emerging research dimensions in it security dr. salar h. naqvi snaqvi@ieee.org senior member ieee...

Emerging Research Dimensions in IT Security

Dr. Salar H. Naqvisnaqvi@ieee.org

Senior Member IEEEResearch Fellow, CoreGRID Network of Excellence

European Research Consortium for Informatics and Mathematics

Research Context

Evolution of Computing Paradigm

• Static Cooperation– Electronic Data Interchange (EDI)

• Dynamic Cooperation– Internet

• Dynamic Collaboration– Peer-to-Peer (P2P), Web Services (WS)

• Dynamic Resource Sharing– Computational Grid

ComputerComputer ComputerComputer

CustomerCustomer VendorVendorOrders, Payments

Invoice, Pricenotices, updates

New Challenges

• Very large scales– million of entities

• Dynamic– entities join, leave, move, change behavior

• Heterogeneous– capability, connectivity, reliability, guarantees, QoS

• Unreliable– components, communication

• Lack of common/complete knowledge– number, type, location, availability, connectivity,

protocols, semantics, etc.

Security – Challenges

• Computational Grids– Interoperability, Trust, Usability, Robustness/Resilience,

Delegation, Bootstrapping, Mobility

• Clusters– Integration of different security solutions, automated security

management

• Peer-to-Peer Systems– Setting up uniform security policy, Trust management, storage of

authentication tokens and user identities

• Pervasive/Ubiquitous Computing– Privacy, Scalability, Heterogeneity, Integration, Invisibility

• Mobile Computing– Dependability, Disconnections, Context and State Management

New IT Security Research Dimensions

Classical Planes

Physical

Logical

Novel Planes

Quantum

Physical

Logical

Virtual

Virtualization• The secure interoperability between VOs demands interoperable

solutions using heterogeneous systems.

• Virtualization permits each participating end-point to express the policy it wishes to see applied when engaging in a secure conversation with another end-point.

• Policies can specify supported authentication mechanisms, required integrity and confidentiality, trust policies, privacy policies, and other security constraints.

Pluggability/Configurability

• Pluggable Security Services (PSS) requirements include:

– Definition of standard and flexible interfaces– Integration at application layer– Coordinated invocation of services– Usable by users and services– Simultaneous use of multiple services– Support for future enhancement– Optimization for various communication links– Provision of real-time invocation features– Use of standard programming interfaces

PSS Architectural Overview

• Application/Client Interface– Authenticates user/application– Facilitate communications

• Configuration Daemon– Accepts machine independent,

abstract configuration request– Interacts with the coordination

service

• Security Services Handler– Absorbs the diversity of security

mechanisms

• Protocol Mapping– Contains the list of supported

protocols

• Security Architecture Interface– Consists of socket modules to plug various security services.

SEINIT: Security Expert Initiative

• IST Integrated Project– IST-2002-001929-SEINIT

• Duration: December 2003 – November 2005– Extended till February 2006

• Budget– Total cost: 8 M€– EU Contribution: 3.9 M€

• Objectives– Ensure a trusted and dependable security framework, ubiquitous,

working across multiple devices, heterogeneous networks, being organisation independent (inter-operable) and centred around an end-user.

www.seinit.org

Use case

Bob’s officeSecurity domain

Alice’s officeSecurity domain

Alice’s homeSecurity domain

Railway providerSecurity domain

Bob’s officeSecurity domain

Bob’s officeSecurity domain

Alice’s officeSecurity domain

Alice’s officeSecurity domain

Alice’s homeSecurity domain

Alice’s homeSecurity domain

Railway providerSecurity domainRailway providerSecurity domain

Novel Planes

Quantum

Physical

Logical

Virtual

Quantum Key Distribution (QKD)

• Quantum Key Distribution (QKD) is simultaneous generation of identical bit sequences in two distinct locations with quantum physical methods

• QKD enables the implementation of a secure secret channel

• To make QKD ready for practical applications, we need to– Make physical devices ready for practical application– Provide necessary interfaces for the integration into existing

technologies– Develop conceptual design for networked infrastructures– Development of cryptographic algorithms and models

• SECOQC: Secure Communication based on Quantum Cryptography– IST-2002-506813-SECOQC

• Duration: April 2004 – March 2008• Budget

– Total cost: 11.3 M€– EU Contribution: 5.5 M€

• Objectives– Global dependability and security framework

IST Integrated Project SECOQC

www.secoqc.net

Conclusions & Perspectives

• Security has emerged as an indispensable characteristic of any IT system

• Security components should be woven in the IT Fabric• IT Security requires new dimensions to tackle the

contemporary threats paradigm• European Commission provides funding for IT research

through various programs of IST (Information Society Technologies)

• Notably:– Future Emerging Technologies (FET)– Beyond the Horizon

• Security is not a product – Security is a PROCESS!