Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
ION Hangzhou - RPKI At CNNIC
ION Hangzhou - RPKI At CNNIC
Loading in …3
1 of 28

ION Hangzhou - Keynote: Collaborative Security and an Open Internet



Download to read offline

14 July 2016, ION Hangzhou (China). Afternoon Keynote on Collaborative Security and an Open Internet by Internet Society CITO Olaf Kolkman.

Related Books

Free with a 30 day trial from Scribd

See all

ION Hangzhou - Keynote: Collaborative Security and an Open Internet

  1. 1. Collaborative Security Reflections about Security and the Open Internet ION 2016 Olaf Kolkman 奥拉夫 科尔克门 @Kolkman
  2. 2. Collaborative Security | ION July 2016 2
  3. 3. The Open Internet What was that about again?
  4. 4. Collaborative Security | ION July 2016Collaborative Security | ION July 20164
  5. 5. Collaborative Security | ION July 2016Collaborative Security | ION July 20165
  6. 6. Collaborative Security | ION July 20166
  7. 7. Collaborative Security | ION July 20167 Security, stupid
  8. 8. Collaborative Security | ION July 2016Collaborative Security | ION July 20168
  9. 9. Collaborative Security | ION July 2016Collaborative Security | ION July 20169
  10. 10. Collaborative Security | ION July 201610
  11. 11. Collaborative Security | ION July 201611
  12. 12. Collaborative Security | ION July 2016Collaborative Security | ION July 2016 Where the rubber meets the road. 12
  13. 13. Collaborative Security | ION July 2016 Researchers 13 Development OPS Devops SDOs Orgs
  14. 14. Collaborative Security | ION July 201614 Advertisement, skip in: 0:100:090:080:070:060:050:040:030:020:010:00 12 August 2016, 11:59 PM EDT (UTC-4:00): Paper titles and abstracts due 16 August 2016, 11:59 PM EDT (UTC-4:00): Full submissions for technical papers and panels due NDSS 2017 Call for Papers
  15. 15. Collaborative Security | ION July 201615 Mutually Agreed Norms for Routing Security (MANRS) Stimulate visible improvements in security and resilience of Internet Routing by changing towards a culture of collective responsibility
  16. 16. Collaborative Security | ION July 2016 common problems to be addressed 16 1 The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet. 2 The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions. 3 The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions. 4 The organization encourages its customers and peers to adopt these Principles and Actions. Principles
  17. 17. Collaborative Security | ION July 201617 Prevent propagation of incorrect routing information. Prevent traffic with spoofed source IP addresses. Facilitate global operational communication and coordination between network operators. Facilitate validation of routing information on a global scale.
  18. 18. Collaborative Security | ION July 201618 or
  19. 19. Collaborative Security | ION July 201619
  20. 20. Collaborative Security | ION July 201620
  21. 21. Collaborative Security | ION July 201621 Living in a World of Decentralized Data Dr. Burt Kaliski, Jr. Senior Vice President and CTO, Verisign NDSS Workshop on Security of Emerging Networking Technologies (SENT) February 8, 2015
  22. 22. Collaborative Security | ION July 201622
  23. 23. Collaborative Security | ION July 201623 Areas of Responsibility Courtesy: Tschofenig et al, IETF 92 Technical Plenary Deployment Implementation Protocol Specifications and Architecture Cryptographic Primitives Improved algorithms for integer factorization, too small key size. No end-to-end security, complexity in specifications, insecure authentication protocols Buffer overflow attacks, poor UI or other usability problems, poor choice of hardware Enabled debug ports, missing deployment of security mechanisms Examples of Problems Understanding the distributed nature of the development process is essential for tackling security problems. 23
  24. 24. Collaborative Security | ION July 201624 6/11/1524
  25. 25. Collaborative Security | ION July 201625 Can you do responsible security on a € 0.04 margin device?
  26. 26. Collaborative Security | ION July 201626 6/11/1526
  27. 27. Collaborative Security | ION July 2016 6/11/1527 Foster Confidence and Protect Opportunities Collective Responsibility Evolution and Consensus Fundamental Properties and Values Think Globally, Act Locally Smart Connected Objects These objects will have a profound impact on our lives. Important Security Questions have not been answered while we deploy. The Collaborative Security Approach has properties that will help to make a positive impact
  28. 28. twitter: @kolkman Chief Internet Technology Officer Olaf M. Kolkman

Editor's Notes

  • First a few words about who we are, the Internet society….
  • We usually think of the Internet as a complex network of networks, each operated by autonomous operators whereby the services are only loosely coupled to the offered transport networks that offers a best effort service. where application providers provide their applications
  • When we talk about technology we have to remember that the technology is really an enabler for humans. The technology is primarily a driver for Socio economic capabilities.

    (Although this picture might make you wonder if we give up other social interactions … )

    But.. back to the technology for a bit.
  • Global reach, integrity: Any endpoint of the Internet can address any other endpoint, and the information received at one endpoint is as intended by the sender, wherever the receiver connects to the Internet. Implicit in this is the requirement of global, managed addressing and naming services.

    General purpose: The Internet is capable of supporting a wide range of demands for its use. While some networks within it may be optimized for certain traffic patterns or expected uses, the technology does not place inherent limitations on the applications or services that make use of it.

    Supports innovation without requiring permission (by anyone): Any person or organization can set up a new service, that abides by the existing standards and best practices, and make it available to the rest of the Internet, without requiring special permission.

    Accessible – it’s possible to connect to it, build new parts of it, and study it overall: Anyone can “get on” the Internet – not just to consume content from others, but also to contribute content on existing services, put up a server (Internet node), and attach new networks. 

    Based on interoperability and mutual agreement: The key to enabling inter-networking is to define the context for interoperation – through open standards for the technologies, and mutual agreements between operators of autonomous pieces of the Internet.

    Collaboration: Overall, a spirit of collaboration is required – beyond the initial basis of interoperation and bi-lateral agreements, the best solutions to new issues that arise stem from willing collaboration between stakeholders.

    Technology – reusable building blocks: Technologies have been built and deployed on the Internet for one purpose, only to be used at a later date to support some other important function.

    There are no permanent favourites: While some technologies, companies and regions have flourished, their continued success depends on continued relevance and utility, not strictly some favoured status.
  • The economy, stupid — James Carville had coined as a campaign strategist of Bill Clinton's successful 1992 presidential campaign against sitting president George H. W. Bush.

    Security is like economy.
  • Looking at these invariants to the security perspective.

    Policy measures that are premised on stopping bad things, rather than protecting what is valued, provide no guide as to how far those measures should go.

    If we are not careful, the spectre of cyber threats can be used as a vehicle for control of networks and how they are used, plus pervasive monitoring
  • The Internet, with its high degree of interconnection and dependencies, brings another dimension to the management of risks. Security and resilience of the Internet depends not only on how well risks to you and your assets are managed, but also, importantly, on the management of risks that you (by your action or inaction) present to the Internet ecosystem – the “outward” risks. Additionally, some risks need to be managed by more than one actor.

    This is the notion of collective and shared risk management – a notion that is well aligned with the “public interest” nature of the Internet.
    This latter aspect of risk management is not necessarily self-evident, especially since there is often no obviously identifiable immediate harm to the actors or their assets and, therefore, no direct business case that can be immediately associated with such effort. And, it also is human nature to seek outcomes that further our individual “self-interest”. However, such a narrow approach is counter-productive and, in the long-term, harmful to everyone’s interests – not only will it impact the security of the ecosystem, but it will also diminish the overall pool of social and economic potential that the Internet offers.
  • Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
  • Fostering confidence and protecting opportunities: The objective of security is to foster confidence in the Internet and to ensure the continued success of the Internet as a driver for economic and social innovation.

    Collective Responsibility: Internet participants share a responsibility towards the system as a whole.

    Fundamental Properties and Values: Security solutions should be compatible with fundamental human rights and preserve the fundamental properties of the Internet — the Internet Invariants.

    Evolution and Consensus: Effective security relies on agile evolutionary steps based on the expertise of a broad set of stakeholders.

    Think Globally, act Locally: It is through voluntary bottom-up self-organization that the most impactful solutions are likely to reached.
  • Enough conceptual talk.. lets see where that takes us.
  • Collaborative security happens in may places, perhaps not even consciously. Anywhere where people get together and work towards improving trust of the Internet. No claim for completeness.

    Regional Registries: Maintaining Registries
    Regional Operators: Best Current Practices
    Industry organizations like MAAWG and first coordinating
    Programmers that try to do the right thing by sharing code, reviewing other people code
    Academic conferences that work on improving security

  • A key part of any smart object design is the problem of how to establish trust for a smart object. Typically, bootstrapping trust involves giving the device the credentials it needs to operate within a larger network of devices or services.
    Smart objects will, in many cases, be deployed in places where additional physical security is difficult or impossible. Designers should take into account that any such device can and will be compromised by an attacker with direct physical access. Thus, trust models should distinguish between devices susceptible to physical compromise and devices with some level of physical security. Physical attacks, such as timing, power analysis, and glitching, are commonly applied to extract secrets [PhysicalAttacks].
    Smart objects will, in many cases, be deployed as collections of identical or near identical devices. Protocols should be designed so that a compromise of a single device does not result in compromise of the entire collection, especially since the compromise of a large number of devices can enable additional attacks such as a distributed denial of service. Sharing secret keys across an entire product family is, therefore, also problematic since compromise of a single device might leave all devices from that product family vulnerable.
    Smart objects will, in many cases, be deployed in ways that the designer never considered. Designers should either seek to minimize the impact of misuse of their systems and devices or implement controls to prevent such misuse where applicable.
    It is anticipated that smart objects will be deployed with a long (e.g., 5-40 years) life cycle. Any security mechanism chosen a the outset may not be "good enough" for the full lifespan of the device. Thus, long-lived devices should start with good security and provide a path to deploy new security mechanisms over the lifetime of the device.
    Security protocols often rely on random numbers, and offering randomness in embedded devices is challenging. For this reason, it is important to consider the use of hardware-based random number generators during early states of the design process.
  • ×