Protecting Critical Information Infrastructures

Transcription

1 Protecting Critical Information Infrastructures Hannu H. Kari National Defence University professor, research director professor Hannu H. Kari Page 1/43

2 New responsibilities of defence forces International operations Defending Finland professor Hannu H. Kari Page 2/43 Co-operation with civil authorities

3 Objectives Globality Stability & continuity Efficiency professor Hannu H. Kari Page 3/43

4 Global and asymmetric threats Normal circumstances Disruptive situations Extreme circumstances Threats to information systems Illegal immigration Threats to health & nutrition Environmental threats Economic threats International tension Organised crime & terrorism Catastrophies & major disasters Serious violation of Finland s territorial integrity and threat of war Armed attack, war and the aftermath of war professor Hannu H. Kari Page 4/43

5 Protecting vital structures of society Functions such as: * state leadership, * foreign trade, * military defence, * internal security, * ability to tolerate a crisis, * well-being of population, and * economical and social stability. professor Hannu H. Kari Page 5/43

6 Evolution of War Evolution of societies and their relations with war? AGRARIAN SOCIETY INDUSTRIALIZED SOCIETY INFORMATION SOCIETY VALUE SOCIETY? The war is fought for/with/against the most valuable assets of the society professor Hannu H. Kari Page 6/43

7 Decision making based on OODA-loop OODA-loop by Colonel John Boyd Model for human decision making Right information delivered to right place at right time professor Hannu H. Kari Page 7/43

8 War of values professor Hannu H. Kari Page 8/43

9 Security problems in Internet, samples October 2002, Scientific American 9 out of 13 root DNS servers were crippled by DDoS attack November 2004, Damages caused by worms/viruses, Mikko Hyppönen/F-Secure Slammer: Intranet of nuclear power plant in Ohio down Bank of America ATM network down Blaster: Electric power network down in NY, USA Several SCADA systems down Sasser: All train traffic halted in Australia Two hospitals in Sweden infected January 2005, BBC News Internet gambling hit hard by the attacks. Extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid. September 2006, Scientific American Attack on DNS (Domain Name System) allows cybercriminal to hijack ordinary netbanking sessions January 2007, Almost 1 Million stolen from a Scandinavian bank by a Russian hacker with a trojan distributed with spam mail The biggest so far.. January 2005, FBI/Tsunami Net criminals used fake web pages of American Red Cross to get credit card data May 2007, IT-Viikko Attacks on Estonian governmental and commercial net sites professor Hannu H. Kari Page 9/43

10 Security problems in Internet, samples October 2002, Scientific American 9 out of 13 root DNS servers were crippled by DDoS attack November 2004, Damages caused by worms/viruses, Mikko Hyppönen/F-Secure Slammer: Intranet of nuclear power plant in Ohio down Bank of America ATM network down Blaster: Electric power network down in NY, USA Several SCADA systems down Sasser: All train traffic halted in Australia Two hospitals in Sweden infected January 2005, FBI/Tsunami Net criminals used fake web pages of American Red Cross to get credit card data September 2006, Scientific American Estonia, May 2007, January 2005, BBC News Internet gambling hit hard by the attacks. Extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid. Attack on DNS (Domain Name System) allows cybercriminal to hijack ordinary netbanking sessions January 2007, Almost 1 Million stolen from a Scandinavian bank by a Russian hacker with a trojan distributed with spam mail The biggest so far.. Finland May 2007 May 2007, IT-Viikko Attacks on Estonian governmental and commercial net sites professor Hannu H. Kari Page 10/43

11 Security problems in Internet, samples DDoS attacks Design flaws DoS, DDoS attacks Criminal intentions Viruses, worms, mallware Criminal intentions DNS attacks Design flaws Phishing Users stupidity Scams Users stupidity DoS, DDoS attacks Design flaws professor Hannu H. Kari Page 11/43

12 Internet design criterion Primary goals Based on David D. Clark: Multiplexing of channel The Design Philosophy Various network archtectures of the DARPA Internet Protocols Administrative boundaries Packet switching Gateways (routers) between networks Secondary goals Robustness (loss of routers and links) Multiple services (reliable or realtime data) Usage of various networks Distributed management Cost efficient implementation Simple attachement to network Resource usage monitoring professor Hannu H. Kari Page 12/43

13 Implicit Internet design criterion Silent assumptions Benevolence Openness Limited bandwidth Low level of dynamicity No mobility Limited computation capacity High cost of crypto algorithms professor Hannu H. Kari Page 13/43

14 Modern problems Today we have Internal problems Eavesdropping Packet manipulation Privacy problems Viruses Network criminals... professor Hannu H. Kari Page 14/43

15 Internet design flaws Original design principles: The enemy is out there! Everybody can send anything to anybody Security measures are introduced afterwards The new design principles: The enemy is among us! We must be prepared to pay for security/reliability in form of computation power, bandwidth, energy, etc. Strong security as the fundamental building block Legal sanctions against malevolent entities Every packet must have an owner! professor Hannu H. Kari Page 15/43

16 Security domains professor Hannu H. Kari Page 16/43

17 Four security domains 4. Virtual communities (Knowledge sharing) Restricted caller groups 3. Content integrity/authenticity/timelyness (information sharing) PGP, S/MIME 2. End-to-end secured communication (Data integrity and confidentiality) IPsec, TLS 1. Reliable operation of the critical network infrastructure Partial solutions: MPLS, Physical protection professor Hannu H. Kari Page 17/43

18 Weakest point: Infrastructure Info-bulimia Flooding, DoS/DDos, Smurf, Sync,... Info-anemia Link breakage, data corruption, rerouting packet, router attacks, DNS-attacks,... We don t get vital information in time We can t make decisions or we do decisions with incomplete information Reliably operating network is a MUST professor Hannu H. Kari Page 18/43

19 Solving the problems professor Hannu H. Kari Page 19/43

20 Securing network infrastructure professor Hannu H. Kari Page 20/43

21 Traditional Internet usage R R professor Hannu H. Kari Page 21/43

22 Protecting network infrastructure Need: Communication between two legitimate computers shall be possible despite any hostile attacks, manipulated packets, jammed networks, cut the communication links, etc. Target: The network (i.e., routers) shall distinguish whether a packet is Good: generated by a legitimate computer => forward packet Bad: generated or modified by attackers => discard packet Possibility to prioritize traffic based on importance of packet/user professor Hannu H. Kari Page 22/43

23 Ultimate solution: Packet Level Authentication (PLA) Analogy: Security measures on notes Holograms, Microprint, Watermarks, UV-light Any receiver of notes can verify the authenticity of every note without consulting with banks or other authorities In PLA (designed by HUT) every packet is digitally signed by originator with strong crypto contains all information to validate authority of the sender integrity, timeliness, uniqueness of the packet Project financed by Finnish government s (Tekes) strategic research funding professor Hannu H. Kari Page 23/43

24 Performance Altera FPGA ECC module With single chip solution: 200 Mbit/s with 150B packets 2 Gbit/s with 1500B packets Gigabit Ethernet IN Front end standard 1GE IP core ECC module ECC module ECC module ECC module HUT s HW implementation (Altera s Stratix II EP 2S180F1020C3 FPGA chips with 150 MHz clock) One ECC digital signature calculation/validation takes 120us With 19 parallel modules, max output is signatures/s With special ASIC its possible scale performance over 10 Gbit/s with single chip implementation Guestimated: 50M gates chip running 500 MHz... Back end standard 1GE IP core Gigabit Ethernet OUT professor Hannu H. Kari Page 24/43

25 Short term solution: Secured Infrastructure Router (SIR) SIR SIR professor Hannu H. Kari Page 25/43

26 Secured Infrastructure Router (SIR) SIR QoS control, duplication SIR QoS control, duplicate removal QoS reporting, management signaling professor Hannu H. Kari Page 26/43

27 Alternative SIR operation SIR SIR SIR SIR SIR SIR SIR SIR professor Hannu H. Kari Page 27/43

28 Securing services professor Hannu H. Kari Page 28/43

29 Increasing reliability of network services Internet ISP 1 ISP 2 REUNAREITITTIMET IPS / HYÖKKÄYKSEN LIEVENNYS PALOMUURIT SSL-SALAUS / SALAUKSEN PURKU IPS SISÄLTÖKYTKIMET / KUORMANJAKO EDUSTAPALVELIMET Tietokeskus 1 Tietokeskus 2 Varmistuskeskus SOVELLUSPALVELIMET source: Anssi Rajaniemi: Verkkopankin toimintavarmuuden turvaaminen tietoverkon näkökulmasta, HUT, Master s thesis, 2005 Tietokeskus PALOMUURIT KESKUSKONEET professor Hannu H. Kari Page 29/43

30 Securing content delivery professor Hannu H. Kari Page 30/43

31 Multichannel data delivery:today Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV National Defence Authorities University, Citizens professor Hannu H. Kari Page 31/43

32 Multichannel data delivery: in the future Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV National Defence Authorities University, Citizens professor Hannu H. Kari Page 32/43

33 Reliable delivery of a document document Sender Add FEC Signatures multichannel network check signatures Receiver data reconstruction defragmentation fragmentation document professor Hannu H. Kari Page 33/43

34 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Information professor Hannu H. Kari Page 34/43

39 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV Regenerating missing data by using error correction information in other packets locally Information professor Hannu H. Kari Page 39/43

40 Multichannel data delivery Actual data Military networks TETRA/ VIRVE GSM Internet Radio/TV correct and up to date information Information professor Hannu H. Kari Page 40/43

41 Conclusions professor Hannu H. Kari Page 41/43

42 Conclusions Risks with Internet are imminent...due to original design of Internet Architecture with several levels of security... one solution is not enough Plan-B: What shall we do, when our network doesn t work? manual work? What is the minimum level of service? professor Hannu H. Kari Page 42/43

43 NATIONAL DEFENCE UNIVERSITY Do the work that has a meaning Thank you for your Questions? attention! professor Hannu H. Kari Page 43/43