Trust in Cyberspace: Difference between revisions
| Line 53: | Line 53: | ||
</blockquote> | </blockquote> | ||
Cryptography based authentication systems | Cryptography based authentication systems are needed to restrict access to NISs. However, cryptographic protocols are difficult to get right. High security systems shold investigate hardware token based authentication systems. Although Public-Key Infrastructure (PKI) technology is intended to serve very large populations with diverse administrative structures, issues related to timely notification of revocation, recovery from compromise of CA private keys, and name space management all require further attention. | ||
Firewalls and Virtual Private Networks (VPNs) are the current defense mechanism of choice as networking migrates to the Internet proper or to Internet technology. However, the development of increasingly sophisticated network-wide applications will create a need for application-layer firewalls and a better understanding of how to define and enforce useful traffic policies at this level. | Firewalls and Virtual Private Networks (VPNs) are the current defense mechanism of choice as networking migrates to the Internet proper or to Internet technology. However, the development of increasingly sophisticated network-wide applications will create a need for application-layer firewalls and a better understanding of how to define and enforce useful traffic policies at this level. | ||
Replication and diversity of software and hardware can be employed to build systems that amplify the trustworthiness of their components. Research is needed to understand the limits and potential of this approach. In addition, monitoring and detection can provide a second higher-level design approach that can play a role in implementing trustworthiness: attacks or | |||
failures are allowed to occur, but they are detected and a suitable and timely response is initiated. However, limitations in system monitoring technology and in technology to | |||
recognize events, like attacks and failures, impose fundamental limits on the use of monitoring and detection for implementing trustworthiness. | |||
* The implications for trustworthiness of anticipated developments in hardware and software technology, including the consequences of mobile code. | * The implications for trustworthiness of anticipated developments in hardware and software technology, including the consequences of mobile code. | ||
Revision as of 11:20, 13 July 2010
Full Title of Reference
Trust in Cyberspace
Full Citation
Nat'l Research Council, Trust in Cyberspace (Fred B. Schneider ed., National Academy Press 1999). Web
Categorization
- Overview: Independent Reports
- Threats and Actors: Telephone; Military Networks (.mil); Public Data Networks
- Issues: Incentives
- Approaches: Government Organizations
Key Words
COTS Software, Denial of Service Attack,
Interdependencies, Computer Network Attack,
Synopsis
This book, edited by a study committee convened by the Computer Science and Telecommunications Board (CSTB) of the National Research Council, provides an assessment of the current state of the art procedures for building trustworthy networked information systems. It proposes directions for research in computer and network security, software technology, and system architecture. In addition, the book assesses current technical and market trends in order to better inform public policy as to where progress is likely and where incentives could help. Trust in Cyberspace offers insights into:
To be labeled as trustworthy, a system not only must behave as expected but also must reinforce the belief that it will continue to produce expected behavior and will not be susceptible to subversion. The question of how to achieve assurance has been the target of several research programs sponsored by the Department of Defense and others. Yet currently practiced and proposed approaches for establishing assurance are still imperfect and/or impractical. Testing can demonstrate only that a flaw exists, not that all flaws have been found; deductive and analytical methods are practical only for certain small systems or specific properties. Moreover, all existing assurance methods are predicated on an unrealistic assumption—that system designers and implementers know what it means for a system to be “correct” before and during development. The study committee believes that progress in assurance for the foreseeable future will most likely come from figuring out (1) how to combine multiple approaches and (2) how best to leverage add-on technologies and other approaches to enhance existing imperfect systems. Improved assurance, without any pretense of establishing a certain or a quantifiable level of assurance, should be the aim.
The two likely building blocks of any networked information system are the telephone network and Internet. The strengths and vulnerabilities of the Public Telephone Network (PTN) are:
- Attacks on the telephone network have, for the most part, been directed at perpetrating billing fraud. The frequency of attacks is increasing, and the potential for more disruptive attacks, with harassment and eavesdropping as goals, is growing.
- Better protection is needed for the many number translation and other databases used in the PTN.
- SS7 was designed for a closed community of telephone companies. Deregulation has changed the operational environment and created opportunities for insider attacks against this system, which is fundamental to the operation of the PTN.
- Telephone companies need to enhance the firewalls between operations support systems (OSSs), and the Internet and safeguard the physical security of their facilities.
Current Internet issues are:
- New countermeasures for name server attacks are needed that work well in large-scale, heterogeneous environments.
- Cryptography, while not in itself sufficient, is essential to the protection of both the Internet and its end points. Wider deployment of cryptography is needed. Algorithms for authentication only are largely free from export and usage restrictions, yet they can go a long way toward helping.
- Cryptographic mechanisms to secure the DNS do exist; however, deployment to date has been limited.
- No effective means exist to secure routing protocols, especially on backbone routers. Research in this area is urgently needed.
- Attacks that result in denial of service are increasingly common. Wider use of updated software and patches, new product development, and better software engineering are needed to deal with this problem.
As NISs become more ubiquitous, applications are migrating from custom written mainframe software to web applications using commercial software.
Market conditions today strongly favor the use of commercial off-the-shelf (COTS) components over custom-built solutions, in part because COTS technology is relatively inexpensive to acquire. The COTS market’s earliest entrants can gain a substantial advantage, so COTS producers are less inclined to include trustworthiness functionality, which they believe can cause delay. COTS producers are also reluctant to include in their products mechanisms to support trustworthiness (and especially security) that can make systems harder to configure or use. While today’s market for system trustworthiness is bigger than that of a decade ago, the market remains small, reflecting current circumstances and perceptions: to date, publicized trustworthiness breaches have not been catastrophic, and consumers have been able to cope with or recover from the incidents. Thus, existing trustworthiness solutions — though needed — are not being widely deployed because often they cannot be justified. In addition, foreign code is a growing threat to the security of most desktop systems as well as other systems that employ COTS software.
Cryptography based authentication systems are needed to restrict access to NISs. However, cryptographic protocols are difficult to get right. High security systems shold investigate hardware token based authentication systems. Although Public-Key Infrastructure (PKI) technology is intended to serve very large populations with diverse administrative structures, issues related to timely notification of revocation, recovery from compromise of CA private keys, and name space management all require further attention.
Firewalls and Virtual Private Networks (VPNs) are the current defense mechanism of choice as networking migrates to the Internet proper or to Internet technology. However, the development of increasingly sophisticated network-wide applications will create a need for application-layer firewalls and a better understanding of how to define and enforce useful traffic policies at this level.
Replication and diversity of software and hardware can be employed to build systems that amplify the trustworthiness of their components. Research is needed to understand the limits and potential of this approach. In addition, monitoring and detection can provide a second higher-level design approach that can play a role in implementing trustworthiness: attacks or failures are allowed to occur, but they are detected and a suitable and timely response is initiated. However, limitations in system monitoring technology and in technology to recognize events, like attacks and failures, impose fundamental limits on the use of monitoring and detection for implementing trustworthiness.
- The implications for trustworthiness of anticipated developments in hardware and software technology, including the consequences of mobile code.
- The shifts in security technology and research resulting from replacing centralized mainframes with networks of computers.
- The heightened concern for integrity and availability where once only secrecy mattered.
- The way in which federal research funding levels and practices have affected the evolution and current state of the science and technology base in this area.
Additional Notes and Highlights
Expertise Required: Technology - Moderate