitative • Quantitative models for trust are reputation based or based on statistics for deviations,e.g.,TianLiqin et al. 2006 • Could be communicated through trust language and trust protocols

  15. Potential research topics

  16. Vision for future environment

  17. …and new generation of technology professionals

  18. Outline • Connected Environment • Towards trust-based technologies with built In security & privacy • Towards users with good understanding of technologies • Global Environment, Research & Practice

  19. What the users need to knowif they try to understand devices and applications Incomplete list of issues… Data movements All software on their devices Application & network ownership Security& privacy features of each device Networking environments Security models used Regulatory requirements Optimal configuration for each device, application, activity Information they share

  20. New approaches to user awareness: vision

  21. Outline • Connected Environment • Towards trust-based technologies with built-in security and privacy • Towards users with good understanding of technologies • Global Environment, research & practice

  22. Global EnvironmentICT environments operate globally Incomplete list of issues… Distributed data International workforce Cloud computing R&D collaboration Convergent Networks Different lifestyles and living standards Diverse regulatory & legal framework Different education systems Varied technology adoption models

  23. Practical and theoretical aspects of research • Perceived or real disconnect between “real life problems” and theoretical research caused by (a few examples): • Differing tactical goals • Increasing specialization of research • Decreasing product development cycles • Multidisciplinary nature of many hard problems • Limited access to real life data and operational environments • Lack of broadly applicable technology transfer approaches • Increased awareness (examples): • Commercialization and transition to practice • “Real life” conferences and workshops, e.g., real life cryptography • Funded programs to support mechanisms for industry and academic collaboration • Industrial advisory boards • Private/public partnerships

  24. Vision for future collaboration (sample ideas)

  25. Thank you! • Questions?

More Related