the future of security standards
play

The Future of Security Standards John Kelsey, NIST, Dec 2016 1 - PowerPoint PPT Presentation

Mar 06, 2023 •354 likes •681 views

The Future of Security Standards John Kelsey, NIST, Dec 2016 1 Overview My background Security standards are different How to fail Designing better security standards Building public confidence in standards Wrapup 2 My

  1. The Future of Security Standards John Kelsey, NIST, Dec 2016 1

  2. Overview • My background • Security standards are different • How to fail • Designing better security standards • Building public confidence in standards • Wrapup 2

  3. My background • NIST cryptographer • Worked on several NIST standards • SP800-90A, B, C • X9.82 Parts 2 and 3 • VVSG 1.0, 2.0 • FIPS202 (SHA3) • SP 800-185 (cSHAKE) • And one more, before coming to NIST • syslog-sign 3

  4. Security standards are like other standards... • Usually go through consensus-based standards processes • Same organizations as non-security or non-security-relevant standards ISO IETF X9 IEEE NIST etc. • Similar issues with intellectual property, limited review, slow progress, etc. 4

  5. ...but also NOT like other standards • Ways security standards can fail that don’t apply to other standards • Failures are invisible • More options, backward compatibility, etc. can weaken standard • Consensus standards processes don’t always play well with security • Adversarial participants in the process • Problems with security standards that others don’t face • Security adds cost and hassle • Often imposed on users instead of demanded by users. • Public confidence in standards is critical • Powerful entities often want weaker security 5

  6. Why are security standards hard? 6

  7. Security failures are usually invisible • Security failures are invisible • Product works fine • Interoperates with other products fine • Only problem: all your secrets are leaking to the guy in the van outside. • Failures become visible all at once • High-profile attack or widely publicized academic attack... • ...then they’re repaired in crisis mode • Example: 802.11 WEP, pretty much any other security failure 7

  8. Security adds cost and hassle • Most standards are responding to something users want • Wireless internet • Standard port types that work across vendors • Showing video on the web • Security standards are often imposed on users or organizations • Minimum password requirements • PCI standards for companies handling credit card data • FISMA standards imposed on government agencies • Result: pushback on requirements, doing the minimum required • Example: VVPAT requirements in VVSG 2.0 8

  9. More options = worse security (usually) • Common to have one or two main options everyone actually uses, but then lots of options in the standard • “Everyone’s a winner” • Every company has their own stuff that’s in the standard • This is terrible for security • The more options, the more likely one is weak • If I can force you into supporting the weak option, I get to attack you—even though the usual stuff everyone does is secure. • Example: Heartbleed in OpenSSL • Heartbeat was an almost-never-used option • Implementation error turned it into a huge security hole in millions of computers 9

  10. Backward compatibility hurts security • Common to update standards and leave support for anything in previous versions... • ...even when the update is intended to improve security. • This is usually fine for functionality—the old stuff just doesn’t include the new features. • It’s a disaster for security • Downgrade attacks! • Some people choose the cheapest (weak, old) option • Examples: TLS attacks on export-controlled ciphersuites (Logjam) 10

  11. Backfilling to existing practice • In new standards, common to try to backfill the new standard to fit what people are doing in the field • Justified by cost of changeover • Companies with stuff in the field often on standards committee • Problem: New stuff gets built with same bad security model as old. • This makes it very difficult to improve security with new standard. • Example: 3DES and SHA1 in TLS and new NIST standards • Example: SWEET32 (attacking use of 3DES because of its small block) 11

  12. Algorithm agility—the wrong way • Standards groups often justify having lots of different crypto options for the sake of algorithm agility . • ”Everyone is a winner” • Common situation: One mandatory-to-implement algorithm, ten seldom-used, poorly-analyzed one. • If the mandatory algorithm is broken, you can’t turn it off ! • Real algorithm agility means you can turn any algorithm off without breaking things. • Ideal situation: Two strong, mandatory-to-implement algorithms. • If one is broken, you CAN turn it off! 12

  13. Standardization process vs security 13

  14. Closed standards process • Many standards processes don’t allow outsiders to comment • This excludes many people who might give useful reviews • Academics • Grad students • New researchers wanting to make a name • Commonly standards cost a lot of money! • Result: only people on standards committee can see documents • Attacks don’t get found for many years 14

  15. Procedural issues with standards • Design by committee • Usually not a great idea • Really really bad for security and especially crypto • Need one coherent security model in mind • Long process with many participants • Opportunity for bad things to get slipped in or good things to get broken • Editing committee may change over time—easy for important knowledge to get lost. • Insularity • Ignoring external feedback • The “Not Invented Here” syndrome 15

  16. Adversarial participants • Normal standards processes have some adversarial elements • Competitors trying to spike each other’s stuff • People trying to slip IP into standard so they can collect royalties • Security standards have much uglier potential adversaries, who may want to... • generically weaken security • delay use of security that would make their jobs harder • install a specific backdoor for their own access 16

  17. Who might want to weaken a security standard? • Intelligence agencies (foreign and domestic) • Law enforcement agencies (many different countries) • Companies that use exploits in their business • Companies whose business model is threatened by security • Even criminals • Example: Dual EC DRBG in SP 800-90 and X9.82 17

  18. What’s needed for future security standards? 1. Getting the technical details right 2. Gaining public confidence 18

  19. Getting the right expertise • Very important to get the science/math/technology right in the design • This requires expertise which isn’t always available in standards committee • ...also requires time from high-value people. • Example: SHA3 competition, CAESAR competition • Making a good selection from outside designs requires expertise • Building something new requires even more expertise 19

  20. Getting expert feedback on technical details • Standards often involve technical details from a variety of fields • Example: SP 800-90 • Symmetric crypto • Asymmetric crypto (not anymore) • Statistics • Information theory • Important to get feedback from experts in all those fields • Not so easy to get experts to read a whole standard! • Alternatives • Summaries of narrow technical issues that need review • Academic papers and presentations 20

  21. How meaningful are your review comments? • Any security standard needs review by people with the right expertise • NOT just the designers! • Limited expertise available in standards organization/committee • Solutions: Public comment period, internal comments by other participants in standards group • Question: How do you know how much depth of review you’ve gotten? • Lots of nitpicky comments << a few careful analyses • Is there someone whose job is to do a thorough review? • Do they know it’s their job? • Do they have enough time and resources to do it? 21

  22. How will it be used? [Implementations] • How will this standard be used in practice? • What errors will implementers make? • What errors will users of standard make? • Error-prone? • How hard is it to mess up implementation or use? • Misuse resilience • How much security do they retain if they mess something up? • Examples: DSA and random numbers, GCM and nonce reuse 22

  23. How will it be used? (2) [Enforcement] • How will standard be enforced and applied? • Testing labs? • Can labs test all the critical security requirements? • Do they have expertise and incentives to do so? • Auditors? • How will auditors know whether your standard is being followed or implemented correctly? • Example: SP 800-90B, GCM 23

  24. What’s needed for future security standards? 1. Getting the technical details right 2. Gaining public confidence 24

  25. Confidence is critical for success • Failures of security are invisible... • ...so conspiracy theories and FUD (Fear, Uncertainty, Doubt) can run wild. • Lack of confidence means security standards aren’t adopted widely— leads to • Balkanization (everyone does their own thing) • Snake-oil (don’t trust the standard, trust my million-bit-key cryptosystem) • No security (people don’t use anything because they’re scared) • Example: Use of Intel RNG 25

  26. Where did your constants come from? • Lots of crypto standards have some constants • S-boxes • Bit permutations • Matrices • Initial values • Need to be transparent about where these came from • ..and need to show they weren’t chosen to weaken standard. • Rigidity means choosing constants in such a way that designer had few (or maybe only one) plausible choices for them. • Example: NIST elliptic curves 26

Recommend

IPFIX/PSAMP: IPFIX/PSAMP: What Future Standards Can What Future Standards Can Offer to Network

IPFIX/PSAMP: IPFIX/PSAMP: What Future Standards Can What Future Standards Can Offer to Network

IPFIX/PSAMP: IPFIX/PSAMP: What Future Standards Can What Future Standards Can Offer to Network Security Offer to Network Security Tanja Zseby, Elisa Boschi, Thomas Hirsch, Lutz Mark zseby@fokus.fhg.de Measurement Requirements for Network

332 views • 19 slides
ANSI Homeland Security Standards Panel Global Supply Chain Security Standards and Annual Plenary

ANSI Homeland Security Standards Panel Global Supply Chain Security Standards and Annual Plenary

ANSI Homeland Security Standards Panel Global Supply Chain Security Standards and Annual Plenary Meeting Mary G. Foster, PharmD USP Chair, Expert Committee, Packaging, Storage &amp; Distribution Aphena Pharma Solutions, VP Quality &amp;

578 views • 8 slides
5/18/2017 Security Governance, Standards &amp; Frameworks Integrated Security Destination Area

5/18/2017 Security Governance, Standards &amp; Frameworks Integrated Security Destination Area

5/18/2017 Security Governance, Standards &amp; Frameworks Integrated Security Destination Area Agenda Brief Overview Lightning Talks Discussion 2 Security Governance, Standards &amp; Frameworks Guide decision making and

276 views • 4 slides
ANSI Homeland Security Standards Panel Workshop on CBRNE Standards Development Of CBRN

ANSI Homeland Security Standards Panel Workshop on CBRNE Standards Development Of CBRN

ANSI Homeland Security Standards Panel Workshop on CBRNE Standards Development Of CBRN Respiratory Protection Standards September 11, 2012 Jonathan Szalajda, NIOSH, National Personal Protective Technology Laboratory Chemical, Biological,

688 views • 7 slides
International social security standards and challenges to social security Lessons for a

International social security standards and challenges to social security Lessons for a

15 th PPF MEMBERS CONFERENCE Arusha 19-21 October 2005 International social security standards and challenges to social security Lessons for a Tanzanian reform debate Krzysztof Hagemejer Policy coordinator Social Security Department,

499 views • 47 slides
2005 Security Industry Association: FIPS 201 Topology Standards on Steroids: FIPS 201 Teresa

2005 Security Industry Association: FIPS 201 Topology Standards on Steroids: FIPS 201 Teresa

2005 Security Industry Association: FIPS 201 Topology Standards on Steroids: FIPS 201 Teresa Schwarzhoff, NIST June 2005 Topic: Standards, Standards, Standards U.S. Government - FIPS Homeland Security Presidential Directive 12

433 views • 32 slides
Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS ROCK CK S STEVENS, KEVIN HALLIDAY, MICHELLE MAZUREK // UNIV IVERSIT ITY O OF M MARYLAND JOSIAH DYKSTRA, JAMES CHAPMAN, ALEX FARMER //

290 views • 27 slides
Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

LASER Workshop 2020 Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards Rock Stevens , Kevin Halliday, Michelle Mazurek / / University of Maryland Josiah Dykstra, James Chapman, Alexander F armer

345 views • 22 slides
Cybersecurity Standards and the Smart Grid Marianne Swanson Computer Security Division

Cybersecurity Standards and the Smart Grid Marianne Swanson Computer Security Division

Cybersecurity Standards and the Smart Grid Marianne Swanson Computer Security Division Information Technology Laboratory National Institute of Standards and Technology April 19, 2012 1 Cyber Security Working Group (CSWG) Background To

370 views • 9 slides
$ CURRENT STATE FUTURE: STATE DIGITAL ENTERPRISE Access layer (APIs) SECURITY INTEGRATION

$ CURRENT STATE FUTURE: STATE DIGITAL ENTERPRISE Access layer (APIs) SECURITY INTEGRATION

$ CURRENT STATE FUTURE: STATE DIGITAL ENTERPRISE Access layer (APIs) SECURITY INTEGRATION PERF/SCALE STANDARDS HOW: DIGITAL TRANSFORMATION WEB SERVICES REST MICROSERVICES TASKS (PROCESSES) DECISIONS IF IF (RULES) BUSINESS ON

488 views • 30 slides
Standards for Biothreat Detection Standards Development in Response to Terrorism Threats ANSI

Standards for Biothreat Detection Standards Development in Response to Terrorism Threats ANSI

Standards for Biothreat Detection Standards Development in Response to Terrorism Threats ANSI Homeland Security Standards Panel Tenth Annual Plenary Meeting: Achievements from the Past Decade and Charting the Path Forward November 9, 2010

385 views • 12 slides
PCI-DSS Compliance and Protection Payment Card Industry Data Security Standards Network

PCI-DSS Compliance and Protection Payment Card Industry Data Security Standards Network

PCI-DSS Compliance and Protection Payment Card Industry Data Security Standards Network Security February 2013 What is PCI-DSS The Payment Card Industry Data Security Standards is a set of comprehensive requirements for enhancing payment

293 views • 11 slides
Information Session Facilitators names Aim To increase awareness of the: NMC Education

Information Session Facilitators names Aim To increase awareness of the: NMC Education

Future Nurse Future Midwife Information Session Facilitators names Aim To increase awareness of the: NMC Education Standards (2018) Future Nurse: Standards of Proficiency for Registered Nurse what's new? Standards for Student

732 views • 34 slides
A New Future for Social Security Consultation on Social Security in Scotland Background Why is

A New Future for Social Security Consultation on Social Security in Scotland Background Why is

A New Future for Social Security Consultation on Social Security in Scotland Background Why is the Scottish Government Consulting? The Scotland Act 2016 makes provision for the transfer of responsibility for a number of social security

318 views • 17 slides
Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn

Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn

Security Standards Information Security Prof Hans Georg Schaathun Hgskolen i lesund Autumn 2011 Week 4 Prof Hans Georg Schaathun Security Standards Autumn 2011 Week 4 1 / 1 Evolution of Standards Outline Prof Hans Georg

521 views • 36 slides
Todays topics Unix history Unix philosophy Unix standards Unix future Future

Todays topics Unix history Unix philosophy Unix standards Unix future Future

Todays topics Unix history Unix philosophy Unix standards Unix future Future classes Unix history The Unix family of operating systems have been in existence since around 1969. Most folks agree the system that Ken

1.13k views • 57 slides
International Labour Standards ILO/ACFTU

International Labour Standards ILO/ACFTU

International Labour Standards ILO/ACFTU International Seminar on Social Security Promotion Xiamen, China, 21-23 October 2009 Co-odinator for Asic and the Pacific Social Security

179 views • 13 slides
Security &amp; Surveillance Data Breach Notification and Cybersecurity Standards in the U.S. and

Security &amp; Surveillance Data Breach Notification and Cybersecurity Standards in the U.S. and

Security &amp; Surveillance Data Breach Notification and Cybersecurity Standards in the U.S. and E.U. Jonathan P . Armstrong, Eversheds LLP , Leeds and Bruce A. Heiman, Preston Gates Ellis &amp; Rouvelas Meeds LLP , Washington D.C.

181 views • 7 slides
Next Generation Science Standards and the Future of Science M AY 2 0 T H , 2 0 1 4 M A RC Z E

Next Generation Science Standards and the Future of Science M AY 2 0 T H , 2 0 1 4 M A RC Z E

Next Generation Science Standards and the Future of Science M AY 2 0 T H , 2 0 1 4 M A RC Z E L M A N OW I C Z JA M I E N E DW I C K &amp; J I L L O C H A C H E R The Marshmallow Challenge The task is simple: in eighteen minutes,

365 views • 32 slides
Where We Came From: Charting the Path Forward Bert M. Coursey National Institute of Standards

Where We Came From: Charting the Path Forward Bert M. Coursey National Institute of Standards

Where We Came From: Charting the Path Forward Bert M. Coursey National Institute of Standards &amp; Technology U. S. Department of Commerce Tenth Annual Plenary ANSI Homeland Security Standards Panel November 9, 2011 The Absence of Standards is

516 views • 14 slides
The Future of Internet Security Keeping up with the ever changing security Drupalcon 2017

The Future of Internet Security Keeping up with the ever changing security Drupalcon 2017

The Future of Internet Security Keeping up with the ever changing security Drupalcon 2017 threats to Drupal and the web 1 Who is this guy? Chris Teitzel Founder / CEO Lockr technerdteitzel Cellar Door 7 years 10 months in Drupal

694 views • 35 slides
Standards (code and otherwise) often talk about code standards, but many teams also use

Standards (code and otherwise) often talk about code standards, but many teams also use

Standards (code and otherwise) often talk about code standards, but many teams also use document standards, version control standards, bug reporting standards, process standards, etc goal is to reduce confusion, errors, omissions in

529 views • 5 slides
AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and Security Enabler AI Security Enabler AI enables security applications Security enables better AI Integrity: produces intended/correct

1.03k views • 81 slides
Flexibility and Robustness: The Cloud, Standards, Web Services and the Hybrid Future of

Flexibility and Robustness: The Cloud, Standards, Web Services and the Hybrid Future of

Flexibility and Robustness: The Cloud, Standards, Web Services and the Hybrid Future of Translation Technology By Elliot Nedas XTM International enedas@xtm-intl.com Tel: +44 (0) 1753 480 469 The Content Cycle Interdependence Drives the

308 views • 19 slides

More recommend