Upload
peter-cochrane
View
107
Download
0
Embed Size (px)
Citation preview
Hol ist ic
Security
Peter Cochranecochrane.org.uk
University of Singapore 17 November 2017
what we know for sure
Attacks are escalatingThe Dark Side is winningThe attack surface is increasingCyber disruption costs are growingCompanies do not collaborate and shareThe attackers operate an open marketAll our security tools are reactiveAttacker rewards are on the upPeople are the biggest riskThere are no silver bullets
It is time to rethink our strategy and solution space
More of the same butbetter & faster will not
change the game…
…we have to think anew-get out of the boxand do something verydifferent !
CYBER warfare A new and rea l l y b i g game changer
“The Amer ican Mi l i tary can no longer protect the nat ion”
CY B E R war far e COST Pub l i shed numbers vary w ide l y - a l l we can say i s the cos t i s b i g and ge t t ing b i gger year on year
Top 10 economies on l y
CY B E R war far e COST Pub l i shed numbers vary w ide l y - a l l we can say i s the cos t i s b i g and ge t t ing b i gger year on year
Top 10 economies on l y
Al l N ati on s are
Payi n g a pri ce
THE B IG P ICTURECyber security is no longer contained
The Dark Side are winning because they are 100% committed and see this war as total; a much wider conflict than CYBER alone…
They are far more integrated and sharing - than we are and operate as a virtualised workforce driven by money and evil intent…
We do not anticipate their innovation, tactics, tools, attacks, and we don’t think as they do…we are always on the back foot!
We need to:
Scale & ComplexityBeyond human abilities across too many fronts
Physical AND&&Cyber
are integrateD
Relat ionsh ipS
Criminals
T h e D a r k S i d e o f T h e F o r c e !
Rogue States
Hackers
Pol it icos
Terrorists
responsibilityPeople have no security abilities
And why should they ? It is not their problem ! They are just users and victims of very poor design and a lack of support
Industry needs to step up to theplate; take control ; automate &
del iver turnkey solut ions.They sold the products
and services: andshould ensure al loperate safely &
problem free!
Dominated by Government
Forces
Government, Military, Industry, White Hats, General Population
Warfare continues to rapidly evolve,and is now total, embracing: PoliticsMedia, Infrastructure, Institutions,Financial Systems, Intel Agencies,Industry, Banks,Government, Homes,Appliances, Health Care,Emergency Services, Defence,Military, Transportation Systems,Farming, Food Production, Logistics,Networks, Devices, Hardware,Hardware, Software…+++
theatres of warNo longer a so l e m i l i ta ry p re se rve
AIRSEALAND
SPACECYBERCYBER
CYBER EMBRACEAll peoples & all things in the loop
Autonomous Entities Intelligences Computers Networks Electronic Electrical Mechanical Mankind
PopulationMan
and
Man
/Mac
hine
Mad
e T
hing
s
Humans Are The
Minor Players
Cyber is now a part of everything we do and own; what we are - and there are now far more machines than people
ATTAC K S U R FAC E We a re c o m p o u n d i n g o u r p ro b l e m s
I N T E R N E T
M O B I L I T Y
I O T
A n d , M O R E :U s e r s D e v i c e s S e r v i c e s M o b i l i t y N e t w o r k s B r o a d c a s t Soc ia l Nets C o m p l e x i t y e C o m m e rc e A p p l i c a t i o n s Tr a n s a c t i o n s C o n n e c t i v i t y O p e n A c c e s s D i g i t a l i s a t i o n I n f r a s t r u c t u r e G ro w i n g Re w a rd s + + + +
T h e t a r g e t i s g ro w i n g !
WHO ARE THEYAnd their pr imary occupat ion ?
Possible Recruit
Terrorist Trainee
CIA Agent
Rogue Gov Spy
Black Hat
Terrorist
Criminal
Terrorist Recruitor
White Hat
Hacker
Pol ice
Security Agent
CEO/CIO
Social Engineer
Cyber Bul ly Malware
BreederSecurity
Consultant
WHO ARE THEYAnd their pr imary occupat ion ?
Possible Recruit
Terrorist Trainee
CIA Agent
Rogue Gov Spy
Black Hat
Terrorist
Criminal
Terrorist Recruitor
White Hat
Hacker
Pol ice
Security Agent
CEO/CIO
Social Engineer
Cyber Bul ly Malware
BreederSecurity
Consultantp e o p l e a r e n o t j u s t b a d
a n d g o o d i n o n e d o m a i n
t h e i r h a b i t u a l i t i e s a r e
p e r m i a t e a l l d o m a i n s
W H A T A R E T H E I R D E V I C E S
c o m m u n i c a t i n g / h i d i n g
T o w h o m a n d w h a t a r e
t h e y c o m m u n i c a t i n g
What is th is ?A DDoS attack, or something more
Main Event ? Decoy ? Masking ? Diversion ?
Tunnel set up ? Infiltration ? Intel Ops ? Implant ? Theft ? Tests ? +++
AXIOMATICM a c h i n e s d o m i n a t e
Number of Machines >> Number of People
They are by far the biggest communicators
Their sensory capabi l i t ies growing
Their intel l igence is growing
T h e y a r e a p a r t o f u s
We are a part of them
We enjoy an irreversible mutual dependency
“I th ink we can safe ly assume that they are col lect ing vast amounts of data and information…and we do not understand the s igni f icance of most of i t”
AXIOMATICP r o b l e m s o l v i n g
“ O u r b i g g e t s a n d m o s t c o m p l e x c y b e rs e c u r i t y p ro b l e m s c a n n o t b e s o l ve d b y
a n a l o g u e m e t h o d s , a n d t h a t a l m o s tc e r t a i n l y i n c l u d e s t h e h u m a n m i n d ”
AXIOMATICP r o b l e m s o l v i n g
“ O u r b i g g e t s a n d m o s t c o m p l e x c y b e rs e c u r i t y p ro b l e m s c a n n o t b e s o l ve d b y
a n a l o g u e m e t h o d s , a n d t h a t a l m o s tc e r t a i n l y i n c l u d e s t h e h u m a n m i n d ”
A
AI AND Machine Help
has become vital
NEEDLE IN A NEEDLE STACKA multi-tool challengePeople Surveillance Communications Employments Associations Individuals Purchases Networks Habits Social Travel Work +++
Device/s Surveillance Other Device Connect
Net Node Connect Social Networks
eAssoc iat ions eConnections
ePurchases Locations
Habits Travel eMail TXTs Calls Web +++
A
Habits+Activities
GIVE VITAL CLUES
WHAT WE NOW NEED ?An essentials shopping l ist is reasonably short
Global monitoring and shared s ituat ional awareness
Cooperative environments on attacks and solut ions
Universal sharing of identi f ied attacks/developments
Address c loaking & decoy customer s ites/net nodes
Behavioural analys is of networks, devices, people
To continue and expand al l establ ished ef forts
Auto-Immunity for a l l devices including IoT
Secure wireless channels - inv is ib le s ignals
Lets exaM INE THREEThe grey items have been addressed elsewhere
Global monitoring and shared s ituat ional awareness
Cooperative environments on attacks and solut ions
Universal sharing of identi f ied attacks/developments
Address c loaking & decoy customer s ites/net nodes
Behavioural analys is of networks, devices, people
To continue and expand al l establ ished ef forts
Auto-Immunity for a l l devices including IoT
Secure wireless channels - inv is ib le s ignals
Sociology of things
The sociology of things is not understood and has yet to be studied- and it is digital!
RelationshipsThe keys to the security kingdomand behaviors
b e h av i o u ra l a n a lys i sPeople, devices, networks, components, things are habitual
Habituality identifies us
Any deviation indicates some form of change
b e h av i o u ra l a n a lys i sNetwork data shows a marked increase in activ ity
222120191817161514131210987654
Attack generated data
Normal data
Auto-immunityMirrors biological forebears
Applied everywhere 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks
Organisations Companies
Platforms Groups People Mobile
Fixed
Broadcasting Malware
Responding with updated
protection Wider Network Updated
Latest Solution Update
Dynamic isolation of infected devices and components
leading to repairA mix o f c l ean and in fec tedAuto-immunity
A Multiplicity of channelsAttack detection/exposure/thwarting using access diversity
BlueTooth Short Range Device to Cloud Device to Device
WiFi, WiMax Medium Range WLAN/Cloud
Integrated and intelligent security systems embedded
into all products and componentsZigBe/Other ?? Car-to-Car Direct Communications
Defence opportunities in channel/device/system diversity
A wide plurality of channel detection and protection
Attacks almost never isolated or single sourced
Not restricted to single channel/attempt
Secure attack and infection isolation
Diverse immunity/support access
Distributed info sharing
GEO info location
3, 4, 5 G Long Range
Device to Net Device to Cloud
SatCom Broadcast
Auto- immun ityF i g h t i n g f i r e w i t h f i r e
Infinite IoT WirElesSSans channels , bands & regulat ion
“ T h e r e i s n o b a n d w i d t h c r i s i s , a n adherence to the past , l imi ted th inking, bad design and engineer ing….we have to reth ink the day and not be constra ined by the past”
Where it all startedFork lift radio - analogue - long distances - lots of power
CW, AM, FM, SSB+++
P2P Fixed, Broadcast+++
LW, MW, SW, VHF, UHF+++
Terrestrial, Maritime, Airborne+++
~30Bn fixed and mobile broadcast radio & TV receivers dominate followed by simplex
voice transceivers
Big cells and n x1000s of towersFast forward
~7Bn live devices on 3/4G connected to a global net of duplex voice & data comms
• Digital modes only
• Personal mixed use and traffic
• Static base stations dominate
• Terrestrial concentration
• Large cells <20km
Does e ve r y th i ng, bu t bad l yTHE BIG F IX ?
5g• Replaces optical fibre • Outguns 3 & 4G • Gbit/s everywhere
• Will dominate the IoT • +++++ • Cooks a chicken • Improves your sex l ife….
ObservationsI t i s a m i rac l e i t a l l wo rk s
Protocols very inefficient We avoid interference by dynamic juggling!
The spectrum shortage is an il lusion We seldom use more than 20% of the available space
5G unlikely to be a big player It cannot ful ly service the IoT
We need more than incrementalism More bands, channels, modulation and coding schemes are not enough
n e w d i r e c t i o n SFrom connected people to connected things
People ~10Bns
Traffic ~1 Bn
Goods ~100Bns
Components ~1 Tn IoT
E n e r g y l i m i t a t i o n SWe cannot realise such a future using our current approach
Internet and connected devices ~ 10% of all energy generated
What would 50, 250 or 1000Bn IoT devices demand ?
We have to get down from mW to µW, nW and pW
This demands ‘simplicity’ of processing and communications
N e w M o d e sMore things linking off net than on
Most THINGS will never connect to the internet
THINGS will want to network and connect with other THINGS
The IoT is entirely evolutionary and not just revolutionary
New sporadic networks and associations will occur
one size fits all - not!We are going to need a multiplicity of technologies
Cost Per Unit ~ 0 - 20 £, $, €
Size of Units ~ 1 - 50 mm3
Power Used ~ pW - mWSingle Chips Rule
Cont i n u e tW eak i n g ?This heritage/thinking cannot possible get us there
The Illusion of scarcityWhy do we do th i s - i t i s large ly legacy th ink ing
The Illusion of scarcityWhy do we do th i s - i t i s large ly legacy th ink ing
Actuall
y the
spec
trum is
mostl
y unu
sed!
A dense london location~50k WiF i nodes wi th in a 1km rad ius o f L iverpoo l St
New OpportunitiesHigh loss i s a short d i s tance/ reuse +++
God Given Spat ia l F i l ters
Status Quo Leave wel l
a lone
New Terr i tory and new
opportunit ies
Cont inues untouched
Al l modulat ion schemes from the past +new
New modulat ionschemes & modesinc luding hyperDirect SequenceSpread Spectrum
The Illusion of scarcityWhy do we do th i s - i t i s large ly legacy th ink ing far too complex & expensiveU n f i t f o r t h e I o T p u r p o s e - e s p e c i a l l y a t 3 0 - 3 0 0 G H z
New Opportun it i esHigh loss idea l for short d i s tance/ reuse +++
Direct Sequence Spread Spectrum
HYPER Direct Sequence Spread Spectrum
S/N dB
BW Hz
Duration
T seconds
Volumetric representation of S/N, BW and Time Claude Shannon 1945/46
I = B.T log2(1 + k.S/N)
I ~ B.T.K.S/NdB
vv
Back to basics
k.S/N >> 1
The same information transmitted in 3 different modes exploiting S/N, BW and T
S/N dB
BW Hz
Duration
T seconds
degrees of freedom
S/N dB
BW Hz
Duration
T seconds
In the Extreme
‘Waste Bandwidth’ to push the Signal Below the Noise
FiltersCoding
ModulationTiming Recovery
Amplifiers & Mixers
JitterPhase NoiseDoppler ShiftFrequency StabilityMulti-Path Propagation
Negated
BW ~ 500MHz
All digital no analogue elements - mixers, amplifies, filtersUWB ON AFTERBURNERS
From UWB
To HWB Hyper Wide Band
BW ~ 50GHz
SIGNAL CODING/Error Correction => Bit Counting/Averaging
1bit/Hz
0.01bit/Hz
Antennas spanning huge
frequency ranges are a non-
trivial problem…and whilst
fractal antennas are seen to
be (theoretically) the holy grail,
no one has yet succeeded in
realising fully workable designs
Challenge