Security, Privacy and the Future Internet
0 likes1,282 views
The document discusses the challenges and opportunities associated with security and privacy in the future internet, highlighting the increasing complexity of threats due to cybercrime and global connectivity. It emphasizes the need for better security practices, applied research, and a balance between privacy and accountability in various technological contexts. The paper suggests a move towards 'security by design' rather than relying solely on post-incident fixes to improve safety and reduce costs.
Security, Privacy and the Future Internet
- 1. Security, Privacy and the Future Internet Prof. Dr. Michael Waidner © Fraunhofer-Gesellschaft 2011 –1–
- 2. Outline Future Internet Security and Privacy Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –2–
- 3. Internet of People, Data, Services, Things, … and Crime & War Online Social Networks Cloud-delivered Cloud-delivered Crime & War IT & Business Services Globally interconnected cyber-physical system © Fraunhofer-Gesellschaft 2011 –3–
- 4. Overall, Security is Becoming More Difficult Future Internet is the ideal target: everybody, everything is online Professionalization and industrialization of cybercrime and cyberwar Network of people and user-generated content Privacy (in public spaces …) Intellectual property © Fraunhofer-Gesellschaft 2011 Filtering illegal and dangerous content Withstanding censorship –4–
- 5. But Security may Also Benefit from the Future Internet Better security through standards, automation, services Cloud will lower costs for good and well-managed security and privacy Today, poor service management (governance, change, patch) is key source of insecurity! Global scale, global economy may enable global standards Trust and identity infrastructures © Fraunhofer-Gesellschaft 2011 Privacy and information sharing Assurance, auditing, forensics –5–
- 6. Outline Future Internet Security and Privacy Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 –6–
- 7. A Slightly More Technical View: Security Problems New technologies, new threat vectors Massive resource sharing in clouds Mobile and ambient as new access channel Cyber-physical convergence Global connectivity without global identity Old principles don’t apply anymore Perimeter security vs. service decomposition Trusted base vs. everything in the cloud Managed endpoint security © Fraunhofer-Gesellschaft 2011 vs. consumerization … –7–
- 8. Some Security Research Challenges Research pipe full of untested results Crypto, trusted computing, provenance, sticky policies, automated checking, … More applied research Security for legacy systems, networks, … Unexpected intrusions, abuses, insiders Accountability with privacy Forensics with privacy Quantification of risks and security Create a network to fight a network Cross-org sharing of security information © Fraunhofer-Gesellschaft 2011 Commons nature of security –8–
- 9. Privacy in the Future Internet Privacy is difficult to define What is the €-value of your personal information? What is privacy in a public space like an OSN? Tradeoffs are always individual Status Purpose Binding: responsible data management – mostly mature Data minimization: crypto and data management – no practical experience Context binding: not even well defined © Fraunhofer-Gesellschaft 2011 Sustainable informational self-determination: no good solutions –9–
- 10. Some Privacy Research Challenges What is privacy in … OSN, location, ambient, mobile, cloud, smart grids, … Mental models for usability Research pipe full of untested results Standardization Portable id, pseudonyms, options, expiration dates, … Globally practical trust and identity framework M0re applied research Privacy despite accountability Privacy despite forensics © Fraunhofer-Gesellschaft 2011 Computing with encrypted data Commons nature of privacy – 10 –
- 11. Outline Future Internet Security and Privacy Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 11 –
- 12. Building a Secure System Huge body of engineering knowledge Many articles, books, courses, degrees, tools, … So, in theory, this should be doable © Fraunhofer-Gesellschaft 2011 – 12 –
- 13. Building a Secure System State of the art in the software industry Source: Microsoft Secure Development Lifecycle A more detailed look But # of shows: vulnerabilities • Same errors is still again and again • IT people lack skills going up • Current processes © Fraunhofer-Gesellschaft 2011 and tools are too complex for humans Source: IBM X-Force, 2011 – 13 –
- 14. Which one is Better: “by design” or “by patching” NIST 2010: Security and Privacy Security and Privacy • 80% of development by Design by Patching costs spent on finding and fixing errors Overall: economic Overall: expensive IBM 2010: Fixing a single High initial costs Low initial costs defect during … costs: Low recurring costs High recurring costs • Coding: $80 • Build: $240 Avoids damage Damage might be • QA/Test: $960 irreversible: • Post release: $7’600 + reputational costs Life and health Critical infrastructure Privacy, reputation, confidentiality © Fraunhofer-Gesellschaft 2011 European Center for Security and Privacy by Design (EC-SPRIDE) Projected start: October 1st, 2011 – 14 –
- 15. What needs to be done Challenges Consistent models throughout all phases Patterns for requirements analysis Model-driven security (design, test) Static and dynamic analysis Usability: end users, developers, admins Ready to use building blocks Demonstrable and quantifiable improvements in security Applied to interesting cases: © Fraunhofer-Gesellschaft 2011 cloud computing, embedded, … Education for ordinary developers – 15 –
- 16. Outline Future Internet Security and Privacy Security and Privacy by Design © Fraunhofer-Gesellschaft 2011 – 16 –
- 17. Prof. Dr. Michael Waidner michael.waidner@sit.fraunhofer.de Fraunhofer-Institut für Sichere Informationstechnologie Rheinstraße 75 64295 Darmstadt www.fraunhofer.de www.sit.fraunhofer.de Center for Advanced Security Research Darmstadt Lehrstuhl für Sicherheit in der IT Mornewegstraße 30 © Fraunhofer-Gesellschaft 2011 64289 Darmstadt www.cased.de www.sit.tu-darmstadt.de – 17 –