Collaborative Security Reflections about Security and the Open Internet NLUUG Najaarsconferentie 2015 19 November 2015 www.internetsociety.org
Mission: To promote the open development, evolution, f o e c and use of the Internet r u t o e s n r t e n t e n for the benefit of all d I n e r p o y e f g d o n p l i i o people throughout the n h h e s r c r e e u d t t a u f e , l y c d i n l a o p , s t d n r e a world. m d p n o a l t e s v e d Organizational 2 home for the 9 Global and 9 Independent and 1 n i d e t Inclusive d Not-for-Profit e n n u r o e F t IETF n I y s r b e e n o i P http://www.internetsociety.org/get-involved/individuals 2 Collaborative Security | NLUUG | November 2015
The Open Internet What was that about again? www.internetsociety.org
4 Collaborative Security | NLUUG | November 2015
https://www.flickr.com/photos/worldbank/4725033296/in/album-72157634090168746/ 5 Collaborative Security | NLUUG | November 2015
l a r e n e Accessible G e Interoperable s o p r u P Building Blocks & h c a e R l a b y t o i l Interoperability G r g e t n I & mutual s agreement s e l n o i s s i n m o r i e t P a v o n n I s r e t t a m - y l l a e e r l - b Collaboration t i a s h s e w c - c s A t n a i r a v n i - t e n r e t n i / g r o . y t e i c o s t No Permanent e n r e t n i Favorites . w w w 6 Collaborative Security | NLUUG | November 2015 / / : p t t h
Security, stupid 7 Collaborative Security | NLUUG | November 2015
Open for Open attack and Platform intrusion Permission Malware development less & deployment innovation Attacks and Global Reach crime are cross-border Hard to Voluntary mandate collaboration 8 Collaborative Security | NLUUG | November 2015
9 Collaborative Security | NLUUG | November 2015
10 Collaborative Security | NLUUG | November 2015
Fundamental g n i r e t d Properties and s n o a F e c n e d i g f n n i Values o t C c e t s o e r i t P i n u t r o p p O e v i t c Think Globally e y l t l i o l C i b i s n Act Locally o p s e R d n a n o i t u l s o u v s E n e s n o C 11 Collaborative Security | NLUUG | November 2015
Where the rubber meets the road. 12 Collaborative Security | NLUUG | November 2015
Orgs Development Researchers Devops OPS NSP Security OARC Ops-t SDOs 13 Collaborative Security | NLUUG | November 2015
14 Collaborative Security | NLUUG | November 2015
Mutually Agreed Norms for Routing Security (MANRS) Stimulate visible improvements in security and resilience of Internet Routing by changing towards a culture of collective responsibility 15 Collaborative Security | NLUUG | November 2015
common problems to be addressed incorrect routing coordination and traffic with spoofed collaboration information source IP addresses between network operators Principles 1 The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet. 2 The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions. 3 The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions. 4 The organization encourages its customers and peers to adopt these Principles and Actions. 16 Collaborative Security | NLUUG | November 2015
1 n o i t c A Prevent propagation of incorrect routing information. 2 n o i t c A Prevent traffic with spoofed source IP addresses. 3 n o i t c A Facilitate global operational communication and coordination between network operators. d e c n a v d A 4 n o i t c A Facilitate validation of routing information on a global scale. 17 Collaborative Security | NLUUG | November 2015
Please have this conversation with your stakeholders http://www.routingmanifesto.org/ or http://manrs.org/ r C o u o n t i t a n g c t m a n i f e s t o @ I S O C . o r g 18 Collaborative Security | NLUUG | November 2015
http://www.internetsociety.org/iot/ Collaborative Security and the Internet of Things 19 Collaborative Security | NLUUG | November 2015
Living in a World of Decentralized Data Dr. Burt Kaliski, Jr. Senior Vice President and CTO, Verisign NDSS Workshop on Security of Emerging Networking Technologies (SENT) February 8, 2015 20 Collaborative Security | NLUUG | November 2015
f o k c t s a u L r T l a c i s y h P Establishing l Trust in the a c i t n e d I s e c Object i v e d ‘use’ beyond design criteria s d s e e v n i m L o d g n n a o ) R L r y 0 4 - 5 ( 21 Collaborative Security | NLUUG | November 2015
Areas of Responsibility Examples of Problems Improved algorithms for integer Cryptographic Primitives factorization, too small key size. No end-to-end security, Protocol Specifications and complexity in specifications, Architecture insecure authentication protocols Buffer overflow attacks, poor UI Implementation or other usability problems, poor choice of hardware Enabled debug ports, missing Deployment deployment of security mechanisms Understanding the distributed nature of the development process is essential for tackling security problems. 22 Collaborative Security | NLUUG | November 2015 22 Courtesy: Tschofenig et al, IETF 92 Technical Plenary
Use Cases Business Cases Device Constraints 23 Collaborative Security | NLUUG | November 2015 23 6/11/15
Can you do responsible security on a € 0.04 margin device? 24 Collaborative Security | NLUUG | November 2015
Re-use Internet security technologies: S o m e P r a c t i c a l R e c o m m e n d a t i o n s Use state-of-the-art key length Always use well-analysed security protocols. Use encryption to improve resistance against pervasive monitoring. ▪ Support automatic key management and per-device keys. ▪ ▪ Additional IoT relevant security aspects: Crypto agility is a hard decision and you need to think deeply about it. ▪ See RFC7452 Integrate a software update mechanism and leave enough “head room”. Include a hardware-based random number generator. ▪ Threat analysis must take physical attacks into account. ▪ Use modern operating system concepts to avoid system-wide compromise ▪ ▪ due to a single software bug. ▪ 25 Collaborative Security | NLUUG | November 2015 25 6/11/15
Smart Connected Objects These objects will have a profound impact on our lives. Important Security Questions have not been answered while we deploy. The Collaborative Security Approach has properties that will help to make a positive impact Foster Confidence and Protect Opportunities Evolution and Consensus Fundamental Properties and Values Collective Responsibility Think Globally, Act Locally 26 The Internet Society 6/11/15
Olaf M. Kolkman Chief Internet Technology Officer Kolkman@isoc.org twitter: @kolkman www.internetsociety.org
Recommend
More recommend