Grand Challenges in Cyber Security
Cynthia Irvine (CS)
We are hurtling toward a cyberspace future incredibly more linked with our physical world than now. Like the oceans, no single nation will own cyberspace – and any nation can use it for good or for ill. The military must be a protector as well as astute user of cyberspace. We will discuss the major cyber security challenges confronting military organizations in their use of cyberspace. We will overview the educational and research capabilities already in place in CISR and the CS Department to help the military in cyberspace. We will illustrate with several synergistic research projects now under way. Read more...
Aligning Security and Usability
Simson Garfinkel, Chris Eagle (CS)
Many of the security problems faced by the Department of Defense have at their root our failure to design systems that are usable. We can make significant progress on computer security by taking into account much of the recent research on aligning usability and security. Read more...
Can Complexity Science Support the Engineering of Network Centric Infrastructures?
David Alderson (OR)
Many cyber-technical visions alluringly point to a world where network-centric technology will provide unprecedented levels of capability and efficiency to support the delivery of goods and services, business processes, global finances, education, health care, defense, and government services. These are systems of awesome complexity. We are much better at designing, mass-producing and deploying network-enabled devices than we are at being able to predict or control their collective behavior once deployed. The result is that when things fail, they often do so cryptically and catastrophically. We will describe the challenges in developing a much more coherent and integrated view of the nature of complex networks. Read more...
Threat Level Orange – How Much Can You Count on Your Wireless Mobile Device?
John McEachen (ECE)
People everywhere have turned their mobile phones into the center of their lives. This trend has been enabled by low cost and high reliability. But what if these devices were suddenly unreliable? This is not a far-fetched question given the vulnerabilities of mobile devices and networks and the increasing appetites of cyber hackers for targets. We will offer an overview of mobile device vulnerabilities. We will discuss fourth generation (4G) mobile technologies, including specific vulnerabilities in identification, geolocation, and denial-of-service defense. We will discuss new vulnerabilities that will result from wide use of Voice-over-Internet-Protocol (VOIP) telephony. Read more...
Software-Defined Radios for Cyberspace Operations
Frank Kragh (ECE)
The wireless portion of cyberspace offers an excellent opportunity to detect, locate, and intercept enemy communications. Software defined radio (SDR) allows us to field multimode receivers that do this. Today’s SDRs can intercept common wireless transmissions, geolocate emitters, and automatically parse overlapping signals. Future SDRs will address new wireless technologies designed to evade detection, geolocation, and interception. Read more...
Cryptographic Attacks and Countermeasures – A Mathematical View
Pante Stanica, David Canright (MA)
Secure cryptography is the heart of many approaches to cyber security. A successful attack on a cryptosystem would compromise many authentication and secrecy methods. We discuss current work in applying mathematical tools to analyze cryptographic attacks and deploy countermeasures. We successfully applied the “cube” attack to the cryptographic component of BlueTooth. We are exploring new techniques for algebraically solving the equations describing the Advanced Encryption Standard. We have found a way to use random masks to protect AES implementations from “side-channel” attacks. Read more...
Ray Buettner (IS)
The preeminent maritime scholar, Alfred Thayer Mahan, identified the essential elements of sea power and argued for a strong US Navy. By analogy, Cyber (C) power – information dominance – relies on a set of essential elements. We will present these elements and use them to compare the relative positions of the US, China, Russian Federation, and Estonia. Read more...
Testbed for Self-Organizing Networking and Collaboration
Alex Bordetsky (IS)
The Tactical Network Topology (TNT) experiments are an integral part of the NPS field-testing capability. The TNT’s multi-layered architecture of information and social networking provides a unique testbed for studying cyber attacks and defense in ad-hoc mobile tactical networks. It is also an incubator for unconventional tactical networking solutions to cyber threats. We will discuss the latest findings of TNT experimentation, including project-based networking, networking-by-touch, and physical layer directional meshes. We believe that these unconventional networking models may lead to new tactical networks that are significantly less vulnerable to cyber attacks. Read more...
Physics Models of Cyberspace
James Luscombe, David Ford (PH)
Channel capacity is one of the most important principles in communication engineering. It defines a limit to how fast bits can be sent on a channel without loss. The limit is imposed by physical properties and dynamics of the channel. The “physicalness” of the channel has important implications for software and hardware security, in both defense and offense. Read more...
Dorothy Denning (DA)
Cyber conflict is a complicated subject. It includes cyberterrorism, electronic jihad, patriotic hacking, and policies for cyberwarfare. Is cyberterrorism a serious threat? Should states be responsible for their patriotic hackers? What rules apply or should apply to cyber warfare? Can we design better authentication systems? Can we make better use of biometrics or social networks, perhaps even moving away from password-based systems? Read more..
Cyberwar Means More Than Cyberpace
John Arquilla (DA)
Some of the most important things influencing cyberwar occur outside the boundary of the digital networks that define cyberspace. In the organizational dimension, hierarchical armed services should be exploring new types of networked units and alternative models of command and leadership. In the doctrine dimension, notions of “overwhelming force” (i.e., the Powell Doctrine) may prove increasingly inefficient against fast-moving adversary networks and needlessly costly in conflicts against old-style foes. These aspects of hearken to the Greek root kybernan, to control, steer or govern — and implicitly recognize that, with new tools, must come new practices. Adding new tools but largely retaining old practices, has been a path to ruin throughout military history. Read more...
|October 29, 2009 Glasgow Hall (GL 109)|
0800 - 1645
|GRAND CHALLENGES IN CYBER SECURITY CYNTHIA IRVINE ALIGNING SECURITY AND USABILITY SIMSON GARFINKEL, CHRIS EAGLE CAN COMPLEXITY SCIENCE SUPPORT THE ENGINEERING OF NETWORK CENTRIC INFRASTRUCTURES? DAVID ALDERSON THREAT LEVEL ORANGE - HOW MUCH CAN YOU COUNT ON YOUR WIRELESS MOBILE DEVICE? JOHN McEACHEN SOFTWARE-DEFINED RADIOS FOR CYBERSPACE OPERATIONS FRANK KRAGH CRYPTOGRAPHIC ATTACKS AND COUNTERMEASURES - A MATHEMATICAL VIEW PANTE STANICA, DAVID CANRIGHT AMERICAN C-POWER RAY BUETTNER TESTBED FOR SELF-ORGANIZING NETWORKING AND COLLABORATION ALEX BORDETSKY PHYSICS MODELS OF CYBERSPACE JAMES LUSCOMBE, DAVID FORD CYBER CONFLICT DOROTHY DENNING CYBERWAR MEANS MORE THAN CYBERSPACE JOHN ARQUILLA|