1 / 19

Securing Nomads: The Case For Quarantine, Examination, Decontamination

Securing Nomads: The Case For Quarantine, Examination, Decontamination. Kevin Eustice, Shane Markstrum, V. Ramakrishna , Dr. Peter Reiher, Dr. Leonard Kleinrock, Dr. Gerald Popek Laboratory for Advanced Systems Research UCLA Computer Science

hao
Download Presentation

Securing Nomads: The Case For Quarantine, Examination, Decontamination

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Nomads: The Case For Quarantine, Examination, Decontamination Kevin Eustice, Shane Markstrum, V. Ramakrishna, Dr. Peter Reiher, Dr. Leonard Kleinrock, Dr. Gerald Popek Laboratory for Advanced Systems Research UCLA Computer Science Annual Computer Security Applications Conference 2003

  2. In a Nutshell • Problem summary • Networks do little to monitor or control entry • Exploited or vulnerable nomadic devices freely move around • Other devices may victimize or fall victim to these devices • A proposed model: QED • Quarantine devices upon entrance • Examine devices as required by environment • Decontaminate devices to repair or update Introduction – Challenges – The Paradigm – Conclusion

  3. New Trends In Nomadicity Users: • Frequently change networks, taking their devices with them • Carry misconfigured and vulnerable software with them from locale to locale • Pick up electronic hitchhikers (viruses, malicious agents, other malcode) from other nomads they encounter Introduction – Challenges – The Paradigm – Conclusion

  4. Scenario: nomadic blaster propagation Bob Alice Carol Xavier Local Café

  5. Scenario: nomadic blaster propagation Worker Worker Worker Worker Bob Bob’s Office

  6. Traditional Security Ignores Nomadic Devices • Wireless focus has been on better • Authentication • Encryption • Wired and wireless devices promiscuously enter and leave networks • Little accountability in existing paradigm • Reactive security, not proactive Introduction – Challenges – The Paradigm – Conclusion

  7. Life will only get worse… • Pervasive Computing is coming • Pervasive paradigm implies many more attack vectors and potential attackers • Abundant confidential and important personal information • Some possibilities: • Trojan horses in consumer electronics • PDA-carried viruses • Wireless parasites Introduction –Challenges– The Paradigm – Conclusion

  8. Characteristics of the Environment • Many, many affected users and devices • Heterogeneous OS/application space • Dynamic, often short-lived network membership • Mostly benevolent but non-technical users • Minimal system administration available Where do we go from here? Introduction –Challenges– The Paradigm – Conclusion

  9. QED Quarantine device upon entry into network, and authenticate. Bob Worker Worker Worker Examine device for vulnerabilities or undesirable services. Worker Decontaminate: Work with device to repair vulnerabilities! Bob’s Office

  10. Quarantine Typically, there are two immediate types of desired quarantine: • Isolation from outside world • Many networks partially do this • Often imperfectly • Isolation from peers • Few networks do this • Just as important Introduction – Challenges –The Paradigm– Conclusion

  11. Quarantine Some mechanisms to quarantine devices include: • Routing restrictions at gateway • Voluntary isolation by device • DENY firewall rules on peers • MAC address-based forwarding restrictions in Access Point • Quarantine wireless network outside firewall Introduction – Challenges –The Paradigm– Conclusion

  12. Examination Many possible alternatives: • Software package analysis • Network profiling • Configuration analysis • File checksum examination • Virus scan Introduction – Challenges –The Paradigm– Conclusion

  13. Decontamination Assist device in complying with local policy: • Work with device to fix problems • Update software packages, configurations • Ask device to disable certain services while in this network, etc. Introduction – Challenges –The Paradigm– Conclusion

  14. Work in Progress:QED Prototype Introduction – Challenges –The Paradigm– Conclusion

  15. Scenario: QED Prototype design Client Worker Worker Worker Default drop rules on Worker nodes have already isolated them from the untrusted Client. IPsec tunnel IPsec tunnel IPsec tunnel Authenticated DHCP, w/IPsec key insertion RPM Examination Package Update Security Manager IPsec tunnel UCLA CS

  16. Open Issues • Overhead management • Privacy • Leveraging trust relationships • Heterogeneity Introduction – Challenges –The Paradigm– Conclusion

  17. Big Picture • QED is a component of Panoply, UCLA’s pervasive computing project • We think QED is a step towards more secure pervasive environments Introduction – Challenges – The Paradigm –Conclusion

  18. Conclusions • Existing security mechanisms are insufficient for emerging pervasive computing paradigm • Security needs to be proactive • QED is the first system to address these issues Introduction – Challenges – The Paradigm –Conclusion

  19. References For more info: Contact: qed@lasr.cs.ucla.edu • Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, Venkatraman Ramakrishna, Peter Reiher . “Enabling Secure Ubiquitous Interactions ”. In the proceedings of the 1st International Workshop on Middleware for Pervasive and Ad-Hoc Computing. • Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, Venkatraman Ramakrishna, Peter Reiher . “Wi-Fi Nomads: The Case for Quarantine, Examination and Decontamination ”. To appear in the proceedings of the New Security Paradigms Workshop 2003.

More Related