1 / 10

Panel Presentation: (Future) Practices for Protecting Your Digital Assets

Panel Presentation: (Future) Practices for Protecting Your Digital Assets. Prof. Gene Tsudik Associate Dean of Research & Graduate Studies Donald Bren School of Information & Computer Sciences University of California, Irvine gts@ics.uci.edu http://sconce.ics.uci.edu. (my) Research.

Melvin
Download Presentation

Panel Presentation: (Future) Practices for Protecting Your Digital Assets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Panel Presentation: (Future) Practices for Protecting Your Digital Assets Prof. Gene Tsudik Associate Dean of Research & Graduate Studies Donald Bren School of Information & Computer Sciences University of California, Irvine gts@ics.uci.eduhttp://sconce.ics.uci.edu

  2. (my) Research • Group security • Membership control, key management • Database Security • Database-as-a-Service model • Authenticity/Integrity in outsourced databases • Privacy in outsourced databases • Ad hoc, mobile network security • Key management • Multicast Security

  3. Current: DSL/Cable/Satellite to home / business Ethernet or 802.11 within home / business Emerging: hi-bw wireless (e.g., beamed from light-pole-mounted Access Points) might replace cable & DSL/phone wires Embryonic: powernet/sewernet/waternet Communication Technologies

  4. Threats 1 • Really unsophisticated users • Access Point impersonation, traffic tinkering • Malicious Code propagation • Viruses, Worms, Email Bombs, Snoopers • SPAM • Phishing  ID theft • DoS attacks • trivial in wireless settings • not difficult with wired either

  5. Threats 2 ? • Eavesdropping • clearly much easier with wireless • from both inside and outside the site • Allows anyone (e.g., voyeurs, criminals, big brother) to snoop on communication • Also, possible to inject “incriminating” traffic that seems like it came from the inside the site • Traffic Analysis – for marketing, SPAM, plain snooping, criminal (e.g., burglary) purposes • type, distribution, size, frequency, timing • host/device characteristics, # of hosts, location, types of devices, etc.

  6. What technology is needed? 1 • Secure tunneling within residential/corporate networks • intelligently “pad” traffic, both in space and time • lots of prior work on traffic analysis counter-measures • Secure tunneling between home and ISP • DoS-resistant wireless networking • Survivable, affordable access devices (combining multiple technologies: cable, DSL, satellite, local wireless, etc.) • New SPAM-fighting technologies! • New payment instruments

  7. What technology is needed? 2 Providers need techniques to detect/inhibit subscribers who are wittingly or unwittingly "split” bandwidth, e.g., provider-supplied devices may need to police/inhibit out-of-perimeter incoming (wireless) traffic. Would be nice if: • residence perimeter could be demarcated • sensors placed at strategic points along the perimeter • wireless traffic coming in from the outside could be tagged as such and purged or routed to single point: firewall? honeypot?

  8. Phishing & related fraud:How to make things better? • Eliminate SSNs as “confidential” identifier • Stop using DLs as IDs • Introduce National ID cards • Make them SMART • Allow tiered information release • Foster smart credit (and debit) cards • Trivial, technology already exists! • Credit card # changes after each use • Or, after a pre-set time interval • Or, after certain $ amount is exceeded • Hijacked credit card # becomes useless or of limited use • Promote anonymous buying/shipping

  9. SPAM • Modern-day plague • Email is essentially a free commodity • True sources are hard to trace • Current email model has to change! • Two “schools-of-thought”: • Change email processing at end-points • Make sender solve a puzzle? • Make sender pay for email • Change SMTP wholesale • Verify path taken by email

  10. DoS/DDoS attacks • Another plague • IP traffic hard to authenticate/trace • IP addresses trivial to spoof • IPSec far from being universally adopted • Two “schools-of-thought”: • Traceback (tough w/out router vendor support) • Application-level remedies, e.g., puzzles • Doesn’t work against IP or TCP-level attack traffic

More Related