Cyber Security: Current Trends, Challenges - PowerPoint PPT Presentation

Loading...

PPT – Cyber Security: Current Trends, Challenges PowerPoint presentation | free to download - id: 3fc146-MGU0Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Cyber Security: Current Trends, Challenges

Description:

Cyber Security: Current Trends, Challenges & Solutions Rajeev Shorey (Ph.D) Fellow Indian National Academy of Engineering Fellow IETE Founding President & Advisor – PowerPoint PPT presentation

Number of Views:2626
Avg rating:3.0/5.0
Slides: 89
Provided by: Rajeev51
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Cyber Security: Current Trends, Challenges


1
Cyber Security Current Trends, Challenges
Solutions
  • Rajeev Shorey (Ph.D)
  • Fellow Indian National Academy of Engineering
  • Fellow IETE
  • Founding President Advisor
  • NIIT University, India
  • Formerly GM IBM Research
  • www.niituniversity.in
  • RACS, Bangalore
  • 6 June 2013

2
Structure of the Talk
  • Cyber Security
  • Interesting Statistics
  • ICT Cyber Security Scenario in India
  • Challenges in Cyber Security
  • Growth of Smart Services
  • Smart Cars on Roads
  • Vehicular Networks
  • Emerging Paradigms in an ever Pervasive World
  • Trends in Cyber Security
  • Key Recommendations Conclusion

3
News this Morning !
  • Hacking into the Indian Education System
  • Indian student in Cornell University Debarghya
    Das hacks into ICSE, ISC database

4
Cyber Security
  • Cyber Security is the body of technologies,
    processes and practices designed to protect
    networks, computers, programs and data from
    attack, damage or unauthorized access

5
Elements of Cyber Security
  • Ensuring Cyber Security requires coordinated
    efforts throughout an information system
  • Application security
  • Information security
  • Network security
  • Disaster recovery / business continuity planning
  • End-user education

6
Aspects of Cyber Security
  • Research Development
  • Security Policy, Compliance Assurance
  • Enabling Legal Framework
  • Security Incidents Early Warning Response
  • Security Training
  • Cooperation at the National Level
  • International Cooperation

7
ICT Cyber Security Scenario in India
8
Interesting Statistics
  • Internet Users in India
  • 150 million
  • 3rd largest Internet population after China US
  • Mobile Phones in India
  • Greater than 950 million
  • Close to 50 million (6 of these mobile
    subscribers) access Internet via mobile handsets
  • Ref http//techcircle.vccircle.com/2013/02/01/201
    3-india-internet-outlook/

9
Interesting Statistics
  • Broadband Internet Users
  • Current 20 Million users
  • Target 600 Million by 2020
  • Over 1 million websites operational under the
    .in domain

10
Critical Information Infrastructure of India
  • 150 Internet and Telecom Service Providers
    offering the Internet, Mobile and Wireless
    connectivity to the large user base

11
Recent Alarming Reports
  • India topped the list for malware source and
    destination !

12
Security Related Statistics
  • India accounted for nearly 15 of the total
    malware email sightings in December12
  • Russia 14
  • Vietnam 5
  • USA
  • Ten times the computers that India has
  • Accounted for only 3.8
  • China
  • 3

13
Transfer of botnet networks to India
  • India emerged as the top generator of harmful
    emails
  • Accounting for 10 of the total spam created in
    December12 the world over
  • In comparison, India has just 2 of the total PCs
    in the world !

14
Cyber Security Incidents Reported to CERT-In
2004 - 2011
15
Broad Categories of Attacks Handled by CERT-in
  • Identity theft-Spoofing, Phishing
  • Malicious Code-Virus, Trojans, Root Kits, Bots
  • Spam Open Proxy Servers
  • Defacement of websites
  • Malware Propagation through compromised websites
  • Network Scanning/Probing
  • DoS attacks
  • Exploitation of H/W and S/W vulnerabilities
  • Social Engineering
  • Spyware and Adware
  • Emerging threats RFID threats, VoIP threats,
    Embedded OS vulnerabilities

16
Challenges in Cyber Security
17
Next Generation of Real Time Control,
Communication and Computation
Communication
Computation
Internet
Added Dimension
Control
Sensors and Actuators
RFID Technology
18
Challenges in Cyber Security
  • Fast and constantly evolving nature of security
    risks
  • Ever evolving standards, technologies, services,
    applications
  • Increasing complexity of systems
  • Cyber Physical Systems (CPS)
  • M2M
  • Power Grids
  • Automotive
  • Aerospace,

19
Mobile Wireless Everywhere Heterogeneous
Systems Distributed Complex Software Multiple
Interfaces Bring Your Own Devices (BYOD) Trend
20
Mobile Wireless Everywhere Heterogeneous
Systems Distributed Complex Software Multiple
Interfaces
SECURITY IS A HUGE CHALLENGE !
21
Why is Security a Challenge?
  • Vulnerabilities
  • Increasing number of sub-systems
  • Increasing number of interfaces
  • Huge Complex code
  • Challenging to realize Symmetric Key Cryptography
    or Asymmetric Key Cryptography in an all
    pervasive/wireless setting
  • M2M
  • VANET

22
Mobile Applications Interfaces
  • Mobile-centric applications and interfaces are
    one of the top strategic technology trends that
    enterprises have begin addressing
  • Personal Cloud

23
Contextual Social Experience
  • Context-aware computing is creating new user
    experiences and shaping their ecosystems
  • Social media is providing key ingredients
    enabling context vendors to support these
    experiences

24
The Advent of Mobile Cloud Computing
25
The Internet of Things (IoT or M2M)
  • Sensors, Appliances and Vehicles are joining the
    Internet
  • Powerful concept
  • You take a device that can be monitored and or
    controlled in the physical world and connect it
    to the 'Net such that it has a virtual
    doppelganger online
  • This not only allows for things in the real world
    to be controlled by computers, it also allows for
    optimization of how, where, and when they are
    used

26
  • The rise of the Internet of Things will be aided
    by the low cost of components
  • Examples
  • Electric Meters
  • Household devices
  • Monitoring Metering Devices

27
Internet of Things
IoT
28
The Growth of Smart Services Smart Cars
on Roads
29
Electronics, Controls Software
30
Electronics, Controls Software in Automotive
Sector
  • Increasing role of Electronics and Software in
    the automotive sector
  • From 15 in 1990s to 37 in the current decade,
    an exponential increase of 146
  • Automotive electronics and control systems
  • Key properties
  • High-integrity
  • Real-time
  • Distributed
  • Hybrid systems
  • High end cars have more than 100 Million lines of
    code !

31
Progressive Auto Insurance
32
Snapshot Usage Based Insurance Program
  • How Snapshot Works?
  • The better we drive, the more we save with
    Snapshot
  • The Snapshot device plugs easily into our car's
    diagnostic port and automatically keeps track of
    our good driving
  • how often do we slam on the brakes?
  • how many miles we drive?
  • how often do we drive between midnight and 4 a.m.?

33
(No Transcript)
34
The OnStar System
Enterprise
Telematics Platform
Backend
OnStar Channel
Cellular Communication
35
OnStar Services
  • Emergency
  • Navigation
  • Diagnostics
  • Security
  • Connections

36
Smart Cars on Roads The Growth of Vehicular
Networks
37
Driverless Car by Google
38
Smart Cars
39
Vehicular Networks Vehicle Safety Scenarios
40
Security Threats in Vehicular Systems
Figure Source http//ivc.epfl.ch/
41
Example Security Attributes for V2X Safety
Applications
  • Message Integrity and Entity Authentication
  • Message has been transmitted by a genuine
    vehicle, and has not been tampered with in
    transit
  • Non-repudiation
  • The receiver of a message is able to prove
    afterwards that the sender in fact did transmit
    this message.
  • Privacy Multiple notions of privacy
  • Anonymity Not possible to determine the identity
    of the vehicle from a message transmitted by the
    vehicle.
  • Unlinkability Not possible to deduce that
    multiple transmissions were from the same
    vehicle.
  • Correctness based on non-cryptographic techniques
  • For detecting compromised/malfunctioning units

Design Objective Satisfy above attributes
without affecting performance of V2X Safety Apps
42
Securing Vehicular Communications
43
SECURITY ENGINEERING
Communications (Non Secure)
Rx
DSRC Radio
WME
V2V Plain msg
Tx
CM
V2V Plain msg
V2V Plain msg
CM
Data Plane
Management Plane
Safety Apps
General Apps
Other Apps
Communications (Secure)
IEEE 1609.2
UDP
WSMLME
Rx
IPLME
WSMP IEEE 1609.3
IP
DSRC Radio
WME
WME
V2V secure msg
Tx
LLC (IEEE 802.2)
LLCME
SCM
MAC (IEEE 1609.4)
MLME
V2V Secure msg
SCM
PHY (IEEE 802.11p)
V2V Plain msg
PLME
WAVE Wireless Access in Vehicular Environments
44
Research Challenges
  • Emergence of Lightweight Protocols
  • Lightweight Broadcast Authentication
  • Lightweight Anonymity and Privacy
  • Need for Performance Modeling and Analysis with
    Security

45
System with Signing and Verification
Application Layer
Application Layer
Security Layer
Security Layer
Crypto Server
Crypto Server
MAC Layer
MAC Layer
Wireless Medium
  • tp Inter-arrival time between periodic
    broadcasts
  • Pc Probability of collision in the wireless
    medium
  • n total number of vehicles in the cell
  • 1/ts service rate of the crypto server

46
Emerging Paradigms in Pervasive/Wireless Systems
47
A New World All Pervasive World !
48
Pervasive Devices for Challenged People
Haptic Belt
Electric Wheel Chair Controlled by Eye Movements
49
Pervasive Healthcare
50
Mobile/Wireless Networks End-to-End Picture
IP Based Backbone
4G/LTE Base Station
GPRS/EDGE
Router
Body Area Networks
Cellular Network (Voice/Data/Video)
Relay Nodes
WLAN Access Point
Sink Node
Multihop Wireless Ad Hoc Network
RFID Reader
Cyber Physical Systems
51
Complex End-to-End Systems
Satellite Networks
Transportation Networks
52
Emerging Services Applications
  • Intelligent Transportation Systems
  • Healthcare
  • Industrial Automation
  • e Governance
  • ...

53
Trends in Cybersecurity
54
Top Security Predictions
  • Bring Your Own Device (BYOD) is here to stay !
  • Mobile Adware (Madware) adds to the intensity
  • Malware mutation and education
  • Monetization of Social Networks introduces new
    dangers

55
Top Security Predictions
  • Enterprise Mobility
  • Mobile Enterprise
  • Ransomware is the new scareware
  • Cyber conflict becomes the norm

56
Security Big Data
  • Need to practice Big Security with Big Data !

57
Mobile Analytics
Understanding the mobile sites, apps and ads and
how they drive business is becoming more
important every day
58
Next Gen Analytics for Security
  • Advanced Analytics
  • Predictive
  • Collaborative
  • Pervasive
  • Organizations that deliver next generation
    advanced analytics will realize significant value
    in terms of innovation, productivity and growth

59
Mobile Crowdsourcing
  • Jobs offered by this service are small bits of
    larger jobs which have been divided into many
    small parts and offered to many people
  • Using crowdsourcing to get the job done

60
Security Predictions
  • As users shift to mobile and cloud, so will the
    attackers
  • Rapid rise of Android Malware !
  • Emergence of new cloud-based services
  • Dropbox

61
Mobile Malware
62
Threat Families and Variants by Platforms
Android Accounted For 79 Of All Mobile Malware
In 2012
Source http//techcrunch.com/2013/03/07/f-secure-
android-accounted-for-79-of-all-mobile-malware-in-
2012-96-in-q4-alone/
63
(No Transcript)
64
Mobile Threats by Type
65
Conclusion Key Recommendations
66
Challenges
  • Major Security Challenges in the ever changing
    Seamless/Pervasive/Mobile/Wireless World !
  • Cyber-Physical Systems will play an increasing
    role in all aspects of our life
  • Increasing deployment of Server farms and Data
    Centres

67
Challenges
  • Dire need for Security Engineering
  • Need to improve our skills in Cyber Security
    round the clock
  • Will give rise to a new generation of Learners
  • Need for strong encryption protocols for any and
    all information stored online
  • Data Anywhere, Anytime would require Security
    Anywhere, Anytime
  • Dynamic policies and solutions would be the Key

68
  • Managing increasingly complex systems will be a
    nightmare
  • Nuclear Plants, Power Grids, CPS,

69
Thank You Wishing you Cybersecure Times Ahead
!
  • rajeevshorey_at_gmail.com

70
Backup Slides
71
RD in Cyber Security
  • Cryptography
  • Cryptanalysis
  • Steganography
  • Network Monitoring
  • Cyber Forensics
  • Capacity development in the area of Cyber Security

72
Select Institutions in India Active in Cyber
Security Research
  • IISc, Bangalore
  • IIT Delhi
  • IIT Kharagpur
  • ISI Kolkata
  • Defence Research Development Organization
    (DRDO)
  • Private Organizations AirTight Networks,

73
CERT-In Statistics
  • Year 2012
  • Over 17,400 incidents have been handled
  • 23,832 websites defacements have been tracked
  • Frequent mock drills with key information
    infrastructure organizations
  • CERT-In and US-CERT have jointly conducted a
    Cyber Security exercise in September 2012

74
The Role of CERT-in
  • Indian Computer Emergency Response Team
  • CERT-In is tracking the cyber security incidents
    in the country
  • Provides proactive advice and timely response for
    mitigation of cyber security incidents

75
Cyber Security Training
  • Training centres have been set up at CBI academy
    in several cities in India
  • 21 Workshops have been conducted on specialized
    Cyber Security topics during 2012
  • Over 740 people have been trained
  • Cyber Appellate Tribunal (CAT)
  • http//catindia.gov.in/Default.aspx

76
http//www.cert-in.org.in/
77
IDSA Task Force Report Institute for Defence
Studies Analysis
78
Key Recommendations
  • Need to place special emphasis on building
    adequate technical capabilities in the following
  • Cryptology
  • Digital signatures
  • Testing for malware in embedded systems
  • Operating systems
  • Fabrication of specialized chips for defence and
    intelligence functions
  • Search engines
  • Artificial intelligence
  • Routers
  • SCADA systems, etc

79
Recommendations
  • Cyber security should be mandatory in CS/ECE
    curriculum and even separate programmes on cyber
    security should be contemplated
  • Emphasis should be placed on developing and
    implementing standards and best practices in
    government functioning as well as in the private
    sector

80
Recommendations
  • The impact of the emergence of new social
    networking media, and convergence of technologies
    on society including business, economy, national
    security should be studied with the help of
    relevant experts
  • Include political scientists, sociologists,
    anthropologists, psychologists, and law
    enforcement experts
  • Need for a strong International Cooperation

81
Recommendations
  • Examine the impact of cloud computing and
    wireless technologies and formulate appropriate
    policies
  • Make it a mandatory requirement for all
    government organizations and private enterprises
    to have a designated Chief Information
    Security Officer (CISO)
  • Responsible for cyber security

82
References
  • http//www.cert-in.org.in/

83
Networks in Space
84
(No Transcript)
85
Challenges
  • Local regulations
  • Data privacy restrictions

86
(No Transcript)
87
The Future is Mobile !
  • 2008
  • Tablets and Mobile PCs 0.04 bn
  • Smartphones 0.2 bn
  • 2017
  • Tablets and Mobile PCs 0.7 bn
  • Smartphones 3.1 bn
  • Mobile Broadband Subscriptions
  • 2008
  • 0.1 bn
  • 2017
  • 5.0 bn

88
Reference Solution Public Key Infrastructure
(PKI)
CA
Message payload (m)
Node
Node
Digital signature on m
Digital certificate
Node
Node
Message Structure
PKI High-level Architecture
  • How PKI enables nodes to talk to one another
  • Asymmetric Key Cryptography A message is signed
    using the Private key of the sender and verified
    using the Public key of the sender.
  • Certificate A message signed by a trusted entity
    called the Certificate Authority (CA) that binds
    a principal and its public key
  • How PKI evicts compromised/malfunctioning nodes
    from system
  • Certificate Revocation List (CRL) A message
    signed by the CA that lists all the revoked
    principals
  • Freshness Certificate A message signed by the CA
    that a certificate is valid as of the time of
    signing (proposed alternative mechanism)
About PowerShow.com