The standard security tools which will figure prominently in
successful SENTINELS proposals are listed below. There is
some overlap between some of these areas, which should lead to useful
cross-fertilization.
Cryptology: algorithms and protocols;
Security verification and validation: hardware, software and protocols;
System and software security: access control, passwords, content protection, monitoring, audit, security modeling and analysis;
Network security: Internet, ad hoc networking, multicasting;
Hardware security: tamper resistance and emission security;
Security tools: smart cards, biometrics;
Attack and defense: malicious code, fault tolerance, Information Operations and Critical Infrastructure Protection (CIP);
Security infrastructure and context: e-government, e-commerce, PKI, privacy, copyright, system level integration, standardization.
While SENTINELS recognizes that security is not a purely
technical subject, we believe that the security community in the
Netherlands is not sufficiently unified to tackle all the technical and
non-technical issues right from the start. Therefore we concentrate on
the technical issues during the eight years of the program's
lifespan.
We propose to organize six annual workshops, inviting
participants from law, business and the social sciences to learn their
views. This
guarantees extensive knowledge exchange, resulting in
a spin-off which cannot be obtained without SENTINELS.
Also planned are two brokerage events, kick off events in which
universities and parties interested in participating come together to
generate and discuss ideas for projects.
Organizational security: risk, trust, and policy;
Government security: law, policing, and regulation.
In the following sections we indicate some open issues in each of the areas listed above.
Many robust cryptographic algorithms exist that have been scrutinized over a large number of years. New algorithms are now carefully analyzed through a community process (such as the AES contest) before being accepted. There is scope for making such community processes more systematic. New algorithms are needed that permit shorter key lengths, and graded security.
Reducing the imbalance between the key lengths of public key cryptosystems and symmetric cryptosystems would be very desirable. For future wireless applications cryptographic algorithms are needed that can be implemented with reduced power and memory requirements.
Security protocols are sets of rules for computers about how to act in particular scenario in order to achieve a certain security goal. Large numbers of protocols have been defined that were found to contain errors, sometimes after many years. Mathematical analysis helps, but not if the analysis methods themselves are faulty, or more likely to be based on assumptions that at some point in time cease to hold. New methods and protocols are needed that can cope better with change than current protocols.
The correctness of security protocols is crucial. What correctness
precisely means depends on the specific purpose of the protocol, but in
general terms it can be understood as appropriate behavior in a hostile
environment, where in principle no-one can be trusted, and everyone can
be an attacker trying to disrupt the protocol. Establishing correctness
thus involves a careful analysis. Even for simple protocols, which may
only consist of exchanging a handful of messages, finding errors or
proving the absence of errors is difficult. Errors in relatively simple
protocols have gone undetected for years.
The most famous example is the
Needham-Schroeder public-key protocol, which was falsely assumed to be
to correct for almost two decades, see [26]. A more recent
example is the SSL protocol, developed to be used in web browsers for
exchanging sensitive data, notably credit card numbers, over the
Internet; over the past years two new versions have been released to
improve security.
The number of different scenarios that can possibly
arise in the required security analysis is typically well beyond what
humans can capture, and therefore scientific methods are indispensable
for getting a handle on the possible weaknesses.
Security policy models describe succinctly the protection properties that a system must have. A well-known example is the Bell-La Padula multi-level security policy model developed for the military. Its main aim is to protect classified information. Commercial security policies, such as the Chinese wall policy are more concerned with data integrity, and also the separation of duty. Most security policy models are inflexible and are too narrowly focused on one particular aspect of security.
The so-called buffer overflow weaknesses account for many of the
successful attacks on software. To prevent and detect these and other
weaknesses, the development process has to be of a good quality and has
to include activities as code review. For instance, the OpenBSD project
(http://www.openbsd.org) already delivers for years good quality software with
only minor bug warnings, due to their good software development process.
For the development of software in general, the SEI CMM for software can
be applied. With this model, the complete software development process
can be qualitatively improved. Aimed at security, the Systems Security
Engineering Capability Maturity Model (or SSE-CMM, see http://www.sse-cmm.org)
has been developed. It is a standard metric for security engineering
practices. Also important for good software is a good understanding of
what functionality the software (system) should deliver, e.g. the
requirements need to be straightforward and clear. For the field of
security requirements guidance in this field can be found in the Common
Criteria.
Most practical implementations of security systems are designed from the perception of one party (banks, telecommunications operator, ...). The user typically has no possibility for auditing these systems or for tracing information about transactions in which she is involved. Anderson [2] shows that errors in software, mistakes in installation, flawed procedures, etc. lead to security holes. Because of a lack of openness into the transaction, when a user becomes victim of an attack she rarely has the opportunity to defend his case. Providing the opportunity for the citizen to investigate a system, without compromising the security of the system would enhance the trust in electronic transactions.
Protection of software, audio, video, and games from piracy and illegal copying becomes an increasingly important issue for the content industry. In the past few years, the number of tools and technical mechanisms to support protection has increased significantly. Fundamental results may be obtained by a combination of protecting the integrity and authenticity of software algorithms, and tracing of illegally replicated content.
It should be possible to evaluate the strength of the security of a system. At the moment one framework for this exists: the Common Criteria (ISO/IEC 15408). The Common Criteria give the possibility to evaluate a product, including its development process. This process starts with the security requirements. For the development of the requirements the Common Criteria give guidance and hints for what requirements are necessary. The evaluation process ends with the evaluation of the product, for which is stated what is tested, how it is tested and by whom it is tested. Working with the Common Criteria requires a significant level of expertise, which could perhaps be harnessed in appropriate tools.
German legislation already stipulates that Smart Cards storing digital signatures must be evaluated at Common Criteria level 4, which provides medium strength security assurances. Legislation in other European countries is likely to follow suit, and assurance levels are likely to rise in the near future. Both developments point at the importance of security evaluations.
Finally work must be done to develop comprehensive security modeling and analysis methods and means to model and analyze larger security/trust infrastructures, e.g. complex critical information infrastructures and safety-critical information systems.
Network security is one of the most important parts of
today's computer security, because almost all computer systems
are interconnected. They can often best be understood as nodes
in a network. Research into network security has a strong
international orientation, in which standards organizations
like ETSI play an important role.
Network security can be provided at different levels (network layers).
For example, IPsec provides secure transport of IP packets, while
SSL/TLS provides secure end-to-end sessions. Many network security
protocols and security components have been developed. While this may
seem to suggest that all the necessary ingredients are available to
build a secure network infrastructure, there are many problems that
remain to be solved.
For example, it is currently not possible to
integrate IPsec in a seamless way with protocols such as RSVP that are
intended to agree and deliver a desired quality of service. Basically
the protocols do not co-operate, because IPsec encrypts the routing
information needed by RSVP protocol to guarantee bandwidth.
Research is needed to allow protocols to be characterized, analyzed,
and composed so that such undesired interactions are avoided. Also,
research on defense against Denial of Service (DoS) attacks is much
needed.
To simplify network management, ad-hoc networks are gradually
replacing the current ``fixed'' networks. The main problem faced by
ad-hoc networks is that of secure transient association. This requires
two principals to be able to authenticate each other, to communicate
securely for a while and then to forget completely about each other's
existence [36].
Multicasting is an optimization of communication amongst groups. One
of the main problems is to find efficient protocols that allow members
of the group to be added, without compromising backwards security, and
to be removed, without compromising future security [10].
Many different kinds of attacks are possible on electronic services.
Differential fault analysis was first introduced by Boneh, DeMillo and Lipton [7] and later given the current name by Biham and Shamir [6]. The technique induces errors in computations and compares the erroneous results to correct results. The comparison often yields secret information thanks to the mathematical properties of the cryptography. The attacks are most effective for asymmetric [7] protocols, but can also be made to work on symmetric [6] key systems. A possible remedy is to compute results more than once and to compare them. Also error correction on data is a useful tool to lessen the effect of induced faults.
Bao et al. [4] extend the differential fault analysis technique to discrete log based signatures.
Chip rewriting attacks can often be carried out with simple equipment. For example the bus encryption performed by the Dallas DS5002FP secure micro controller can be broken by a class I attacker (a knowledgeable outsider) [24].
Biham and Shamir [6] consider inducing random faults as well as the possibility of making a bit stick using a FIB (Focused Ion Beam machine). Suppose the bit is stuck to 1 and the system still works, then apparently the bit was 1. Otherwise it must have been 0.
Memory remanence attacks [19] rely on the fact that data is not normally erased perfectly. With appropriate measurement apparatus it is possible to recover information on most kinds of storage devices even after they have been erased and/or rewritten a number of times. The most advanced technologies are classified.
Timing attacks [23] make use of the fact that the time taken to perform computations may vary according to the actual (bit) values of cryptographic keys and plain texts. It is possible to mount imperfect defenses against such attacks by masking timing characteristics. Kocher [23] suggests a defense based on blind signatures.
Non-invasive attacks such as inducing clock and power glitches are shown to be quite successful by Anderson and Kuhn [3].
It is unclear to what extent many of these attacks have been carried out. Research is needed to determine to what extent attacks can be successful, how to quantify the success of such attacks and how to protect effectively against these attacks.
Some older work on the ABYSS architecture from IBM Yorktown Heights [44] provides fascinating reading. Smart cards (and a simpler device called a token providing a one-use forgery resistant authorization) are protected by means of winding 0.0035 in nichrome wire around the casing. Freezing it can attack the system. It is suggested that using optical fiber might be better. The software of the system [45] concentrates on the problem of protecting software vendors. Modern techniques are likely to improve on the process, for example by screen-printing the wires.
Some of the open questions are:
How to avoid single points of failure?
How to arrange for an independent verification and validation of systems?
Security ultimately depends on (1) something you know (a secret), (2) something you have (a secure token) and (3) something you are (your physical identity). In this section we discuss the system level issues in smart cards and biometrics research as representative for security categories (2) & (3) above.
Smart cards are used for secure access to buildings and networks (for example in GSM phones), for secure electronic transactions, for carrying personal data, e.g. essential aspects of the card holders health record, and for various roles in e-government (passport, drivers license, e-voting card, etc.).
Smart cards offer in excess of 90% of the technical security and 50%
of the operational security of a typical system. The actual code in the
smart card typically accounts for a small fraction of the total code
involved. A sound design principle in secure systems design is that the
trusted computing base should be kept as small as possible; ideally it
should consist of only the smart card.
The main obstacle to shrinking
the trusted computing base at present is the inability of smart cards to
interact directly with people, i.e. without the intermediary of the
terminal. To overcome this problem, it should be possible to integrate
inexpensive human interfacing with smart cards, so that users can enter
their pin or present their biometric data without the intermediary of an
alien--possibly hostile--device. Only then is the chain of trust
complete, and can the whole system be verified.
To achieve this,
research is needed in areas such as ultra thin batteries, biometric
sensors and displays. The integration into a security infrastructure of
cards that users can interact with is a system level issue. For example,
much of the security related functionality of the terminals might move
into the card.
Current smart card production levels world wide already exceed 2 billion
smart cards per annum. Clearly any threat to such an installed base must
be taken seriously. New applications are expected to emerge soon where
inexpensive secure tags will be used to enable tracking of goods, and
components. Such applications are expected in all areas of industry,
ranging from tagging goods in supermarkets, to the secure labeling of
components in cars.
Effective management of smart cards/tokens produced
and deployed by the billion is a system level issue with many facets,
ranging from secure manufacturing and issuance, to post issuance
maintenance, and environmental considerations over ``spent'' cards.
Biometrics provides a capability to link the physical identity of a
person to a digital identity. Measuring a physical property of the
person, such as a fingerprint, or the person's gait, does this. The
security of biometrics is determined in part by the degree to which the
measured property is unique. A biometric, once it has been digitized,
delivers a string of bits that identify the user. In this sense a
biometric is like a password that can be guessed, copied, etc.
The wide
spread use of biometrics must therefore be accompanied by the
development of an infrastructure to detect and combat fraud. Some
commonly used biometric (fingerprints) techniques are inherently
insecure [40], yet they are deployed at a large scale. This
development should be averted. Novel biometrics are needed that combine
good security with a high level of user acceptance.
The integration of biometrics in a secure system is of particular importance, raising issues such as:
privacy of biometric data;
how to combine PKI with biometrics;
defining standards for biometrics;
biometrics best practices and standardization;
scalability;
user acceptance, dealing with opponents of biometrics;
There are many possible ways in which a system's security can be compromised. Attacks by (mail) virus are probably among the most well known ones. Many computer users are familiar with virus detection. Such detection against malicious code will be highly relevant in many other areas, since actual downloading of external code is becoming more and more important--for instance for multi-application smart-cards with ``post-issuance downloading'' or for mobile phones with integrated personal organizer. But also in many other systems the first line of defense is detection. This requires new techniques, relying for instance on statistical analysis. The actual response to a detected attack will generally be very specific to the system at hand.
Intrusion detection and sharing of intrusion detection information amongst trusted partners is an important area of research, because it is often difficult to establish unequivocally whether the security of a complex networked system has been compromised, whether information has been tampered with, or which information has been taken.
For public key cryptography to work, the public key of a person must be
widely publicized, so that everyone wishing to send a private message
can encrypt it with the publicly available public key of the addressed
person. Only this person has the associated private key, needed for
decryption.
For such scenarios to work there must be a reliable database
connecting people to their public key, much like in a phone book. Such a
service is called a Public Key Infrastructure (PKI). The government in
the Netherlands is working on such a national PKI (see
http://www.pkioverheid.nl). However, there are many sensitive issues involved,
about:
control: who owns the PKI, keeps it up to date, and is responsible for keeping it in the air?
use: can PKI only be used for e-voting, or also for buying MP3s over the Internet?
traceability: which parts of transactions will be logged, and will be accessible by whom?
accountability: who is responsible when keys are compromised?
privacy: who really wants everyone else to know about him/her?
Clarification of these issues is required before such a PKI can be set up. Further studies are thus needed, and may provide criteria for selection of offers for running such a national PKI.
Security research has delivered strong theoretical results in several important areas, like: cryptology [34], protocol verification [32], and access control (like Bell-LaPadula or Biba) [17]. While these are important building blocks of secure information systems neither bodies of theory address the system level. An integrated approach is needed to model, analyze and verify the consequences of these and other design choices at all levels on overall security. This requires the development of new, system level, theories.
Secure systems design is fraught with difficulties, as quoted earlier in
this document (Needham-Schroeder protocol, but also GSM encryption).
There is a need for systematic design methods that support the
validation of security objectives early in the design process. Such
design methods will be based on novel abstractions, generic solutions,
and novel ways of composing a secure system from secure components.
Compositional design methods are expected to be key. To assist
designers, tool support for such novel methods is essential, because
tools will be able to cope with a plethora of administrative detail that
would detract the attention of the designer. Many security problems are
operational in nature; they are not specifically technical. Recall the
three B's: Blackmail, Burglary and Bribery. Currently some useful
classifications of security exist, both of attackers and of systems.
Such classifications help to analyze the threats to which a system may
be subjected. Much work needs to be done to integrate into these
analysis and design methods all relevant aspects.
The development of new theories and new design methods must be complemented with significant practical studies. These would on the one hand test the theories and design methods, while at the same time practical projects provide the necessary feedback to validate the design methods, and to refine the theories. Practical projects should target complete systems.
Ultimately themes from the technical area must be combined with notions
from the organizational and legal worlds, so that reasoning can be
extended to the trust that users can or should have in the security
arrangements. The SENTINELS program
aims to achieve this ambitious goal in the long term. One of the tasks
of the Program Committee (see section 6.2)
is to observe these kinds of opportunities.
A global ICT infrastructure where people, services and devices are highly mobile requires considerable thought to creating standardized, interoperable security arrangements.
Security is an abstract notion that must be translated into practical
concepts that are relevant to consumers and businesses. For example,
consider controlling appliances at home via the Internet. To protect
against misuse one might use a smart card to authenticate the homeowner
to the home system. The home insurance company could then charge a high
premium when a low-grade security smart card is used, or a low premium
when a high-grade security smart card is used.
Considerable effort will be needed to develop security
classifications, appropriate regulations, and an evaluation and
regulatory infrastructure. This is not to be confused with Common
Criteria security evaluation, which basically establishes the
procedures used to establish to what extent a product meets its
requirements. Ultimately, a secure system is of no value unless its
users can trust it. The concept of trust must be appropriately
formalized to be able to reason about levels of trust.
Risk management and analysis is an important tool needed to evaluate
requirements so that a system with appropriate security can be
designed. This is an ideal area for multidisciplinary investigations,
for example scrutinizing security and trust scenarios for a particular
application, from a technical, organizational, and societal
perspective.
For instance, an interesting possible future scenario sketched
in [35] is that company networks, just like the company's
physical building and perimeter, may be insured against intrusion.
This will require standardization and consensus about appropriate
protection measures (the computer equivalents of locks and inspection
cameras), and will certainly contribute to the quality of the security
measures. Insurance companies will most certainly put price tags on
the measures that are taken: ``if you continue to use that operating
system, your premium will be twice as high...''. Research into such
security standardization should also be possible within this
SENTINELS framework.
Businesses have their own specific security requirements and
arrangements that must be aligned to the national, legal, and cultural
context, whilst being sufficiently flexible to support business
process change.
A successful SENTINELS project should have a solid
technical content that is put in context via a clear view on the
non-technical issues (such as legal, social and organizational issues)
that are so
important in the field of security engineering. However, the emphasis will
be on the technical content of the work, while SENTINELS-II
will focus in much more detail on the legal, social and organizational
issues.
Different political systems and regulatory domains prescribe different
and often conflicting roles for information security.
Security will be broken so it is important that the victims of attack
have recourse to an efficient legal system. Major challenges are in
making such a system work across national borders. Effective policing
is required to uphold the legal rules. One of the classical challenges
is to be able to ``wire tap'' a communication that is confidential.
Log in
Sentinels
General info
