Future Internet Security utu e te et Secu ty
Michel Riguidel, (Telecom ParisTech, France)
michel.riguidel@telecom‐paristech.fr
ITU‐T Workshop on "N
"New challenges for Telecom Security Standardizations",
h ll
f T l
S
it St d di ti "
Geneva, 9 (afternoon) to 10 Feb. 2009
Bio & Areas of interest
•
Bio
– Telecom ParisTech – Michel Riguidel (Professor, Department Head)
– Michel Riguidel is the Head of the Department of Computer Science and Networks, at Telecom ParisTech (Ecole
tT l
P i T h (E l Nationale
N ti
l Supérieure
S éi
d Télé
des Télécommunications, i ti
www.telecom‐paristech.fr ) in Paris, where he lectures in security and advanced networks.
– His research is oriented towards security of large Information Systems and N
Networks and architecture of communication systems (Grids, Security of the Future k
d hi
f
i i
(G id S
i
f h F
Internet, Trust and Advanced Networks).
– In the IST Integrated Project of FP6, he is Key Researcher of the Secoqc Integrated Project (Development of a Global Network for Secure Communication based on Quantum Cryptography), responsible of the Network Architecture.
– In the FET of the FP6, he was the Security & Dependability Task Group Leader of the Beyond the Horizon Project.
– In Italy, he is scientific member of the international Think tank on In Italy, he is scientific member of the international Think tank on
telecommunications ThinkTel (www.thinktel.org).
– He has several patents in security (firewall, watermarking and protecting CD ROM).
– He published recently two books “La sécurité à l’ère numérique” (édition Hermès
Lavoisier) and “Le téléphone de demain” (édition
Lavoisier) and “Le téléphone
de demain” (édition Le Pommier).
Le Pommier)
•
Areas of Interest
– He contributes to the FP7 European Project : Inco‐trust http://www.inco‐trust.eu
– The future Internet
The future Internet
– The security, dependability, trust and privacy of the future Internet
February 2009
Michel Riguidel, Paris
2
Digital hybrid urbanization :
holistic future Internet
holistic future Internet
No more monochromic, mono‐technology security
Current Internet
WDM‐IPv4‐IPv6‐MPLS
Post‐Beyond 3‐4G
Services
Hooked to several infrastructures
Internet of Things
Galileo‐GPS‐Glasnos
Clock and Position
Clock and Position
February 2009
Michel Riguidel, Paris
3
Plates tectonics : Continental drift
for scientific disciplines
Convergence of disciplines
Tools, Methodology
Security
Dependability
Trust
Divergence of conceptual models
Trust is a binary relationship
Trust is a binary relationship
February 2009
Michel Riguidel, Paris
4
Internet is broken :
how to heal the future fragile communications ?
how to heal the future fragile communications ?
Privacy Security Mobility EfficiencyTrust
IDS
Honey‐pots
Honey
pots
PKI
SSL
Fi
Firewall
ll
IPv4
Digital signature
IPv6
TCP
IETF
3GPP
virus
IPSec
spam
Packet
Web
February 2009
DNS
Anti‐virus
Patches
XML
MPLS
Michel Riguidel, Paris
URL
Router
5
The new landscape in security
New standard bodies
Trans‐continent
Domino effects
Quantum Crypto for
Virtual Organizations
distribution of secrets
Illi it
Illicit computations
t ti
Spontaneous massive attacks
Zetta bytes of data
identification
Physical attacks
y
IP addresses
on individuals
ONS
Overlay, P2P, Grids
XML, Message,
document
DDoS
Asymmetric cryptography
Intrusion, Malware
Illi it
Illicit content
t t
Computer virus
Computer virus
February 2009
Michel Riguidel, Paris
6
Future Internet :
I
Incremental or Disruptive Approach ?
t l Di
ti A
h?
Upgrade Internet++, B3G++
=> Patch & Go
Clean slate
=> rethink & radically design
Hostile context
RFC 934 576.2b
SSL++
T
Tranquil context
il
t t
IPSecV9
Next Generation IDS
Antivirus‐spam
& botnet
February 2009
proprietary
PKI
For security : radical redesign
Authentication with trusted clocks and position
Authentication with trusted clocks and position
Distribution of secrets using Quantum Crypto
Trust instrumentation (at the design level) 7
Michel Riguidel, Paris
Digital world roadmap:
at a crossroads of intangible & invisible entities
at a crossroads of intangible & invisible entities
Further
Expansive Attitude
Expansive Attitude
Science convergence
Nano‐Bio‐Info‐Cogno‐Socio‐Quantum
2020‐2025
Effervescence, chaotic
period
Future Internet
and Future Web
Polymorphic pervasive
Polymorphic, pervasive
2015‐2020
I
Reclusive
Attitude
Digital Convergence
Architectures, protocols, formats
2008‐2010
2008
2010
traceable
intangible
Cyber‐systems
February 2009
Physical & Digital
Physical & Digital
reconciliation
Michel Riguidel, Paris
Invisible
Ecosystems
8
Hidden Web, Deep services :
death of the 7 layer model
death of the 7 layer model
Old Internet :
flat architecture
Future Web :
distributed “aggressive” services
gg
First Drawing of Internet (1962) Michel Riguidel, Paris
February 2009
Example : Skype architecture
9
The Web evolution
•
Old Web : importance of the underlying protocols
Computers connected (Web pages, Web sites)
– 1986 : ancient Web : (Wide
1986 : ancient Web : (Wide Electronic Board)
Electronic Board)
– 1991 : Web (Berners‐Lee)
• Web with text
• 1995 : first success (Java encapsulated)
•
Bandwidth issue (wait wait wait)
Bandwidth issue (wait‐wait‐wait)
• 2000 : high data rate
• Web with Multimedia
Catastrophic event in the protocol world in 2000 : • Web2 (Multiparties, Virtual), “Semantic” Web, … Web Http decreases, P2P protocols raises drastically
•
Future Web : importance of mobility, context and reinvestment of Humans & b i
f
bili
d i
f
&
Reality
Computers (Mobile, Multimedia), networks at large, within physical world
– profound evolution in parallel with Future Internet
f
d
l i i
ll l i h F
I
• Geography : Mobility, Ubiquity
– Reconciliation with nomadicity (vocal Web)
– Search engines with locality, smarter search engines : Post‐Google engines
• History : Memory of the web (Next Generation of the Deep Web, Hidden Web)
Hi t
M
f th
b (N t G
ti
f th D
W b Hidd W b)
– Stochastic XML (see P Senellart PhD Thesis December 2007, Paris)
• Knowledge
•
•
Representation, Visualization
Search engines Social computing Natural language technology
Search engines, Social computing, Natural language technology
– Web of intentional Things
• Things will display their public life cycle, will blog (for maintenance)
February 2009
Michel Riguidel, Paris
10
Virtualization – Incarnation dialectic
• Virtualization of properties
• Network concepts incarnation
– Heterogeneous infrastructures
– Mobility, security …
– Situated services, context
– Neighbors, Topology
Resilience of the Ambient Intelligence : ecology of virtual
ontologies (V2V)
Management of global security, Transparency
A virtual community
Resilience of non functional properties : architecture, mobility, configurability, QoS, …
Logical entities
Resilience of functional objects : centralized trusted infrastructures (PKI, DNS, …)
Responsibility,
bl
Accountability
bl
Physical entities
February 2009
Michel Riguidel, Paris
11
Computational Cryptography
Traditional hierarchical ladder of the current internet
Governmental organizations
Re‐equilibrium of forces within the future internet (attacks, cryptanalysis)
Massive externalized
furtive computer power
running within the
anonymous networks
confidential illicit computations
p
Standalone end‐user
amateur Hacker February 2009
New Crypto with computation
computation, history and geography ?
Alice and Bob are no more alone in this world:
They have witnesses, alibis, trajectories
Michel Riguidel, Paris
12
They leave traces …
Security & Trust
Suspect behaviour
Maximum trust value
Trust
1
0
Number of interactions
1st Threshold
2nd Threshold
Dissociation between both Infrastructures/Instrumentations of Trust & /
Security/Dependability
February 2009
Michel Riguidel, Paris
T t C ti
Trust Continuum
1st
Threshold to modify behavior
Threshold to stop interacting 13
2nd
Regular:
artefacts for individuals & enterprises
for individuals & enterprises
Traditional security to be improved and revisited (architecture & protocols): (
p
)
Classical Cryptography
February 2009
Michel Riguidel, Paris
Engineering Security
14
Dwarf :
tiny program simple artifact scarce resource
tiny program, simple artifact, scarce resource
The digital world is
g
neither fractal
nor scalable …
For tiny objects,
Emergence of
self * models
models
self‐
at the collection level
Stochastic Security
Strong security at the collection level (architecture)
St
it t th
ll ti l l ( hit t )
Cheap weak security at the individual level
February 2009
Michel Riguidel, Paris
(massive & simple algorithms)
15
Huge, Giant :
Complex systems inextricable problems
Complex systems, inextricable problems
Semantic security for
Complexity & human values
February 2009
Michel Riguidel, Paris
Trust
16
Virtual & Real world: Proportional Responsibilities across the whole chain
Proportional Responsibilities across the whole chain
Attacks swing between
virtual and reality, back and forth
avatar
What is biometry (voice, picture)
when digitized ? Just 1 and 0
On the future Internet, the audio video content
On
the future Internet the audio video content
will be quite sensitive and highly valuable
February 2009
Michel Riguidel, Paris
17
Privacies :
Compartmented Multi‐identities
Compartmented Multi
identities
You have multiple roles:
a citizen, an employee,
a consumer, a provider
a parent, a patient,
a victim, a player …
, p y
All these roles have their own privacy
Physical identity(ies) &
C b id i (i )
Cyber identity(ies)
must be considered
separately and as a whole
separately and as a whole
February 2009
Michel Riguidel, Paris
18
Evolution of languages :
complexification of abstract typing
of abstract typing
1955
1958
1965
Flottants, Integers :
Lists :
Independent
Organization of memory
In memory
with strings
Pointers:
Structures
Statics
heterogeneous
1986
1992
Pointers:
Notion of objects
Programs
autonomous
d
dynamic
i
Dennis M. Ritchie
John Backus
Fortran
February 2009
Bjarne Stroustrup
John Mac Carthy
Lisp
C
Michel Riguidel, Paris
C++
Java
19
Evolution of Networks : Post‐IP, Post‐Google
complexification of abstract typing of links
of abstract typing of links
1960‐2000
Traditional Network
Graphs
Of nodes and links
Of nodes and links
Markov, Poisson
February 2009
2000‐2010
2010‐2020
Ubiquitous computing
Plate 2D
Topology (P2P)
Flow of content
Geography
2020‐2030
3D Fluid, Plastic
A 3D space
Programmable,
Porous Media History
dynamic, semantic
d
i
ti
Architecture
programmable
Ecosystem
Michel Riguidel, Paris
20
Intercontinental Thought : new models
beyond an idyllic, pre‐scripted vision of future networks
y
y ,p
p
• Neither unique nor providential solution
– Model, counter‐model, alter‐model
Model counter model alter model
– Arrival of China and India on the IT scene
•
Multipolar Vision
Dictatorship of the single thought In computer science
• change in concerns (demographic, development)
• change in power
– Alter‐models
• the pseudo‐libertarians (“Naives of the Internet”)
• repression pure players (some governments).
All IP v4/v6
All IP v4/v6
• C
Cyberspace & Cyber‐governance (Κυβερ
b
&C b
(Κ β
: rudder)
• Multidisciplinary Vision – Technology free rein?
• descriptive of order
• no control and regulation becomes self‐
reflexive
• normative of order
• governing is defining order
multidisciplinaire
– In technologies, we talk about
• often : what is
• not often : what ought to be or what could be
not often : what ought to be or what could be
February 2009
Michel Riguidel, Paris
21
Research at the international level
• Research, based on progress & human values
– Awareness of
A
f
• what is achievable (technical)
• what is acceptable (civilized ethics, democratic values)
Technology
– Countries: bearers of a variously facetted humanism
Usage
• to be instantiated in the communications or protection tools
Societal factors
• Knowledge, partitioned for choice
– Users’ awareness to grasp the security & Users awareness to grasp the security &
intimacy stakes
Economy
Legislation
• The choices: multiple, ephemeral and adaptable
• Defining the demarcation line: movable
– Users’ behavior to be taken into account
• imagining and anticipating the effects on the behavior of both individuals and groups
February 2009
Michel Riguidel, Paris
22