Towards Trustworthy Networks ... Sep 21, 2018 ¢  Trustworthy Networking 2018-09-21 NIST Trustworthy

  • View
    0

  • Download
    0

Embed Size (px)

Text of Towards Trustworthy Networks ... Sep 21, 2018 ¢  Trustworthy Networking 2018-09-21 NIST...

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Towards Trustworthy Networks

    NIST/USG Efforts and Opportunities for Collaboration

    Doug Montgomery (dougm@nist.gov) Manager, Internet and Scalable Systems Research

    https://www.nist.gov/itl/antd/internet-scalable-systems-research

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Trustworthy Networking

    2018-09-21 NIST Trustworthy Networks Program 2

    •  ISOC 2017 Report on the Future of the Internet •  “Perhaps the most pressing danger to the future of the Internet is

    the rising scope and breadth of Cyber Threats.” •  “Addressing cyber threats should be the priority” •  “The scale of cyberattacks is steadily growing, and many anticipate

    the likelihood of catastrophic cyberattacks in the future.” •  “Inadequate management of cyber threats will put users increasingly

    at risk, undermine trust in the Internet and jeopardize its ability to act as a driver for economic and social innovation.”

    • Cultivating Trust is not Easy … •  Challenges are technical, economic, often dominated by

    prevailing business models, complicated by massive installed bases, and fears of governmental interference.

    https://future.internetsociety.org/

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Trustworthy Networks Program

    2018-09-21 NIST Trustworthy Networks Program 3

    •  Understanding & Controlling Network Behavior •  “[Despite] society’s profound dependence on networks, fundamental

    knowledge about them is primitive. Global communication networks have quite advanced technological implementations but their behavior under stress still cannot be predicted reliably.…There is no science today that offers the fundamental knowledge necessary to design large complex networks [so] that their behaviors can be predicted prior to building them.” Network Science, a report from the National Research Council [4].

    •  The Need for NIST: •  Advance Network Metrology – with emphasis on innovating and applying

    advanced measurement science to Internet-scale systems. •  Foster Trustworthy Network Technology – work with industry to improve

    the quality and timeliness of emerging specifications and foster adoption of trustworthy Internet technologies.

    •  Our efforts focus on Internet Scale problems, solutions and measurement techniques.

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    What are NIST / USG Roles?

    2018-09-21 NIST Trustworthy Networks Program 4

    Problem Identification

    Requirements Analysis

    Problem Space Characterization

    Deployment Guides Pilots / Testbeds

    Define USG R&D Priorities

    Threat Modeling

    Protocol Design

    Protocol Prototypes & Models

    Deployment Guidance

    Pilot Deployment

    & Operational

    Analysis

    Test and Measurement

    Empirical Data and Analysis

    Consensus Standards

    Practice Guides

    Deployment Requirements

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Trustworthy Networking Technical Areas

    2018-09-21 NIST Trustworthy Networks Program 5

    • Robust Inter-Domain Routing •  https://www.nist.gov/programs-projects/robust-inter-domain-routing •  BGP, RPKI, Origin Validation, Path Validation, Route Leaks, DDoS Mitigation

    • High Assurance Domains •  https://www.nist.gov/programs-projects/high-assurance-domains •  DNS, DNSSEC, DANE, Anti-phishing / SPAM

    • USGv6 Program •  https://www.nist.gov/programs-projects/usgv6-program •  IPv6, NIST / USGv6 Standards Profile, USGv6 Test Program, Test & Measurement.

    •  Software Defined and Virtual Networks •  https://www.nist.gov/programs-projects/advanced-ddos-mitigation-techniques •  SDN Programmable Measurement, vCPEs, Manufactures Usage Description, P4, VNFs

    • Measurement Science for Complex Systems •  https://www.nist.gov/programs-projects/measurement-science-complex-information-systems •  Modeling & data analysis for Internet scale systems, predicting rare failure events

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Opportunities for Collaboration • Provide Input

    •  Workshops, public comment on draft publications. • Participate in public / private projects

    •  NCCoE Technology Demonstrations. •  Individual Technical Collaborations

    •  Protocol specification, test and measurement. • Visiting Researchers.

    •  Domestic and foreign guest research appointments • Funding Opportunities.

    •  SBIR Grants / Collaborative Projects •  Measurement Science and Engineering Grants

    2018-09-21 NIST Trustworthy Networks Program 6

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Example Collaborations – RIDR Project

    2018-09-21 NIST Trustworthy Networks Program 7

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Questions and Discussion

    2018-09-21 NIST Trustworthy Networks Program 8

    • For more information: •  Trustworthy Networks Program

    •  https://www.nist.gov/itl/antd/internet-scalable-systems-research •  Advanced Network Technologies Division.

    •  https://www.nist.gov/itl/antd •  Information Technology Laboratory

    •  https://www.nist.gov/itl •  @NISTcyber, @usnistgov

    •  National Cybersecurity Center of Excellence (NCCoE) •  https://www.nccoe.nist.gov/

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Example Current Activities • Problem Definition and Requirements Analysis

    •  Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats

    •  https://csrc.nist.gov/publications/detail/white-paper/2018/05/30/enhancing-resilience- against-botnets--report-to-the-president/final

    •  Considerations for Managing IoT Cybersecurity and Privacy Risks Workshop Summary

    •  https://www.nist.gov/sites/default/files/documents/2018/08/10/ considerations_for_managing_iot_cybersecurity_and_privacy_risks_workshop_summary.p df

    2018-09-21 NIST Trustworthy Networks Program 9

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Example Current Activities • Protocol Design and Standardization

    •  M. Lepinski, K. Sriram (Editors), BGPsec Protocol Specification, Internet Engineering Task Force (IETF), RFC8205, September 2017.

    •  Sean Turner, Oliver Borchert, BGPsec Algorithms, Key Formats, and Signature Formats, Internet Engineering Task Force (IETF), RFC 8208, September 2017.

    •  K. Sriram, D. Montgomery, B. Dickson, K. Patel, A. Robachevsky, Methods for Detection and Mitigation of BGP Route Leaks, Internet-Draft, Intended status: Standards Track, March 2018.

    •  Kotikalapudi Sriram, Doug Montgomery, Danny R. McPherson, Eric Osterwell, Brian Dickson, Problem Definition and Classification of BGP Route Leaks, Internet Engineering Task Force, RFC7908, June 2016.

    •  Kotikalapudi Sriram, Doug Montgomery, Jeff Haas, Enhanced Feasible-Path Unicast Reverse Path Filtering, IETF Internet Draft (OPSEC Working Group), April 2018.

    2018-09-21 NIST Trustworthy Networks Program 10

  • E st

    ab lis

    hi ng

    th e

    Te ch

    ni ca

    l B as

    is fo

    r T ru

    st w

    or th

    y N

    et w

    or ki

    ng

    Example Current Activities • Prototypes and Test Tools

    •  Oliver Borchert, Kyehwan Lee, NIST BGP-SRx Software Suite Version 5, NIST Reference Implementation, October 2017.

    •  Vinay Sriram, Doug Montgomery, Design and analysis of optimization algorithms to min