Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Towards Trustworthy Networks
NIST/USG Efforts and Opportunities for Collaboration
Doug Montgomery ([email protected]) Manager, Internet and Scalable Systems Research
https://www.nist.gov/itl/antd/internet-scalable-systems-research
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Trustworthy Networking
2018-09-21 NIST Trustworthy Networks Program 2
• ISOC 2017 Report on the Future of the Internet • “Perhaps the most pressing danger to the future of the Internet is
the rising scope and breadth of Cyber Threats.” • “Addressing cyber threats should be the priority” • “The scale of cyberattacks is steadily growing, and many anticipate
the likelihood of catastrophic cyberattacks in the future.” • “Inadequate management of cyber threats will put users increasingly
at risk, undermine trust in the Internet and jeopardize its ability to act as a driver for economic and social innovation.”
• Cultivating Trust is not Easy … • Challenges are technical, economic, often dominated by
prevailing business models, complicated by massive installed bases, and fears of governmental interference.
https://future.internetsociety.org/
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Trustworthy Networks Program
2018-09-21 NIST Trustworthy Networks Program 3
• Understanding & Controlling Network Behavior • “[Despite] society’s profound dependence on networks, fundamental
knowledge about them is primitive. Global communication networks have quite advanced technological implementations but their behavior under stress still cannot be predicted reliably.…There is no science today that offers the fundamental knowledge necessary to design large complex networks [so] that their behaviors can be predicted prior to building them.” Network Science, a report from the National Research Council [4].
• The Need for NIST: • Advance Network Metrology – with emphasis on innovating and applying
advanced measurement science to Internet-scale systems. • Foster Trustworthy Network Technology – work with industry to improve
the quality and timeliness of emerging specifications and foster adoption of trustworthy Internet technologies.
• Our efforts focus on Internet Scale problems, solutions and measurement techniques.
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
What are NIST / USG Roles?
2018-09-21 NIST Trustworthy Networks Program 4
Problem Identification
Requirements Analysis
Problem Space Characterization
Deployment Guides Pilots / Testbeds
Define USG R&D Priorities
Threat Modeling
Protocol Design
Protocol Prototypes & Models
Deployment Guidance
Pilot Deployment
& Operational
Analysis
Test and Measurement
Empirical Data and Analysis
Consensus Standards
Practice Guides
Deployment Requirements
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Trustworthy Networking Technical Areas
2018-09-21 NIST Trustworthy Networks Program 5
• Robust Inter-Domain Routing • https://www.nist.gov/programs-projects/robust-inter-domain-routing • BGP, RPKI, Origin Validation, Path Validation, Route Leaks, DDoS Mitigation
• High Assurance Domains • https://www.nist.gov/programs-projects/high-assurance-domains • DNS, DNSSEC, DANE, Anti-phishing / SPAM
• USGv6 Program • https://www.nist.gov/programs-projects/usgv6-program • IPv6, NIST / USGv6 Standards Profile, USGv6 Test Program, Test & Measurement.
• Software Defined and Virtual Networks • https://www.nist.gov/programs-projects/advanced-ddos-mitigation-techniques • SDN Programmable Measurement, vCPEs, Manufactures Usage Description, P4, VNFs
• Measurement Science for Complex Systems • https://www.nist.gov/programs-projects/measurement-science-complex-information-systems • Modeling & data analysis for Internet scale systems, predicting rare failure events
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Opportunities for Collaboration • Provide Input
• Workshops, public comment on draft publications. • Participate in public / private projects
• NCCoE Technology Demonstrations. • Individual Technical Collaborations
• Protocol specification, test and measurement. • Visiting Researchers.
• Domestic and foreign guest research appointments • Funding Opportunities.
• SBIR Grants / Collaborative Projects • Measurement Science and Engineering Grants
2018-09-21 NIST Trustworthy Networks Program 6
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Example Collaborations – RIDR Project
2018-09-21 NIST Trustworthy Networks Program 7
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Questions and Discussion
2018-09-21 NIST Trustworthy Networks Program 8
• For more information: • Trustworthy Networks Program
• https://www.nist.gov/itl/antd/internet-scalable-systems-research • Advanced Network Technologies Division.
• https://www.nist.gov/itl/antd • Information Technology Laboratory
• https://www.nist.gov/itl • @NISTcyber, @usnistgov
• National Cybersecurity Center of Excellence (NCCoE) • https://www.nccoe.nist.gov/
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Example Current Activities • Problem Definition and Requirements Analysis
• Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats
• https://csrc.nist.gov/publications/detail/white-paper/2018/05/30/enhancing-resilience-against-botnets--report-to-the-president/final
• Considerations for Managing IoT Cybersecurity and Privacy Risks Workshop Summary
• https://www.nist.gov/sites/default/files/documents/2018/08/10/considerations_for_managing_iot_cybersecurity_and_privacy_risks_workshop_summary.pdf
2018-09-21 NIST Trustworthy Networks Program 9
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Example Current Activities • Protocol Design and Standardization
• M. Lepinski, K. Sriram (Editors), BGPsec Protocol Specification, Internet Engineering Task Force (IETF), RFC8205, September 2017.
• Sean Turner, Oliver Borchert, BGPsec Algorithms, Key Formats, and Signature Formats, Internet Engineering Task Force (IETF), RFC 8208, September 2017.
• K. Sriram, D. Montgomery, B. Dickson, K. Patel, A. Robachevsky, Methods for Detection and Mitigation of BGP Route Leaks, Internet-Draft, Intended status: Standards Track, March 2018.
• Kotikalapudi Sriram, Doug Montgomery, Danny R. McPherson, Eric Osterwell, Brian Dickson, Problem Definition and Classification of BGP Route Leaks, Internet Engineering Task Force, RFC7908, June 2016.
• Kotikalapudi Sriram, Doug Montgomery, Jeff Haas, Enhanced Feasible-Path Unicast Reverse Path Filtering, IETF Internet Draft (OPSEC Working Group), April 2018.
2018-09-21 NIST Trustworthy Networks Program 10
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Example Current Activities • Prototypes and Test Tools
• Oliver Borchert, Kyehwan Lee, NIST BGP-SRx Software Suite Version 5, NIST Reference Implementation, October 2017.
• Vinay Sriram, Doug Montgomery, Design and analysis of optimization algorithms to minimize cryptographic processing in BGP security protocols, Computer Communications, volume 106, pages 75-85, July 2017.
• M. Adalier, Kotikalapudi Sriram, Oliver Borchert, L. Lee, Doug Montgomery, High Performance BGP Security: Algorithms and Architectures, NANOG 69 - Washington D.C., February 2017.
• O. Borchert, O. Kim, L. Hannachi, D. Montgomery, K. Sriram, NIST RPKI Monitor and Test System, NIST test and measurement tool., March 2017.
2018-09-21 NIST Trustworthy Networks Program 11
Est
ablis
hing
the
Tech
nica
l Bas
is fo
r Tru
stw
orth
y N
etw
orki
ng
Example Current Activities • Deployment Guidance and Practice Guides
• Draft NIST SP 800-189 Secure Interdomain Traffic Exchange: Routing Robustness and DDoS Mitigation.
• Draft to be published October 2018. • Draft NIST Special Publication (SP) 1800-14 Protecting the Integrity of Internet
Routing: Border Gateway Protocol (BGP) Route Origin Validation. • https://www.nccoe.nist.gov/projects/building-blocks/secure-inter-domain-routing
2018-09-21 NIST Trustworthy Networks Program 12