Yampolskiy, Analysis of Cyber Infrastructure Authentication Failure Vulnerabilities to Inform Security Decisions

Transcription

1 CREATE FY2016 Statement of Work Yampolskiy, Analysis of Cyber Infrastructure Authentication Failure Vulnerabilities to Inform Security Decisions In this project, we develop and apply a model for estimating probabilities for cyber infrastructure user authentication failures. We estimate failure probabilities using available empirical data and expert judgment. Failure probability estimation provides a decision-analytic theoretical basis for assessing the benefits of development of additional authentication modalities and overall configuration of an optimal multimodal authentication system for secure cyber infrastructure. Project Technical Description: 1. Theme Areas: Risk and Decision Analysis - Management of Risks from Intelligent, Adaptive Adversaries 2. Principal Investigator: Roman Yampolskiy 3. Institution: University of Louisville 4. Co-Investigators: Anthony M. Barrett and Seth Baum (Global Catastrophic Risk Institute) 5. Research Transition Lead: Anthony M. Barrett 6. Keywords: Cyber infrastructure, emergingthreat assessment, intelligence analysis, risk and decision analysis Example Biometric User Authentication Process 7. Brief Description: Many kinds of cyber security failure modes have been found and exploited by intelligent, adaptive adversaries. Efforts to develop more secure systems often aim to balance security benefits against costs imposed on users. Risk analysis and decision analysis methods hold potential for informing decisions to prioritize cyber security development efforts. In this project, we develop and apply a model for estimating probabilities for cyber infrastructure user authentication failure modes. Failure probability estimation provides a decision-analytic theoretical basis for assessing the benefits of development of additional authentication modalities and overall configuration of an optimal multimodal system. We identify cyber security system failure modes, and represent those within our model. To estimate the probabilities of each specific type of failure, we employ two main methods: first, we find and incorporate available empirical data, and second, we use expert judgment to create some approximate estimates. For our main candidate application case, we propose to focus on systems that provide continuous authentication to cyber infrastructure by profiling multiple physical and/or behavioral biometrics of users. We will select a specific application case in partnership with an end customer at the US Department of Homeland Security (DHS), which has significant responsibility for helping to secure U.S. critical infrastructure that have some kind of cyber vulnerabilities in their control and communication systems (including the electric power grid, telecommunications systems, chemical industry plants, and many other Critical Infrastructure/Key Resources areas). 8. Research Objectives: The main research objectives of the proposed year s project are to develop and apply a methodology for cyber system failure mode probability assessment, to inform security system development decisions. The proposed project s methodology will be designed for implementation by risk analysts and cyber security 3710 McClintock Avenue, RTH 314 ~ Los Angeles, CA ~ (213) ~

2 practitioners. Yampolskiy, Analysis of Cyber Infrastructure Authentication Failure Vulnerabilities to Inform Security Decisions 9. Research Transition Objectives: The main research transition objectives of the proposed year s project are to identify and develop a practical prototype and/or application case for cyber system failure mode probability assessment. The case study will be selected to best inform practical security system development decisions of a DHS end customer, e.g. for the DHS Office of Cyber Security and Communications (CS&C). 10. Interfaces to CREATE Projects: This work will seek to build on work from CREATE s projects on adaptive-adversary risk analysis, emerging-threat technology risks [1], expert elicitation [2], and assessment of value of information [3]. 11. Previous or current work relevant to the proposed project: The PI (Yampolskiy) has conducted numerous cyber security development projects [4-7] and is also the Director of Cybersecurity Laboratory and an Associate Professor of Computer Engineering and Computer Science at the University of Louisville. The Co-PI of the proposed work (Barrett) was the PI of the CREATE Year 10 (Year 4 of Cooperative Agreement) project Analysis of Current and Future Catastrophic Risks from Emerging-Threat Technologies and the CREATE Year 11 (Year 5 of Cooperative Agreement) project Extending Analysis of Current and Future Catastrophic Risks from Emerging-Threat Technologies. The PI (Barrett) has also developed attack path and accident scenario fault-tree logic models and computational models in assessing risks of terrorism scenarios in CREATE s Adaptive Adversary Modeling methodology development project [8], and other work at CREATE and elsewhere. The third investigator (Baum) has performed expert elicitation to quantitatively forecast the development of rapidly developing technology in artificial intelligence. 12. Major Deliverables, Research Transition Products and Customers: Project deliverables and products will include reports and computational models for a methodology to use available information and expert judgment to assess cyber system security failure mode estimation probabilities and inform security development decisions. The reports will include discussion of methodological limitations, extensions, and practitioner implementation steps. The proposed year s application prototype and/or case will be designed with the end customer. The focus will be selected to maximize customer value within constraints. Potential end customers at DHS include a variety of offices with programs on user authentication and infrastructure security, such as the Office of Cyber Security and Communications (CS&C), including the US Computer Emergency Readiness Team (US-CERT) or another part of the National Cybersecurity and Communications Integration Center (NCCIC), as well as the Science & Technology (S&T) Cyber Security Division. 13. Technical Approach: To develop and apply a model for estimating probabilities for cyber infrastructure user authentication failure modes, we use the following steps. 1. Identify and model cyber security system failure modes 2. Estimate the probabilities of each specific type of failure 3. Use failure probability estimates in decision analysis to assess the benefits of development of Page 2 of 6

3 additional authentication modalities and overall configuration of an optimal multimodal system For inputs to both steps one and two, we employ two sources of information: We find and incorporate available empirical data, and We use expert elicitation to capture the best judgment available, reflecting uncertainties, for cases where empirical data is lacking To estimate probabilities for each failure mode, we will use empirical data and/or expert judgment in several complementary ways designed to make greatest use of available information. Where possible, we will directly estimate the probabilities of failures. We will also seek to characterize attributes of the failure modes that could be used indirectly to estimate failure probabilities. For example, for failure modes that could be caused by intelligent adversaries, we will seek to characterize relevant attributes of attack difficulty and attractiveness that could affect an adversary s probabilities of attempting such an attack and of succeeding in such an attack. (We will aim for compatibility with analogous frameworks used in other DHS intelligent-adversary modeling efforts.) For our main candidate application case, we plan to focus on systems that provide continuous authentication to cyber infrastructure by profiling multiple physical and/or behavioral biometrics of users. We also plan to consider an alternate application case, in which we use the same failure mode probability estimation analysis methods on a different cyber authentication problem: authentication of a secure communication protocol involving steganography/side channel free communication between two parties. Such authentication methods are key parts of cyber security systems, which underpin a broad range of critical infrastructures in sectors with which DHS works. We will select a specific methodology application case in discussion with research partners after project funding is secured. The case will be selected to maximize value within constraints. We are in contact with potential research partners, both at DHS and in technology-related nongovernmental organizations, who could serve as clients and/or sources of experts for this project. (Several offices in DHS CS&C have communicated their interest and indicated that the proposed study could be relevant to their development and technology programs.) We will appropriately protect sensitive information, while providing description of our methods sufficient to allow other researchers to examine and employ them. Finally, we will seek case studies that would allow prototype application of probability estimation methods. However, our investigators efforts in those areas will necessarily be limited in the proposed one-year project. We would propose more extensive related work in follow-on projects. The PI (Yampolskiy) will lead work on cyber security system modeling, and co-lead work on identification of failure modes as well as research transition efforts. (Yampolskiy will be assisted by a graduate student.) The Co-PI (Barrett) will lead work on estimating the probability that a particular system will perform as specified, and will co-lead work on identification of failure modes, as well as colead expert elicitations. Barrett will also co-lead the research transition effort. Finally, the third investigator (Baum) will co-lead expert elicitations. As part of the project, we plan to develop and apply computational models using commercially available off-the-shelf (COTS) software, such as Analytica by Lumina Decision Systems or R statistical software. The computational models will reflect the frameworks and specific examples used in the application case, Page 3 of 6

4 including relevant scenario fault-tree logic model structures and parameter estimates. The prototypes and computational models will be provided to the application case research end customer to aid in transition to operational use of methods and implementation by risk practitioners. 14. Major Milestones and Dates: 1. Conduct initial literature review, conduct initial discussions with end customer, subject matter experts, and build first-iteration models using representative data available at that point, -- November Conduct initial discussions with subject matter experts, conduct initial analyses -- January Conduct expert elicitations and obtain other data to improve models and analyses -- March Finalize models and analyses; write final report June Develop research transition product development plan and conduct webinar June References: 1. Barrett, A.M. Analyzing Current and Future Catastrophic Risks from Emerging-Threat Technologies [cited May 5, 2014]; Available from: 2. Hora, S.C., Probability Modeling and Expert Judgment, in Research Project Summaries. 2011, CREATE. 3. Willis, H.H. and M. Moore, Improving the Value of Analysis for Biosurveillance. Decision Analysis, Yampolskiy, R.V., Action Based User Authentication. International Journal of Electronic Security and Digital Forensics, (3): p Yampolskiy, R.V. and V. Govindaraju, Behavioral Biometrics: a Survey and Classification. International Journal of Biometrics, (1): p Yampolskiy, R. and M. Gavrilova, Artimetrics: Biometrics for Artificial Entities. IEEE Robotics and Automation Magazine, (4): p Yampolskiy, R. and D. D'Souza, Natural vs Artificial Face Classification using Uniform Local Directional Patterns and Wavelet Uniform Local Directional Patterns, in Conference on Computer Vision and Pattern Recognition (CVPR), IEEE Computer Society Workshop on Biometrics. 2014: Columbus, Ohio. 8. Barrett, A.M., et al., Adaptive Adversary Modeling for Terrorism Risk Management, in Fifth Annual Conference of the Security Analysis and Risk Management Association. 2011: Arlington, Virginia. Page 4 of 6

5 16. CVs (of the Principal Investigator and Co-PI): Roman V. Yampolskiy (Principal Investigator) EDUCATION Ph.D., Computer Science and Engineering, University at Buffalo (2008) B.S. and M.S., Computer Science, Rochester Institute of Technology (2004) PROFESSIONAL EXPERIENCE Associate Professor - Speed School of Engineering, University of Louisville - Department of Computer Engineering and Computer Science Dates Position, Research Center, Supervisor Summer 2014 Summer 2012 Summer 2011 Associate Professor, with TENURE awarded from August 1, Assistant Professor, Department of Computer Engineering & Computer Science Founding Director, Cyber Security Laboratory, University of Louisville Visiting Faculty (Funded by NSF) Information Systems & Internet Security, Polytechnic School of Engineering, New York University. Advisor: Dr. Nasir Memon Postdoctoral Student (80/3150 = 2.5% Acceptance Rate, Funded by Google) Singularity University, Graduate Studies Program, Mountain View, CA. Advisor: Dr. Ray Kurzweil Postdoctoral Student. New Kind of Science Summer Institute (NKSSI), Boston, MA. Advisor: Dr. Stephen Wolfram Researcher, Center for Unified Biometrics and Sensors. University at Buffalo. Supervisor: Dr. Venu Govindaraju Research 100+ Peer-Reviewed Publications (60% of papers as the first or only author) o 29 Journal, 65 Conference, 11 Book Chapters, 6 books, 16 Workshop papers H-Index = 14, based on 700+ Citations (Google Scholar) PI or Co-PI on Multiple Cybersecurity Related Projects Mentoring Graduated: 2 PhD, 3 MS Thesis and 11 MS Project students Currently supervising 3 PhD students (all ABD), 2 MS students and 1 undergraduate Served on the Defense Committees for 17 students (MS Thesis and PhD) Promotion of Research Research featured by: BBC, Yahoo, MSNBC, New Scientist, Forbes, ACM, 200+ news stories, dozens of interviews for TV, Radio, and Magazines Over 3 million viewers/readers, 1000s of comments, articles reposted 100s of times. Page 5 of 6

6 Anthony M. Barrett (Co-PI) EDUCATION Ph.D., Engineering & Public Policy, Carnegie Mellon University (2009). Bachelor of Science, Chemical Engineering, University of California, San Diego (2000). PROFESSIONAL EXPERIENCE Senior Risk Analyst, 2013 Present; ABS Consulting, Arlington, VA Supporting risk analysis efforts of several parts of US Department of Homeland Security (DHS), including Infrastructure Security Compliance Division (ISCD) and Domestic Nuclear Detection Office (DNDO). Stanton Nuclear Security Fellow, ; RAND Corporation, Arlington, VA Conducted independent research to analyze residual risks of inadvertent and accidental nuclear war scenarios during one-year residential fellowship. Director of Research and Co-Founder, 2011 Present, Global Catastrophic Risk Institute (GCRI) Leading research initiatives on topics including nuclear war and emerging technologies. Risk Analyst, ; ABS Consulting, Arlington, VA Principal Investigator on US DHS Chemical Security Analysis Center project to develop metrics for risk impacts of changes in hazardous chemical processes and supply chains. Researched and developed analytic methodologies for Adaptive Adversary Modeling for Terrorism Risk Analysis as member of project team funded by DHS Science and Technology. Also led or contributed to risk and decision analysis projects for several other parts of the US Department of Homeland Security (DHS), including the Domestic Nuclear Detection Office (DNDO), the Office of Risk Management and Analysis (RMA), and the US Coast Guard. Postdoctoral Research Associate, ; National Center for Risk & Economic Analysis of Terrorism Events (CREATE), University of Southern California, Los Angeles, CA Graduate Research Assistant, ; Department of Engineering & Public Policy, Carnegie Mellon University, Pittsburgh, PA Federal Fellow to US Department of Homeland Security, 2005; American Society of Mechanical Engineers / AAAS / DHS, Washington, DC SELECTED PUBLICATIONS Barrett, A. M., S. D. Baum and K. R. Hostetler, Analyzing and Reducing the Risks of Inadvertent Nuclear War Between the United States and Russia, Science and Global Security, Vol. 21, No. 2, pp Barrett, A.M. and E.A. Casman, Should Cities Invest in Sheltering-in-Place Measures against Chlorine Truck Attacks by Terrorists?, Risk Analysis, Vol. 33, No. 5, pp Barrett, A.M., and P.J. Adams, Chlorine Truck Attack Consequences and Mitigation, Risk Analysis, Vol. 31 (2011), No. 8, pp Barrett, A.M., Cost Effectiveness of On-site Chlorine Generation for Chlorine Truck Attack Prevention, Decision Analysis, Vol. 7 (2010), No. 4, pp Barrett, A.M., Modeling and Analysis for Robust Risk Management: PortSec Resource Allocation Decision Support Framework, in Workshop on Grand Challenges in Modeling, Simulation and Analysis for Homeland Security (MSAHS-2010), March 17-18, 2010, Washington, DC. Page 6 of 6