July 17, 2000 1

IA&SIA&S

Fault Tolerant Networks (FTN)Research Program

Joint Information Assurance & Survivability (IA&S) Principal Investigator Meeting

Honolulu, Hawaii17-21 July 2000

Douglas Maughan703-696-2373

dmaughan@darpa.mil

July 17, 2000 2

IA&SIA&S

0

2000

4000

6000

8000

10000

12000

Nu

mb

er R

epo

rted

to

CE

RT

Incidents

Vulnerabilities

Computer attacks against U.S. systems continue to rise each year Projections show this will get worse before it gets better!

We Are Under Attack!

1st Q

tr.

July 17, 2000 3

IA&SIA&SDoD’s Networking Problems

DoD depends on information technology for information dominance, but ...

DoD systems and networks are increasingly vulnerable to attack because: They are increasingly connected to one another and to civilian

networks using Internet technology Vulnerabilities in networking technology or in any connected system

can be exploited by knowledgeable attackers

There is increased use of COTS products Commercial security is not designed nor intended to withstand the

Information Warfare attacks of concern to the DoD

DoD’s past approaches have not succeeded

July 17, 2000 4

IA&SIA&SFault Tolerant Networks

Fault-Tolerant Survivability Apply fault tolerance techniques to networking protocols Better understanding of network fault modeling Explore virtual network overlays as survivability mechanism

Denying Denial-of-Service Allocation methods to constrain attacker’s resource use Progress-based protocols link allocation to level of trust

Active Network Response Exploit Active Networks for Traceback – Deploy active network

technology to identify attack sources and deploy responses

Critical Infrastructure Protection Opportunities for Technology Transition

Goal: Ensure continued availability of the network in the face of an attack while containing the resources available to the attacker

July 17, 2000 5

IA&SIA&SFault-Tolerant Survivability

What is the problem? Networks must be resistant to attacks and failures Automatic adaptation of the network during attack and post-

mortem Degradation of infrastructure to ensure minimal operation

What are we trying to accomplish? Incorporate techniques from fault-tolerance community

Replication and partitioning of network services; Redundancy of network resources

Develop adaptation strategies, including triggers, stability measures, and operational correctness

Better understanding of network fault modeling Explore virtual network overlays as survivability mechanism

July 17, 2000 6

IA&SIA&SDenying Denial-of-Service

What is the problem? Prevention of denial of service attacks continues to be a

growing problem with multiple points of vulnerability Resistance to denial of service attacks remains unsolved Necessity to consider DoS events in a correlated manner

What are we trying to accomplish? Incorporate market-based resource allocation strategies to limit

resource consumption by attacker Develop communication protocols which execute based on

incremental progress within trust chain Introduce infrastructure protocols that have been hardened

against DoS attacks

July 17, 2000 7

IA&SIA&SActive Network Response

What is the problem? Advanced intrusion detection techniques supply enormous

amounts of untapped real-time information Large attacks require immediate reaction to limit damage Programmable networks assist controlled attacker fencing

What are we trying to accomplish? Incorporate techniques from Active Networks community

Challenge problem demonstration of capability Security architecture supports availability, reliability, and survivability

Leverage completed intrusion detection research Build on fault-tolerance and adaptation Accomplished in concert with legal assistance

July 17, 2000 8

IA&SIA&SBackground - Critical

Infrastructure Protection October 97 - Report of the President’s Commission on Critical

Infrastructure Protection (PCCIP) ==> http://www.pccip.ncr.gov/ May 22, 1998 - President Clinton announced two new directives

designed to strengthen the Nation's defenses against terrorism and other unconventional threats PDD-62 highlights the growing range of unconventional threats that we

face, including "cyber terrorism" and chemical, radiological, and biological weapons, and creates a new and more systematic approach to defending against them.

PDD-63 focuses specifically on protecting the Nation's critical infrastructures from both physical and "cyber" attack. These attacks may come from foreign governments, foreign and domestic terrorist

organizations, and foreign and domestic criminal organizations.

July 17, 2000 9

IA&SIA&SCritical Infrastructures

Physical and cyber-based systems essential to the minimum operations of the economy and government. These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States. Information and Telecommunications Banking and Finance Water Supply Systems Electrical Power, Oil and Gas Production and Storage Transportation - Aviation, Rail, Roads, Highways, Waterways Emergency and Public Health Services Continuity of Government Services

July 17, 2000 10

IA&SIA&STechnology TransitionHow do we do it today?

ResearchLand

VendorLand

DARPATechnology Transition Bridge

TechnologyTransitions

(e.g., startups)

July 17, 2000 11

IA&SIA&STechnology Transition

What can we do to improve?ResearchLand

VendorLand

DARPATechnology Transition Bridge

TechnologyTransitions

(e.g., startups)

S-BGP

Routing

DNSSEC

July 17, 2000 12

IA&SIA&SCIP Technology Transition

Opportunities

Transitioning Secure BGP into the Internet Leverage previous DARPA secure routing protocol work by

teaming with router vendors and ISPs

Improving Robustness of Internet Routing Improve existing Internet/Intranet routing protocols to

incorporate authentication and fault tolerance techniques and transition via major consortium for Internet distribution

Trust Applied to DNSSEC Develop new fault tolerant techniques for DNSSEC deployment

and new mechanisms for learning trusted public keys in a large scale network. Work with Internet Software Consortium (ISC) to incorporate additional DNSSEC capabilities into BIND release (DNS resolver software)

July 17, 2000 13

IA&SIA&SResearch Organizations

Fault Tolerant Survivability - 16 performers Architecture Technology Corp., BBN, Cornell, George

Washington Univ., Johns Hopkins Univ., Lucent, MIT, NAI Labs, Telcordia/Univ. of Maryland, Univ. of Arizona, Univ. of Michigan, UC Santa Barbara, UC Santa Cruz, USC-ISI (2 efforts), Univ. of Washington

Denying Denial of Service – 4 performers North Carolina State Univ., Princeton Univ., Texas A&M,

UCLA/NCSU

Active Network Response – 3 performers BBN, NAI Labs (2 efforts)

Critical Infrastructure Protection – 3 performers BBN, TeleniX, USC-ISI/NAI Labs