View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Securing Nomads:The Case For Quarantine,
Examination, Decontamination
Kevin Eustice, Shane Markstrum, V. Ramakrishna,
Dr. Peter Reiher, Dr. Leonard Kleinrock, Dr. Gerald PopekLaboratory for Advanced Systems Research
UCLA Computer Science
Annual Computer Security Applications Conference 2003
In a Nutshell
• Problem summary– Networks do little to monitor or control entry– Exploited or vulnerable nomadic devices freely
move around– Other devices may victimize or fall victim to these
devices
• A proposed model: QED– Quarantine devices upon entrance– Examine devices as required by environment– Decontaminate devices to repair or update
Introduction – Challenges – The Paradigm – Conclusion
New Trends In Nomadicity
Users:• Frequently change networks, taking their devices
with them• Carry misconfigured and vulnerable software with
them from locale to locale• Pick up electronic hitchhikers (viruses, malicious
agents, other malcode) from other nomads they encounter
Introduction – Challenges – The Paradigm – Conclusion
Local Café
Scenario: nomadic blaster
propagation
Bob
Alice
Carol
Xavier
Bob’s Office
Scenario: nomadic blaster
propagation
Worker
Worker
Worker
Worker
Bob
Traditional Security Ignores Nomadic Devices
• Wireless focus has been on better– Authentication– Encryption
• Wired and wireless devices promiscuously enter and leave networks– Little accountability in existing paradigm– Reactive security, not proactive
Introduction – Challenges – The Paradigm – Conclusion
Life will only get worse…
• Pervasive Computing is coming• Pervasive paradigm implies many more
attack vectors and potential attackers• Abundant confidential and important
personal information• Some possibilities:
– Trojan horses in consumer electronics– PDA-carried viruses– Wireless parasites
Introduction – Challenges – The Paradigm – Conclusion
Characteristics of the Environment
• Many, many affected users and devices• Heterogeneous OS/application space• Dynamic, often short-lived network
membership• Mostly benevolent but non-technical users• Minimal system administration available
Where do we go from here?
Introduction – Challenges – The Paradigm – Conclusion
Bob’s Office
QED
Bob
Worker
Worker
Worker
Worker
Quarantine device upon entry into network, and authenticate.
Examine device for vulnerabilities or undesirable services.
Decontaminate: Work with device to repair vulnerabilities!
QuarantineTypically, there are two immediate
types of desired quarantine:
• Isolation from outside world– Many networks partially do this– Often imperfectly
• Isolation from peers– Few networks do this– Just as important
Introduction – Challenges – The Paradigm – Conclusion
Quarantine
Some mechanisms to quarantine devices include:
• Routing restrictions at gateway• Voluntary isolation by device• DENY firewall rules on peers• MAC address-based forwarding restrictions
in Access Point• Quarantine wireless network outside
firewall
Introduction – Challenges – The Paradigm – Conclusion
ExaminationMany possible alternatives:
• Software package analysis• Network profiling• Configuration analysis• File checksum examination• Virus scan
Introduction – Challenges – The Paradigm – Conclusion
DecontaminationAssist device in complying with local
policy:
• Work with device to fix problems• Update software packages, configurations• Ask device to disable certain services
while in this network, etc.
Introduction – Challenges – The Paradigm – Conclusion
UCLA CS
Scenario:
QED Prototype design
Client
Worker
Security Manager
IPsec tunnel
Worker
IPse
c tu
nnel
Worker
Authenticated DHCP,
w/IPsec key insertion
IPsec tunnel
IPsec tunnel
Default drop rules on Worker nodes have
already isolated them from the untrusted Client.
RPM Exam
ination
Package Update
Open Issues
• Overhead management• Privacy• Leveraging trust relationships• Heterogeneity
Introduction – Challenges – The Paradigm – Conclusion
Big Picture
• QED is a component of Panoply, UCLA’s pervasive computing project
• We think QED is a step towards more secure pervasive environments
Introduction – Challenges – The Paradigm – Conclusion
Conclusions
• Existing security mechanisms are insufficient for emerging pervasive computing paradigm
• Security needs to be proactive• QED is the first system to address
these issues
Introduction – Challenges – The Paradigm – Conclusion
References
For more info:
Contact: [email protected]
• Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, Venkatraman Ramakrishna, Peter Reiher . “Enabling Secure Ubiquitous Interactions ”. In the proceedings of the 1st International Workshop on Middleware for Pervasive and Ad-Hoc Computing.
• Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, Venkatraman Ramakrishna, Peter Reiher . “Wi-Fi Nomads: The Case for Quarantine, Examination and Decontamination ”. To appear in the proceedings of the New Security Paradigms Workshop 2003.