|
Items in cart [0] |
Questions? Call 888-624-8373 |
| ||||||||||||
| Copyright © 2009. National Academy of Sciences. All rights reserved. Terms of Use and Privacy Statement |
Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 394
394
Howard Schmidt
"introduction by Session Chair"
Transcript of Presentation
Summary of Presentation
Video Presentation
Howard A. Schmidt was appo'nted by President George W. Bush as ~ god Ass'stant to the
President and the Vice Chair of the Presidents Critical Infrastructure Protection Board in
December 2001~ The Cyber Security Board supports Dr. Condo~a R'ce' Wat'cna~ Security
Advisor and Tom Ridge' Secretary of Homeland Security. The Cyber Security Board focuses on
bu'~g ~ specialized group of sonar government and private sector ~~s to focus on cyber
security 'ssues and coord'nat'~n of security re~d incidents.
Previously' Mr~ Schmidt: was chief security officer tor Microsoft Corp.' overseeing the Security
Strategies Group' wh'ch was respons'b~e tor ensur'ng the development of ~ trusted comput'ng
environment via auditing' p01i0y9 688t practices and incubation of security products and practices
Before work'ng at M'crosofI:' Mr~ Schmidt was ~ supervisory spec'a~ agent and d'rector of Me A'~
Foroe Office of Special investigations (AFOSI)' Computer Forensic Lab and Computer Crime and
Intorma1:~on Wartare D'v's'~. While there' he estab~d the t'rst ded'cal:~d cord torens'
lab into the government. AFOS! specialized in investigating intrusions into government and
merry systems by unauthorized persons 'n counter'nte~e organ'~ons and Hymns.
Before working at AFOSI' Mr. Schmidt was with the FB! at the National Drug Intelligence Center'
where he headed the Computer Exp~n Team. He 's recogn'~d as one of the pioneers 'n
the field of computer forensics and computer evidence collection. Before working at the FBl' Mr.
Schmidt was ~ city po~e off`~r from ~ 983 to ~ 994 for the po~e department 'n Chandler'
A ~ ~ ;Z O ~ ~ a
~rY Schmidt served w'th the U.S. Air Force In various ro~s from ~967 to ~ 983' tech on act've
duty and in the civil service He has served in the military reserves since 1989 and currently
Amp 83 ~ CredentIa~ed Bugs Maggot l~ fog ENS. Army 8030~g39 Criminal i~g3~
Div's'cn~ He has testified as an expert witness In Aged and mid courts 'n the arg88 0t
computer crimes computer torens'cs7 and ~ nternet act'v'ty~
Mr~ St;hm'dI hadl a~o served as the 'nternat'~na~ president of the Intormat'cn Systems Security
Assoc'at'cn (ISSA) and the Init~rmatit'n Technology Intormat'cn Sharing and Analysis Center CITE
iSAC). He is a former executive board member of the international Organization of Computer
Evidence and served as the cocha'~ of the Federa~ Computer tnvest'gat'cns Car Me 's
member of the American Academy of Forensic Scientists. He served as an advisory board
member tor the Technical Research Inst'tute of the Wat'~ White Coffer Crime Center and 's ~
distinguished special lecturer at the University of Wew Haven in Connecticut' teaching a graduate
cert't'caie course 'n torens'~ ComputIngD ~0 80~6 83 8~ 8~6 member of the Pres~dent's
Committee of Advisors on Science and Technology in the formation of an Institute for Information
Infrastructure Protectors. biro Schmidt was one of 29 Cry leaders ca~d to the White House to
meet w'th President C~n ore cyUersecur'ty. He has testified before ~ joint cornm'ttee on
computer security and has been instrumental in the creation of public and private partnerships
and 'ntormat'cn~ar'ng 'n`~s
Mr. Schmidt holds ~ bache~or's degree 'n bus~r~s adm'n'strat'~r~ and AL ~6 600~0
organIzatIona~ mar~ement~
394
OCR for page 395
395
395
OCR for page 396
396
DR. SCHMIDT: Thank you very much. It is great
to be here this morning.
I think back to the first e-mail I got from
Jennifer about this meeting. The title itself is somewhat
very ominous as far as mathematics and sciences and
homeland security. At first, I thought she was joking with
me, in all honesty.
As I started thinking about it, as I got the e-
mail that said this really wasn't a joke, I started looking
into it and thinking, what better way to solve some of the
issues that we have got that aren't going to be solved with
guns, gates and guards and fences and stuff like that. So
I thank you for the opportunity to be here.
I am joined by some extremely distinguished folks
on the panel and the follow-on review and discussion. I am
just going to say their names for right now. After I asked
everyone give me some little talking points on your bias
and everything, I am probably going to let them do it,
because I think I would not do them justice by introducing
them my way, so I would like to have them do it themselves.
In that vein, as we go through the session this
morning, I would like to start out just framing some of the
things we are looking at from the White House perspective
in this area. As I have talked to the panelists -- and
396
OCR for page 397
397
their presentation -- in the back of your mind, and I'm
sure they will point it out specifically, look at some of
the correlations between some of the things we are looking
to accomplish in creating a national strategy in defending
cyberspace, where is where one of our key focuses is, and
some of the things that the panelists are going to be
talking about.
Going back to my previous comment about thinking
this might be a joke, in reality this makes a lot of sense.
Listening to what they are going to say, you will see
whether there is so much potential in using the talent to
solve some of the key problems we have got.
I'm not sure if it was Dorothy or someone at one
point talked about the big encryption debate that was going
around. The comment was made, if you think encryption is
the answer to security, you understand neither security nor
encryption. So when you look at the picture from the
things we are trying to solve, it is just as complex as
that.
So with that, let me talk about some of the
things that the President's Critical Infrastructure
Protection Board is looking at as priorities, and then turn
it over to my distinguished colleagues here.
397
OCR for page 398
398
First and foremost, one of the things that we
find to be in short supply is awareness. As we have gone
around the country, we have talked to government leaders,
we have talked to industry leaders. If you get outside
that small sphere of security and you talk about security,
you get the deer in the headlight look, so people start to
drool, going, what are you talking about? Why do I care
about this?
So there is this component about the awareness
and the education we really need to focus on, and build
that piece up. One of the ways we are looking at this
right now through the education component is, we have
created a scholarship program called Scholarships for
Service. The National Science Foundation administers it.
I think our biggest customer thus far has been the
Department of Defense, where they allocate funds through
NSF to scholarships to people in advanced degree programs
in information assurance, information security. They do a
one-for-one; if we pay for one year of tuition, they come
back and do one year of government service, two years and
two years, et cetera.
The intent is to build the cadre of expertise
that we have internal to the government, because we lose it
398
OCR for page 399
399
regularly. Many go back and forth between the private
sector.
The discussion also goes, though, if we train
these people and they come back and do two years of
government service, they are going to be prime candidates
to go in the public sector. My answer is, wonderful,
because who are the owners and operators of the critical
infrastructure that we care about? The private sector. So
it is a win-win situation.
We have a couple of years to beef up the
government stuff, which we need desperate help on. At the
same time, we have the opportunity for those folks to get
some real, live, on the job training, move out into the
private sector and then continue to proliferate the
wonderful things they have learned.
The other priority is the information sharing
part. This is a wonderful forum for that as well. There
is this pace of activity that goes on that you see in the
newspaper all the time. I read one last night. There was
a bunch of computer sites in Korea, in which the ill-
intended people are doing things and using those to launch
attacks on other systems around the world.
That is a bad thing. But when you try to get
details and you try to get some information, it is
399
OCR for page 400
400
generally a standoff approach. We are not privy to a lot
of the details. We are not privy to a lot of the things
that could help us better protect ourselves. So this
sharing amongst professionals, and there is no group that
does it better than academia, and sharing that information
and saying, let's figure out how this is going on, let's
figure out the defenses to make it work accordingly.
The other one is the R&D component. There is a
true belief, at least in the government circle, and I think
it is shared by some of my colleagues, I know when I was in
the private sector, many of us talked about it, that there
is some wonderful R&D being done in the buildings where the
walls that have no windows and being done in the venue of
national security.
There is some really great stuff being done by
the researchers in the private sectors to generate things
that can be used to bring to market to benefit the public.
But there is some space in the middle that we are not sure
what that space is. We think there is some really hard-
core, thoughtful R&D that needs to be done that is not
being funded.
So we have asked the Congress to give us a
boatload of money, in the tens of millions of dollars, to
fund some key programs. People come to us and say, gee, :
400
OCR for page 401
401
think we can do this, and this will help the overall
package and we can help fund these things on the front end.
So the R&D is extremely important.
I want to touch on another thing that is a
priority for us, and that is some pure technology things,
the way the Internet was built. That is the domain name
servers and border gateway protocols.
If you are not familiar with this aspect of it,
the domain name servers are those things, when you type in
a name, it is converted to a number, when then identifies
your address on the Internet. There are about 14 of them
out there. So if I wanted to disrupt activity in the
online world, be it commercial or be it telecommunications,
that is where I will go, because I can knock out those
fairly handily because they are addressable from the
Internet. They are addressable in spaces where they have
to be able to have an in-band address to be able to
communicate. So consequently, we have some real concerns
about that.
I don't think redundancy is the answer. In the
border gateway protocols, the language they talk in is
insecure. Many times it is done in unclear text. We see
in this, particularly going back to the illustration I
mentioned about career -- one of the things I cited was
401
OCR for page 402
402
being able to create denial of service attacks as a result
of it.
Then there is the priority we have about
standards and best practices. Many of you -- and Dorothy
and I were just talking about this in the lobby, about the
old Orange Book that effectively said, here is the standard
to which you design things. Then no one can meet the
standard, so consequently they start to give exemptions.
Then exemptions led to almost total obliteration of the
standard and say don't worry about it anymore, because
nobody can meet it.
We have got to find a meaningful scientific way
to say, we can bring this up. We can raise the standard so
we can use the procurement power that we have both within
government and outside of government to make sure that the
development process meets what we need in the areas of
security.
Let me broaden security for just a moment,
because I am almost fanatical in some cases about this. I
want to use the word trust, because security is only a
component of it. I will qualify that right now. You have
got the security, you've got the privacy, you've got the
availability component. There has been a lot of discussion
of late -- this is a little bit of a digression from my
402
OCR for page 403
403
notes here, but there has been a lot of discussion that
security is going to trump privacy.
I oftentimes get asked, where we are going to
level? I don't know. We are still in this aftershock mode
after what happened last year. So am I willing to give up
a little bit of my privacy for security? I don't know that
I will be six months from now, so I don't know what I'll
feel. But I think fundamentally, the issue always comes
across as an issue of trust. You have to have the
security, you have
the availability.
and best practices
The next
to have the privacy, you have to have
So we are talking about the standards
that we look to; those all play into it.
one is something that is extremely
worrisome to me as well as many of my colleagues, and that
is digital control systems. Last year, there was an
incident where a disgruntled employee left a company in
Australia, went back in in an unauthorized manner, broke
into the systems and reversed the flow of raw sewage.
Instead of going into the raw sewage treatment plant, they
went into one of the local parks. It is all because of
accessibility to digital control systems.
Look what we are seeing today. We are seeing a
lot of these digital control systems being accessible or
addressable from the Internet. It makes business sense,
403
OCR for page 404
404
but it doesn't make security sense. Not only do we have
directly accessible from the Internet, but we are finding
some that are saying, no, we don't have any addressable
space on the Internet, and you find out that they have
digital control systems connected to an internal
administrative LAN which is then connected to the Internet
on the other side, which translates into, they are
addressable from the Internet.
That is very worrisome. It controls the power
grid, it controls the water supplies in many instances. It
controls the water flowing over many dams to generate
electricity. There is a whole bunch of things that are
being controlled by digital control devices right now.
When we talk to some of the people that are
involved in the technology designing some of these things -
- this is something that maybe you all can collectively
help with -- they say, we would like to do more. But what
happens is, even if we are looking to do a simple thing
like authentication a digital control system, when we are
talking nanosecond switching time, there is no way to
authenticate something and still do the switching in an
appropriate manner. So we need to figure out a scientific
way to be able to do the authentication without losing the
404
OCR for page 446
446
A Few Open Problems in Computer Security
Davis! Wagner
Two topics might react to fruitful collaboration between computer security people and
. .
mathematicians:
i. Critical infrastructure protection. Infrastructures such as electric power, water, oil,
gas, and telecommunications were not necessarily clesignect for security when they were
first ctepioyect, and they continue to evolve. They are increasingly ctepenctent on
information technology, which is troubling because the security of IT is not reliable
enough.
"Can we build a mathematical mocle! that allows us to analytically express
some of the system's properties? In particular, can we measure security
against malicious attack?
Is there an efficient way to detect whether there exist any lines in the power
system whose single failure will produce a cascading failure?
Can we Reconfigure the system to eliminate or bolster these weakest finks?
More abstractly, can we design systems that are inherently self-stabilizing-
that is, robust?
2. Enhancing security for block ciphers.
We shouIcl investigate the AES standard for secure block ciphers.
We shouIct investigate a cancticiate public-key encryption cipher that is
conjectured to be secure.
We shouict investigate a certain po~ynomiaI-time algorithm proclucect by a
recursive application of linearization.
446
OCR for page 447
447
Andrew Odlyzko
"Remarks on Communications and Computer Security"
Transcript of Presentation
Summary of Presentation
Video Presentation
Andrew Odlyzko is director of the Interdisciplinary Digital Technology Center, holds an ADO
professorship, and is an assistant vice president for research at the University of Minnesota. Prior
to assuming that position in 2001, he devoted 26 years to research and research management at
Bell Telephone Laboratories, AT&T Bell Labs, and AT&T Labs, as that organization evolved and
changed its name.
Dr. Odlyzko has written more than 150 technical papers in computational complexity,
cryptography, number theory, combinatorics, coding theory, analysis, probability theory, and
related fields, and has three patents. He has an honorary doctorate from the Universite de la
Marne la Vallee and serves on the editorial boards of over 20 technical journals, as well as on
several advisory and supervisory bodies.
He has managed projects in such diverse areas as security, formal verification methods, parallel
and distributed computation, and auction technology. In recent years he has also been working
on electronic publishing, electronic commerce, and the economics of data networks, and he is the
author of such widely cited papers as "Tragic loss or good riddance: The impending demise of
traditional scholarly journals," "The bumpy road of electronic commerce," "Paris Metro pricing for
the Internet," "Content is not king," and "The history of communications and its implications for the
Internet." He may be known best for an early debunking of the myth that Internet traffic would
double every three or four months.
Andrew Odlyzko's e-mail address is odlyzko@umn.edu, and all his recent papers as well as other
information can be found on his home page at http://www.dtc.umn.edu/~odlyzko.
.l
~~ ~ ,,¢ ~~ ~ ~~
At/ -
........ ~. ~~
:::::::::::::::::::::::::::::::::::::::::::::::::
. ~
~ >.Y~ :; · i:. .
447
OCR for page 448
448
DR. SCHMIDT: Thanks, everyone, for coming back
so rapidly. We are going to move to the next section on
review and discussion. Michael and Andrew are going to be
joining us from the University of Minnesota and Microsoft
Research. Michael will make his comments first. Well,
would you like to go first?
DR. ODLYZKO: When you talk about the difficulty
with big secure systems, just think how hard it is to do a
very simple coordination system like this one. That is why
software is hard.
Let me just comment on some of the talks here,
and maybe also a bit more generally. Kathy Laskey had some
very good comments about general issues, that we have to
think about security at a systems level in general, and the
issue of what matters to people.
When we do that, we also have to think about the
general questions of what it is that we mean by security,
or what kind of risks we are willing to accept, and look at
a whole range of possibilities.
Just to make it very clear that we do have a wide
range, let me tell you a little joke. The story goes that
back in the old days of the Soviet regime, a Western group
was visiting the Soviet Union. They are being driven
through the Siberian tundra, drive for miles, not a soul in
448
OCR for page 449
449
sight, deep forest, et cetera. They come to a clearing,
and they see a pile of gold bricks, and not a soul in
sight, and nothing else. Their tour guide says, how come
you have this gold here, totally unprotected? This is a
Communist regime. Gold is nothing. The real treasure of
the Communist regime are the people; those we watch night
and day. So there are different ways to achieve security.
The question is, how do you want to do it, and what kind of
security do we want.
Something that Werner Stuetzle explained
yesterday is that we have societies which are much more
regimented than ours, which have suffered from terrorism
and have managed to live with it. Indeed, while 9/~] was a
striking event for us, you see many societies, some quite
democratic ones such as the British dealing with the IRA,
the German dealing with the Bader-Meinhof gang, the Spanish
dealing with the Basques, having certain levels of
insecurity and terrorism.
So in many ways, one could actually say the task
is not necessarily eradicating terrorism, which seems to be
hard -- everybody wants to do it, but it seems to be
essentially impossible with the limits of some societies --
but keeping it to a tolerable level.
449
OCR for page 450
450
You may also look at some other risks that we put
up with. 40,000 people die on the roads each year, after
all. Now there is a big debate about the double nickel, 55
mile per hour speed limit, what effect it would have. If
you go for a single nickel, five mile per hour speed limit,
you could eliminate those deaths. Well, we are not willing
to do that, which says that we are willing to accept a
certain level of risk.
This then goes back to some of the comments
people made, that we have to look at the whole system. We
have to look at economics, sociology, politics, general
public policy questions that are involved here.
Now, to come back to the presentations in the
session, Dorothy Denning's presentation was largely at the
large systems level, where she is explaining that we should
be looking at the economic questions, return on investment.
One way I might phrase some of what she said is that one
could think about these issues in terms of insurance.
Other people have made the same point. I think
Ross Anderson may have been first almost a decade ago when
he said, when you think about security issues and if you
think about what is the right level of security, ask your
insurance company.
OCR for page 451
451
Unfortunately, that doesn't always work very
well. The problem is that insurance is unsuccessful when
you are dealing with well understood risks. Indeed, all
insurance policies that I am aware of exclude war risk, and
many of them increasingly are excluding terrorist risks,
too. When you are talking about rapidly changing
technologies, insurance may not be the right approach.
There is also the issue of market failures. The
general trend has been for very good reasons to rely
increasingly on the markets for resource allocations, but
there are market failures. We do not rely on markets to
provide police protection, et cetera. There is a question
whether the commercial industry is behaving optimally for
society, given the incentives they face.
That goes to the question of exactly what kind of
assurance do we really want as a society, do we want
government to either bribe or coerce companies like
Microsoft and IBM into producing more secure systems.
These are very important questions.
These are all very high level questions, and they
are also the kind of questions which go to what we might
call the integrationist line of thought in science and
technology. Mathematics and physics has been more the
reductionist approach. This gets to the question of very
451
OCR for page 452
452
uncomfortable cultural transition that many mathematicians
and computer scientists as well have to undergo when faced
with these questions. These mathematicians have tended to
like nice, neatly posed problems.
It is also true of physicists. The theory of
gravitation has been cited as one beautiful example, then
of course Einstein's theory of relativity, and now we have
the search for the ultimate unified theory of physics.
On the other hand, if you look at where resources
are going or what is happening, they are going to other
areas. There is a huge shift in general funding of
research and development at the federal level, but also in
the commercial sector towards the biomedical sciences.
What happens in the search for elementary particles or
unified field theory is essentially irrelevant for those
areas. Even if physicists succeed beyond their wildest
imaginations, nobody can figure how that is going to impact
on the bulk of the research that is going on right now not
for the next few decades.
So we can look at different levels. Most of the
problems that society cares about, like reducing the risks
of terrorist attacks, seems to be at a system level, the
kind of things that Kathy Laskey has been talking about.
But there are problems which are more congenial perhaps to
452
OCR for page 453
453
the traditional mode of operations of mathematicians and
computer scientists, and we heard quite a few examples that
she cited here.
Kevin talked about a variety of problems such as
detection of covert -- here we are talking about a much
more manageable problem. We can perhaps model it more
easily, and can talk about applying a variety of
mathematical tools in that situation. General issues of
limits on security, exactly how much information is
protected by different kinds of crypto systems. This is a
very comfortable mathematical question we can attack.
David Wagner then posed a variety of questions
having to do with algebraic crypt o systems, and this is
straight mathematics; we understand exactly what it is.
But even in David's presentation we also had questions of
the other variety, the integrationist approach, namely,
questions about infrastructure security. There are some
questions, very nicely posed mathematical questions, that
do suggest themselves very easily.
others I can see coming out of his presentation. A
general question is, do you build networks which are
reliable but maybe with centralized controls and
efficient, or do you go for redundancy.
453
Or he talked about
some
more
ultra
very
OCR for page 454
454
We see in the 9/~] events much of the success we
have seen in communication was due to the fact that we had
cell phones, we had wired phones and we have the Internet
, .
Not a single one of them was faultless, not a single one of
them operated
as well as
we might have wished, but
altogether they produced quite a satisfactory response
So there is quite a variety of different problems
that mathematical scientists can investigate there.
DR.
Michael?
SCHMIDT:
Thank you very much,
454
Andrew.
OCR for page 455
455
Remarks on Communications and Computer Security
Andrew OcIlyzko
It is important to realize that people are willing to accept some level of risk and that
while it is not necessary (or possible) to eradicate risk, it is possible to keep it at a
tolerable level. In acictition, when one thinks of security issues, one often thinks of
insurance. However, insurance usually cleats with we11-uncterstooct risks. The risks
posed by war, terrorism, and changing technology are, in general, poorly unclerstoocl.
These types of questions are high-level questions and go to what we might call the
intergrationist fine of thought in science and technology. In the past, however,
mathematics often took reductionist approach; mathematicians tenclect to like nice,
neatly posed problems. Many mathematicians, and computer scientists as well, will
have to undergo a very uncomfortable cultural transition when faced with these
questions. After all, most of the problems that society cares about, like reducing the
risks of terrorist attacks, seem to be at a system level.
Nevertheless, many problems are much more congenial to the traditional mocle of
operation of mathematicians and computer scientists. Some examples proposed by
other participants inclucle the detection of covert channels and questions clearing with
algebraic crypto systems.
The basic question is, Do you buiict networks that are uitra-reiiabie and efficient but
maybe with centralized controls, or do you go for reclunciancy? The events of
September ~ ~ seem to indicate the latter, as cell phones, wired phones, and the Internet
all worked imperfectly but well enough in the aggregate so that communication was
satisfactory.
There is quite a variety of different problems that mathematical scientists can
investigate without having to change their traditions, though they will have many more
to consider if they aclopt, at least some of the time, a more integrationist line of
thought.
455
OCR for page 456
456
Michael Freedman
Session on Communications and Computer Security
Michael Freedman is a member of the Theory Group at Microsoft Research. Before working at
Microsoft, Dr. Freedman was the Charles Lee Powell Professor of Mathematics at the University
of California at San Diego.
The work for which Dr. Freedman is best known is the solution of the long-standing Poincare
conjecture in four dimensions, for which he received the Fields Medal. He has received numerous
other awards and honors, including Sloan and Guggenheim Fellowships, a MacArthur Fellowship,
and the National Medal of Science. He is an elected member of the National Academy of
Sciences, the American Academy of Arts and Sciences, and the New York Academy of Sciences.
Dr. Freedman's current research focuses on fundamental problems in the theoretical computer
science, in particular on the P/NP question and nonstandard models of computation.
456
Representative terms from entire chapter:
computer security
