Collaborative Security Reflections about Security and the Open - - PowerPoint PPT Presentation

collaborative security
SMART_READER_LITE
LIVE PREVIEW

Collaborative Security Reflections about Security and the Open - - PowerPoint PPT Presentation

Apr 21, 2023 266 likes •548 views

Collaborative Security Reflections about Security and the Open Internet NLUUG Najaarsconferentie 2015 19 November 2015 www.internetsociety.org Mission: To promote the open development, evolution, f o e c and use of the Internet r u t

slide-1
SLIDE 1

www.internetsociety.org

Collaborative Security

Reflections about Security and the Open Internet NLUUG Najaarsconferentie 2015 19 November 2015

slide-2
SLIDE 2

Collaborative Security | NLUUG | November 2015

http://www.internetsociety.org/get-involved/individuals

2

i n d e p e n d e n t s

  • u

r c e

  • f

l e a d e r s h i p f

  • r

I n t e r n e t p

  • l

i c y , t e c h n

  • l
  • g

y s t a n d a r d s , a n d f u t u r e d e v e l

  • p

m e n t Mission: To promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world. F

  • u

n d e d i n 1 9 9 2 b y I n t e r n e t P i

  • n

e e r s Global and Inclusive Independent and Not-for-Profit Organizational home for the IETF

slide-3
SLIDE 3

www.internetsociety.org

The Open Internet

What was that about again?

slide-4
SLIDE 4

Collaborative Security | NLUUG | November 2015 4

slide-5
SLIDE 5

Collaborative Security | NLUUG | November 2015 5

https://www.flickr.com/photos/worldbank/4725033296/in/album-72157634090168746/

slide-6
SLIDE 6

Collaborative Security | NLUUG | November 2015 6

G l

  • b

a l R e a c h & I n t e g r i t y

h t t p : / / w w w . i n t e r n e t s

  • c

i e t y .

  • r

g / i n t e r n e t

  • i

n v a r i a n t s

  • w

h a t

  • r

e a l l y

  • m

a t t e r s

G e n e r a l P u r p

  • s

e P e r m i s s i

  • n

l e s s I n n

  • v

a t i

  • n

A c c e s s i b l e Accessible Interoperability & mutual agreement Collaboration Interoperable Building Blocks No Permanent Favorites

slide-7
SLIDE 7

Collaborative Security | NLUUG | November 2015 7

Security, stupid

slide-8
SLIDE 8

Collaborative Security | NLUUG | November 2015 8

Open Platform Open for attack and intrusion Permission less innovation Malware development & deployment Global Reach Attacks and crime are cross-border Voluntary collaboration Hard to mandate

slide-9
SLIDE 9

Collaborative Security | NLUUG | November 2015 9

slide-10
SLIDE 10

Collaborative Security | NLUUG | November 2015 10

slide-11
SLIDE 11

Collaborative Security | NLUUG | November 2015 11

F

  • s

t e r i n g C

  • n

f i d e n c e a n d P r

  • t

e c t i n g O p p

  • r

t u n i t i e s C

  • l

l e c t i v e R e s p

  • n

s i b i l i t y E v

  • l

u t i

  • n

a n d C

  • n

s e n s u s Fundamental Properties and Values Think Globally Act Locally

slide-12
SLIDE 12

Collaborative Security | NLUUG | November 2015

Where the rubber meets the road.

12

slide-13
SLIDE 13

Collaborative Security | NLUUG | November 2015

OARC Ops-t

Researchers

13

Development OPS Devops SDOs Orgs

NSP Security

slide-14
SLIDE 14

Collaborative Security | NLUUG | November 2015 14

slide-15
SLIDE 15

Collaborative Security | NLUUG | November 2015 15

Mutually Agreed Norms for Routing Security (MANRS)

Stimulate visible improvements in security and resilience of Internet Routing by changing towards a culture of collective responsibility

slide-16
SLIDE 16

Collaborative Security | NLUUG | November 2015

common problems to be addressed

16

incorrect routing information traffic with spoofed source IP addresses coordination and collaboration between network

  • perators

1 The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet. 2 The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions. 3 The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and

  • ther ISPs in line with the Actions.

4 The organization encourages its customers and peers to adopt these Principles and Actions.

Principles

slide-17
SLIDE 17

Collaborative Security | NLUUG | November 2015 17

Prevent propagation of incorrect routing information. Prevent traffic with spoofed source IP addresses. Facilitate global operational communication and coordination between network operators. Facilitate validation of routing information on a global scale.

A c t i

  • n

1 A c t i

  • n

2 A c t i

  • n

3 A d v a n c e d A c t i

  • n

4

slide-18
SLIDE 18

Collaborative Security | NLUUG | November 2015 18

http://www.routingmanifesto.org/ http://manrs.org/

  • r

Please have this conversation with your stakeholders

C

  • n

t a c t r

  • u

t i n g m a n i f e s t

  • @

I S O C .

  • r

g

slide-19
SLIDE 19

Collaborative Security | NLUUG | November 2015 19

Collaborative Security and the Internet of Things

http://www.internetsociety.org/iot/

slide-20
SLIDE 20

Collaborative Security | NLUUG | November 2015 20

Living in a World of Decentralized Data

  • Dr. Burt Kaliski, Jr.

Senior Vice President and CTO, Verisign
 NDSS Workshop on Security of Emerging Networking Technologies (SENT) February 8, 2015

slide-21
SLIDE 21

Collaborative Security | NLUUG | November 2015 21

Establishing Trust in the Object L a c k

  • f

P h y s i c a l T r u s t I d e n t i c a l d e v i c e s ‘use’ beyond design criteria L

  • n

g L i v e d ( 5

  • 4

y r ) R a n d

  • m

n e s s

slide-22
SLIDE 22

Collaborative Security | NLUUG | November 2015 22

Areas of Responsibility

Courtesy: Tschofenig et al, IETF 92 Technical Plenary

Deployment Implementation Protocol Specifications and Architecture Cryptographic Primitives

Improved algorithms for integer factorization, too small key size. No end-to-end security, complexity in specifications, insecure authentication protocols Buffer overflow attacks, poor UI

  • r other usability problems, poor

choice of hardware Enabled debug ports, missing deployment of security mechanisms

Examples of Problems

Understanding the distributed nature of the development process is essential for tackling security problems.

22

slide-23
SLIDE 23

Collaborative Security | NLUUG | November 2015 23

6/11/15

Use Cases Business Cases Device Constraints

23

slide-24
SLIDE 24

Collaborative Security | NLUUG | November 2015 24

Can you do responsible security on a € 0.04 margin device?

slide-25
SLIDE 25

Collaborative Security | NLUUG | November 2015

Re-use Internet security technologies:

Use state-of-the-art key length

Always use well-analysed security protocols.

Use encryption to improve resistance against pervasive monitoring.

Support automatic key management and per-device keys.

Additional IoT relevant security aspects:

Crypto agility is a hard decision and you need to think deeply about it.

Integrate a software update mechanism and leave enough “head room”.

Include a hardware-based random number generator.

Threat analysis must take physical attacks into account.

Use modern operating system concepts to avoid system-wide compromise due to a single software bug.

25

6/11/15 25

S

  • m

e P r a c t i c a l R e c

  • m

m e n d a t i

  • n

s See RFC7452

slide-26
SLIDE 26

The Internet Society 6/11/15 26

Foster Confidence and Protect Opportunities Collective Responsibility Evolution and Consensus Fundamental Properties and Values Think Globally, Act Locally

Smart Connected Objects

These objects will have a profound impact on our lives. Important Security Questions have not been answered while we deploy. The Collaborative Security Approach has properties that will help to make a positive impact

slide-27
SLIDE 27

www.internetsociety.org

Kolkman@isoc.org twitter: @kolkman

Chief Internet Technology Officer

Olaf M. Kolkman