The Mathematical Sciences' Role in Homeland Security Proceedings of a Workshop (2004) / Chapter Skim
Currently Skimming:
Communications and Computer Security
Communications and Computer Security
Pages 394-456
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 394... ...
Bush as ~ god Ass'stant to the President and the Vice Chair of the Presidents Critical Infrastructure Protection Board in December 2001~ The Cyber Security Board supports Dr. Condo~a R'ce' Wat'cna~ Security Advisor and Tom Ridge' Secretary of Homeland Security.
|
From page 396... ...
396 DR. SCHMIDT: Thank you very much.
|
From page 397... ...
So with that, let me talk about some of the things that the President's Critical Infrastructure Protection Board is looking at as priorities, and then turn it over to my distinguished colleagues here.
|
From page 398... ...
The National Science Foundation administers it. I think our biggest customer thus far has been the Department of Defense, where they allocate funds through NSF to scholarships to people in advanced degree programs in information assurance, information security.
|
From page 399... ...
The discussion also goes, though, if we train these people and they come back and do two years of government service, they are going to be prime candidates to go in the public sector. My answer is, wonderful, because who are the owners and operators of the critical infrastructure that we care about?
|
From page 400... ...
The other one is the R&D component. There is a true belief, at least in the government circle, and I think it is shared by some of my colleagues, I know when I was in the private sector, many of us talked about it, that there is some wonderful R&D being done in the buildings where the walls that have no windows and being done in the venue of national security.
|
From page 401... ...
I want to touch on another thing that is a priority for us, and that is some pure technology things, the way the Internet was built. That is the domain name servers and border gateway protocols.
|
From page 402... ...
You have got the security, you've got the privacy, you've got the availability component. There has been a lot of discussion of late -- this is a little bit of a digression from my 402
|
From page 403... ...
We are seeing a lot of these digital control systems being accessible or addressable from the Internet. It makes business sense, 403
|
From page 404... ...
When we talk to some of the people that are involved in the technology designing some of these things - this is something that maybe you all can collectively help with -- they say, we would like to do more. But what happens is, even if we are looking to do a simple thing like authentication a digital control system, when we are talking nanosecond switching time, there is no way to authenticate something and still do the switching in an appropriate manner.
|
From page 405... ...
Many of the switching controls, for example, in the power grid are based on very, very slight fluctuations in electrical usage that would cause the entire system to switch over to another grid to provide power. Those are the sort of instantaneous controls that need to be switched, but there has also got to be the ability to do 405
|
From page 406... ...
Thank you very much. I'd like to start out by asking Dorothy Denning to step up and give us her thoughts on it.
|
From page 407... ...
Therefore, the administration has asked Congress for funds to support competitive R&D programs that fill this gap. Other priorities inclucle improving Internet security, and reviewing security stanciarcts for digital control systems, such as power grists or water supplies, some of which are currently accessible from the Internet.
|
From page 408... ...
She is an Association for Computing Machinery (ACM) fellow and recipient of several awards, including the Augusta Ada Lovelace Award and the National Computer Systems Security Award.
|
From page 409... ...
DR. SCHMIDT: Vince Serf and I were at a meeting recently, and Vince in his opening comment was having a similar problem and said, power corrupts, Power Point corrupts absolutely.
|
From page 410... ...
They are a local company which is a managed security firm that monitors and networks their clients. This represents data collected over a six-month period of 300 of their clients.
|
From page 411... ...
DR. DENNING: It could be anything from people just scanning their networks to actually getting in the networks, denial of service attacks, anything that involved either penetration or an attempt to penetrate a computer network.
|
From page 412... ...
412 DR. BICKEL: When you break it down, do you get consistent trends?
|
From page 413... ...
413 complexity vulnerable?
|
From page 414... ...
It has got to be that the cost that you spend on the security has got to be less than the expected losses that you are protecting against, because you don't have an infinite budget to spend on security, and so you have to put it in places where you are going to reduce risk in a cost effective way.
|
From page 415... ...
415 Return on security investment would measure in some way the bang that you got for your buck, so to speak. The comment like you just mentioned is that it is very difficult to measure this, because a lot of it is intangibles.
|
From page 416... ...
To me, the security challenge that has to be met is developing security better than we are doing now, but it has to be the case that it is also cost effective. What that means is that as we go forward, we have to base it on sound mathematical models so that we can do good analysis.
|
From page 417... ...
There are a lot of questions about what we can expect from a return on security investment if we do certain things. I would like to see research that goes more in that direction.
|
From page 418... ...
Spend a little bit of time hardening that network, and now your network performs better. So this is the kind of data I had .
|
From page 419... ...
So if you remediate at the design stage, you have a 21 percent increase, and so on. If you want to get the details of these, these were both published in articles that were published in the Secure Business Quarterly.
|
From page 420... ...
420 I don't know if there is something that needs to be done there, or if it is just appropriate to teach the math and the courses where you drop in IT cryptography and you obviously need number theory. So I teach the number theory in the course, because none of the students otherwise would have picked up the number theory from their basic curriculum.
|
From page 421... ...
We need to scientifically support the best practices and stanciarcts. There are two examples of improved return on security investment basest on empirical data: Studies show that by hardening a server, shutting clown ports, and removing unused services, not only floes security cost-effectiveness improve but the network's throughput increases as well.
|
From page 422... ...
422 Kevin McCurIey Session on Communications and Computer Security Dr. Kevin McCurley is a computer scientist in the Theory Group at IBM Almaden Research Center.
|
From page 423... ...
He is currently working on software security, wireless security, sensor network security, cryptography, and other topics.
|
From page 424... ...
How many of you would identify yourselves as mathematicians, defined however you would like to define it? Any computer scientists?
|
From page 425... ...
I wanted to show you a couple of problems that I had hoped might prove for some fruitful collaboration between the computer security folks and the mathematicians. So I think it is great to see a sprinkling here from both camps.
|
From page 426... ...
Since the topic of this workshop is homeland defense, I thought that critical infrastructure protection was an obvious problem area to talk about. If one looks at the infrastructures in the nation, one finds a number of 426
|
From page 427... ...
So I think the defining characteristic of the critical infrastructure problem is we have got systems here that are very large scale and are tightly interdependent. If we look at the banking system, the correct functioning of the banking system depends first of all on the correct functioning of many banks, but also on a number of other critical infrastructures.
|
From page 428... ...
That is my laptop, plugged into the wall over there, and your refrigerator, and so on and so forth, and the loads on the power system can vary from time to time, both predictably, seasonally, and unpredictably. There is what we might think of as the power grid the transmission system can be broken down into two parts, the local distribution mechanisms from your local area substation to your home, and there is the long distance transmission lines that span the country.
|
From page 429... ...
All the layers of the power grid, for instance, the eligible receiver operation run by the NSA in 1997, I believe, is one of the more troubling exercises I am aware of. The NSA put together a number of computer security experts, and their charter was to take off the shelf software they could download off the Net, nothing but what they could download off the Net, without breaking any laws, in a simulated attack try to see what damage could be done in the United States.
|
From page 430... ...
DR. DENNING: No, they did assume in their paper exercise that anybody with Internet access and just using tools that you could download from the Internet, so it didn't require any special access.
|
From page 431... ...
There were two line failures that occurred nearby each other. I believe a tree fell on the line or something like this, and this led to oscillations in the power grid that caused eventually blackouts in 13 states and affected millions of folks on the West Coast.
|
From page 432... ...
So these are becoming very, very slim margins, and the combination of these trends and deregulation is something to be concerned about. I tried to put together some very simplistic examples that I thought would help give some intuition for how cascading failures can occur.
|
From page 433... ...
We had plenty of slack laying around, plenty of spare capacity, 433
|
From page 434... ...
434 and we lost a line that was carrying 20,000 volts, but we had 20,000 volts of spare capacity laying around, in fact than that, so there should be no problem. If this were a flow problem, all would be well.
|
From page 435... ...
Stepping up the level now, thinking not just about power grids, but about principles that might apply to infrastructure protection in general. We have got a large scale system here.
|
From page 436... ...
They try all possible thoughts, and their focus so far has been on not so much security against malicious attack as robustness random failures. So the premise is that they only worry about a single failure and they exhaustively all possible single failures to see whether any ~~ ~ - ~ .
|
From page 437... ...
A block cipher is a black box like this. It takes two inputs.
|
From page 438... ...
This just means -- the bijectivity means that it can be decrypted, and should be efficiently computable in both directions. This picture illustrates a common design theme for how you build block ciphers in practice.
|
From page 439... ...
Here is an example of a block cipher that has been standardized, that is going to take over the world. It is called the AES.
|
From page 440... ...
The claim is, as far as we know, the conjecture is that this is a secure block cipher. PARTICIPANT: It is secure in the prayer theoretic model.
|
From page 441... ...
This middle layer consists again of a row of S boxes, but in this case the S boxes will be a bijective map. It is just a cubing map in the finite field.
|
From page 442... ...
Typically the kind of finite fields we care about are the two element finite field or the 256 element finite field, or small finite fields of characteristic two. Often the multivariate polynomials are sparse and they are low degree, and we may frequently have a very over-defined system of equations, so many more equations than unknowns.
|
From page 443... ...
literature there has been a number of improvements and refinements discovered. It has been found that you can replace this constant half by any other constant and you still have a polynomial time algorithm by a recursive application of linearization.
|
From page 444... ...
So the obvious question is, why not use Grobner basis algorithms. Let me just say, to my understanding, they are not competitive for these kinds of parameters, because they are exponential in practice and the constants are so huge, that more than 15 unknowns is infeasible, which compares very poorly to the naive exhaustive search attack.
|
From page 446... ...
We shouIcl investigate the AES standard for secure block ciphers. We shouIct investigate a cancticiate public-key encryption cipher that is conjectured to be secure.
|
From page 447... ...
In recent years he has also been working on electronic publishing, electronic commerce, and the economics of data networks, and he is the author of such widely cited papers as "Tragic loss or good riddance: The impending demise of traditional scholarly journals," "The bumpy road of electronic commerce," "Paris Metro pricing for the Internet," "Content is not king," and "The history of communications and its implications for the Internet." He may be known best for an early debunking of the myth that Internet traffic would double every three or four months. Andrew Odlyzko's e-mail address is odlyzko@umn.edu, and all his recent papers as well as other information can be found on his home page at http://www.dtc.umn.edu/~odlyzko.
|
From page 448... ...
Kathy Laskey had some very good comments about general issues, that we have to think about security at a systems level in general, and the issue of what matters to people. When we do that, we also have to think about the general questions of what it is that we mean by security, or what kind of risks we are willing to accept, and look at a whole range of possibilities.
|
From page 449... ...
was a striking event for us, you see many societies, some quite democratic ones such as the British dealing with the IRA, the German dealing with the Bader-Meinhof gang, the Spanish dealing with the Basques, having certain levels of insecurity and terrorism. So in many ways, one could actually say the task is not necessarily eradicating terrorism, which seems to be hard -- everybody wants to do it, but it seems to be essentially impossible with the limits of some societies -but keeping it to a tolerable level.
|
From page 450... ...
Now there is a big debate about the double nickel, 55 mile per hour speed limit, what effect it would have. If you go for a single nickel, five mile per hour speed limit, you could eliminate those deaths.
|
From page 451... ...
There is also the issue of market failures. The general trend has been for very good reasons to rely increasingly on the markets for resource allocations, but there are market failures.
|
From page 452... ...
So we can look at different levels. Most of the problems that society cares about, like reducing the risks of terrorist attacks, seems to be at a system level, the kind of things that Kathy Laskey has been talking about.
|
From page 453... ...
This is a very comfortable mathematical question we can attack. David Wagner then posed a variety of questions having to do with algebraic crypt o systems, and this is straight mathematics; we understand exactly what it is.
|
From page 454... ...
454 We see in the 9/~] events much of the success we have seen in communication was due to the fact that we had cell phones, we had wired phones and we have the Internet , .
|
From page 455... ...
After all, most of the problems that society cares about, like reducing the risks of terrorist attacks, seem to be at a system level. Nevertheless, many problems are much more congenial to the traditional mocle of operation of mathematicians and computer scientists.
|
From page 456... ...
Freedman was the Charles Lee Powell Professor of Mathematics at the University of California at San Diego. The work for which Dr.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.